Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected FBI Virus/Malware; No SafeMode [Solved]

Started by cramit02 , Oct 26 2012 09:19 AM

  • This topic is locked This topic is locked

#1
cramit02
Posted 26 October 2012 - 09:19 AM

cramit02

    Member

  • Member
  • PipPip
  • 78 posts
Good morning folks, I have a Dell Inspiron 537 with Windows XP SP3 loaded onto it. A friend of mine sent it to me with what he suspected is an FBI Infection, it said that he had downloaded x, y and z and to pay the FBI such an amount and it'd go away, etc. Since it's been with me I haven't seen any popups. I have run MBAM and CCleaner on it while logged in regularly, MBAM caught 3 registry infections (PUM.Disabled.SecurityCenter)and CCleaner picked out about 700mb of junk and 160'ish registry issues. I would have run them in safe mode except that everytime I try to get into safe mode (regular, w/ networking, cmd prompt) I get the BSOD.

While logged in regularly the integrated ethernet card is detected as an unknown device however the driver is not available. I put Hiren's Boot Disk in and it was able to establish an internet connection within seconds after running PENetwork.exe. I've been using a usb stick to transfer files.

When attempting OTL Quick Scan this error occurs:

"Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c"

I have 3 options: Cancel, Try Again, Continue... regardless of what I press it instantly pops back up ~50 times before continuing the scan. Looks like it was scanning various registry keys during the errors.

Thanks for your time and help!

======================================

Attached is the OTL.txt:

OTL logfile created on: 10/26/2012 9:46:28 AM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = D:\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 451.07 Gb Total Space | 437.79 Gb Free Space | 97.05% Space Free | Partition Type: NTFS
Drive D: | 996.16 Mb Total Space | 101.46 Mb Free Space | 10.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 657.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: MIL-EAM-01
Current User Name: eamuser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2012/10/16 12:07:01 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/08 12:46:17 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\butto.exe
PRC - [2012/08/24 06:01:40 | 007,533,992 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/08/24 06:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/24 05:55:10 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/19 09:07:23 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/16 10:05:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012/04/16 08:06:40 | 000,218,160 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
PRC - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/04/02 12:17:40 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/07/06 09:34:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\OTL\OTL.exe
PRC - [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 18:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2005/10/14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2012/09/26 02:04:15 | 000,413,080 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\asoehook.dll
MOD - [2012/07/26 13:26:04 | 002,362,840 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\bushell.dll
MOD - [2012/06/15 21:31:03 | 000,678,352 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccl110u.dll
MOD - [2012/05/21 20:37:12 | 000,085,968 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\efacli.dll
MOD - [2012/02/09 10:43:34 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
MOD - [2011/07/18 19:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/06 09:34:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\OTL\OTL.exe
MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 18:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/08/24 06:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/19 09:07:23 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/07/16 10:05:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012/04/16 08:06:40 | 000,218,160 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)
SRV - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/04/14 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2008/04/13 18:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 18:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2008/04/13 18:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MOBILEDB) SQL Server (MOBILEDB)
SRV - [2005/10/14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTUMWVsp.sys -- (PTUMWVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTUMWNSP.sys -- (PTUMWNSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTUMWNET.sys -- (PTUMWNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTUMWMdm.sys -- (PTUMWMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTUMWFLT.sys -- (PTUMWFLT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTUMWCSP.sys -- (PTUMWCSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTUMWCDF.sys -- (PTUMWCDF)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTUMWBus.sys -- (PTUMWBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\KAPFA.SYS -- (KAPFA)
DRV - [2012/09/13 06:54:18 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121007.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/13 06:54:18 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121007.005\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/31 19:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121005.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/31 17:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/13 06:49:51 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/07/18 12:14:03 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/07/16 10:05:33 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0604000.009\SRTSP.SYS -- (SRTSP)
DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\ccSetx86.sys -- (ccSet_N360)
DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\SYMEFA.SYS -- (SymEFA)
DRV - [2012/05/03 10:43:04 | 000,296,448 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWRmNet_001.sys -- (NWRmNet_001)
DRV - [2012/05/03 10:43:04 | 000,235,520 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_001.sys -- (NWUSBPort2_001)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_001.sys -- (NWUSBPort_001)
DRV - [2012/05/03 10:43:04 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_001.sys -- (NWUSBModem_001)
DRV - [2012/04/02 12:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/04/02 12:17:40 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/03/29 01:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0604000.009\SYMTDI.SYS -- (SYMTDI)
DRV - [2012/03/29 01:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\SYMDS.SYS -- (SymDS)
DRV - [2012/03/29 01:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/29 02:20:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/28 18:49:50 | 000,017,408 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/04/28 18:49:50 | 000,013,824 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/01/20 17:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/12 09:33:58 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/10/30 20:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/09 13:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2008/05/26 20:42:06 | 000,017,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 18:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/23 19:00:44 | 000,025,984 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/07/18 12:16:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/10/26 09:42:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/10/25 14:55:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKCU..\Run: [] C:\Documents and Settings\Administrator\Local Settings\Temp\butto.exe ()
O4 - HKCU..\Run: [Solid State Networks] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1288200836609 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/27 12:01:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/30 14:49:00 | 000,000,000 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2011/06/30 14:49:00 | 000,000,000 | ---- | M] () - D:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 000,000,110 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0debf380-f1a1-11df-b960-0025640536c3}\Shell - "" = AutoRun
O33 - MountPoints2\{0debf380-f1a1-11df-b960-0025640536c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0debf380-f1a1-11df-b960-0025640536c3}\Shell\AutoRun\command - "" = I:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\{0debf382-f1a1-11df-b960-0025640536c3}\Shell - "" = AutoRun
O33 - MountPoints2\{0debf382-f1a1-11df-b960-0025640536c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0debf382-f1a1-11df-b960-0025640536c3}\Shell\AutoRun\command - "" = I:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\{0debf383-f1a1-11df-b960-0025640536c3}\Shell - "" = AutoRun
O33 - MountPoints2\{0debf383-f1a1-11df-b960-0025640536c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0debf383-f1a1-11df-b960-0025640536c3}\Shell\AutoRun\command - "" = I:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\{38781903-da4f-11e0-b987-0025640536c3}\Shell - "" = AutoRun
O33 - MountPoints2\{38781903-da4f-11e0-b987-0025640536c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38781903-da4f-11e0-b987-0025640536c3}\Shell\AutoRun\command - "" = I:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\{51d1be1e-a3e3-11e0-b97a-0025640536c3}\Shell - "" = AutoRun
O33 - MountPoints2\{51d1be1e-a3e3-11e0-b97a-0025640536c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51d1be1e-a3e3-11e0-b97a-0025640536c3}\Shell\AutoRun\command - "" = I:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\{abc3a44b-0c65-11e1-b9a1-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{abc3a44b-0c65-11e1-b9a1-00a0c6000000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abc3a44b-0c65-11e1-b9a1-00a0c6000000}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SISetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2012/10/26 08:10:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/26 08:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/10/25 15:01:09 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8029.sys
[2012/10/25 15:01:09 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2012/10/25 14:54:31 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2012/10/25 14:54:31 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/10/25 14:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Utilities
[2012/10/25 09:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Reflect
[2012/10/25 09:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2012/10/24 17:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012/10/24 17:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/10/24 17:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/24 16:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/10/24 16:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/24 16:59:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/24 16:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/24 16:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/10/08 14:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2012/09/25 14:06:30 | 000,016,064 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/07/31 15:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/07/31 15:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\hpqLog
[2012/07/31 15:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/10/26 09:43:17 | 000,575,644 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2012/10/26 09:43:17 | 000,479,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/26 09:43:17 | 000,085,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/26 09:42:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/26 09:41:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/10/26 09:41:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/26 08:11:13 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2012/10/26 08:11:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2012/10/26 08:10:52 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/10/25 14:55:47 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/22 12:06:27 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Excel.lnk
[2012/10/15 10:04:13 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word.lnk
[2012/10/08 14:41:43 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/03 07:13:55 | 000,009,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604000.009\VT20121002.018
[2012/10/02 08:09:28 | 000,584,879 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604000.009\Cat.DB
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/26 05:52:07 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604000.009\isolate.ini
[2012/09/25 14:06:30 | 000,016,064 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/09/06 07:38:55 | 011,329,177 | ---- | M] () -- C:\Bucks.JPG
[2012/08/16 03:18:16 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/26 08:10:51 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2012/10/26 08:10:49 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2012/09/06 07:38:53 | 011,329,177 | ---- | C] () -- C:\Bucks.JPG
[2012/02/15 07:28:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/20 12:17:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/11/08 15:23:20 | 000,000,161 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2011/11/08 14:52:20 | 000,046,592 | R--- | C] () -- C:\WINDOWS\System32\HPM1210SMs.dll
[2011/11/08 14:52:18 | 000,013,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\HPM1210FAX.sys
[2011/11/08 14:52:13 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\m1210wia.dll
[2011/11/08 14:52:00 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011/11/08 14:39:09 | 000,284,672 | R--- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2010/10/27 13:21:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/27 12:24:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2010/01/28 16:55:34 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini

========== LOP Check ==========

[2011/09/23 10:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro
[2012/07/11 08:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2011/10/25 10:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/10/26 00:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/10/25 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2012/10/08 14:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2012/07/31 15:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite

========== Purity Check ==========


< End of report >

Edited by cramit02, 26 October 2012 - 09:22 AM.

  • 0

Advertisements

#2
gringo_pr
Posted 26 October 2012 - 09:40 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
gringo_pr
Posted 28 October 2012 - 10:36 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#4
cramit02
Posted 29 October 2012 - 07:37 AM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Good morning Gringo, help is still very needed but I was away from the computers this weekened, apologies. I'm running your tests now and will have results as soon as possible...

[Update after scans]

Here are the results of the tests you had me run:

Security Check: Did not open/run.


AdwCleaner Log:
# AdwCleaner v2.005 - Logfile created 10/29/2012 at 08:48:28
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : eamuser - MIL-EAM-01
# Boot Mode : Normal
# Running from : D:\G2G_Fixes\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1797 octets] - [29/10/2012 08:48:28]

########## EOF - C:\AdwCleaner[S1].txt - [1857 octets] ##########






RKreport[1]:
RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : eamuser [Admin rights]
Mode : Scan -- Date : 10/29/2012 08:51:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Solid State Networks (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo\Solid State Networks\kvokl.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\butto.exe) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : Solid State Networks (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo\Solid State Networks\kvokl.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : Solid State Networks (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo\Solid State Networks\kvokl.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : Solid State Networks (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo\Solid State Networks\kvokl.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1645522239-682003330-1801674531-500[...]\Run : Solid State Networks (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo\Solid State Networks\kvokl.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1645522239-682003330-1801674531-500[...]\Run : (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\butto.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : Solid State Networks (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo\Solid State Networks\kvokl.dll",DllRegisterServerW) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8AD33BC0)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8AD33E30)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8AE83318)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8AF9D600)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8AED4C88)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x8AE3EB20)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x8A5928E0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8AE7B0E0)
SSDT[57] : NtDebugActiveProcess @ 0x80643A1C -> HOOKED (Unknown @ 0x8AF9D6E0)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8AF6D318)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8B0317A0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8AE3EC10)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8AD356E8)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8AF8D228)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8B133980)
SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x8AECD4D0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8ADB5080)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8AD73328)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8AD67570)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8AECF310)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8B040468)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8AD343B0)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8AFE8388)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A576490)
SSDT[240] : NtSetSystemInformation @ 0x8060FC04 -> HOOKED (Unknown @ 0x8AE6E558)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8AE7A1D8)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8AF3D5E8)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8AF3D688)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A5744A0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8AF803A0)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AE84258)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AD682E0)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A57E8F0)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AE62258)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AE859A8)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8AF319F0)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8AECD310)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8AD9F1F0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8AEAB250)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AD7A430)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-75V0A0 +++++
--- User ---
[MBR] f3e8f078d0d780575c41489e07e356d1
[BSP] f32edb06d4a25dd49c7d8171eaedb7bf : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Edited by cramit02, 29 October 2012 - 08:10 AM.

  • 0

#5
gringo_pr
Posted 29 October 2012 - 10:35 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#6
cramit02
Posted 30 October 2012 - 10:45 AM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
The computer seems to be running fine however SafeMode is still producing BSOD's and the internet connection is still unusable.



ComboFix Log:

ComboFix 12-10-30.01 - eamuser 10/30/2012 10:59:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2582 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\My Documents\Readiris.DUS
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-30 )))))))))))))))))))))))))))))))
.
.
2012-10-30 15:52 . 2012-10-30 15:52 -------- d-----w- c:\windows\LastGood
2012-10-30 15:03 . 2012-10-23 10:18 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 15:03 . 2012-10-23 10:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 15:03 . 2012-10-23 10:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 15:03 . 2012-10-23 10:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 15:03 . 2012-10-23 10:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 15:03 . 2012-10-23 10:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 15:03 . 2012-10-23 10:18 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 15:03 . 2012-10-23 10:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 15:03 . 2012-10-23 10:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 15:03 . 2012-10-23 10:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 15:03 . 2012-10-30 15:03 -------- d-----w- c:\program files\AVAST Software
2012-10-30 15:03 . 2012-10-30 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-30 14:54 . 2012-10-30 15:52 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-30 14:54 . 2012-10-30 15:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2012-10-30 14:54 . 2012-10-30 14:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-10-30 14:54 . 2012-10-30 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-10-25 14:48 . 2012-10-25 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2012-10-24 22:02 . 2012-10-24 22:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-24 22:02 . 2012-10-24 22:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-24 22:02 . 2012-10-24 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-24 21:59 . 2012-10-24 21:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-24 21:59 . 2012-10-24 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-24 21:59 . 2012-10-24 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-24 21:59 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-24 21:50 . 2012-10-24 21:50 -------- d-----w- c:\program files\Speccy
2012-10-08 19:35 . 2012-10-08 19:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2012-10-02 00:40 . 2012-10-03 12:14 -------- d-----w- c:\windows\system32\drivers\N360\0604000.009
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 19:06 . 2012-09-25 19:06 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-08-28 15:14 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-18 150040]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"KASHMNDSHF73467808252560"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2011-08-24 409600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-04-02 63048]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-16 15:05 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAMNDSHF73467808252560]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/1/2012 7:40 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/1/2012 7:40 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [10/1/2012 3:33 PM 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/1/2012 7:40 PM 132768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10/30/2012 9:54 AM 242240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/1/2012 7:40 PM 149624]
R2 KAMNDSHF73467808252560;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [10/29/2010 1:09 PM 851968]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [5/11/2012 10:40 AM 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/2/2012 12:17 PM 12856]
R2 MSSQL$MOBILEDB;SQL Server (MOBILEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/14/2005 2:51 AM 28768528]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [10/1/2012 7:40 PM 138272]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [10/27/2010 12:22 PM 22016]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [8/24/2012 6:01 AM 2735528]
R2 VZWConfigService;VZW Config Service;c:\program files\Novatel Wireless\LTE Support\VZWMSConfig.exe [4/16/2012 8:06 AM 218160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/13/2012 6:49 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121005.002\IDSXpx86.sys [10/8/2012 7:26 AM 373728]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [10/29/2010 1:09 PM 17920]
S0 cerc6;cerc6; [x]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [11/8/2011 2:52 PM 13824]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [?]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [11/8/2011 2:52 PM 17408]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [5/3/2012 10:43 AM 296448]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [5/3/2012 10:43 AM 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [5/3/2012 10:43 AM 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [5/3/2012 10:43 AM 176384]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys --> c:\windows\system32\DRIVERS\PTUMWBus.sys [?]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys --> c:\windows\system32\DRIVERS\PTUMWCDF.sys [?]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys --> c:\windows\system32\DRIVERS\PTUMWCSP.sys [?]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys --> c:\windows\system32\DRIVERS\PTUMWFLT.sys [?]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys --> c:\windows\system32\DRIVERS\PTUMWMdm.sys [?]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys --> c:\windows\system32\DRIVERS\PTUMWNET.sys [?]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys --> c:\windows\system32\DRIVERS\PTUMWNSP.sys [?]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys --> c:\windows\system32\DRIVERS\PTUMWVsp.sys [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [10/27/2010 12:22 PM 25984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [10/27/2010 12:22 PM 17408]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [11/29/2011 2:20 AM 32408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-30 10:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-30 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-682003330-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,7e,c7,36,e5,09,b5,4e,b8,a5,e4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,24,13,6d,25,4b,be,44,a1,0b,0c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,d2,8a,27,ec,c2,77,4d,8c,2b,04,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-D3B3-T282-7E18-N3DU-U8TZ-SANPJD1"
"Activated"="N"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2012-10-30 11:09:51
ComboFix-quarantined-files.txt 2012-10-30 16:09
.
Pre-Run: 453,072,199,680 bytes free
Post-Run: 452,895,416,320 bytes free
.
- - End Of File - - F4109A123E7480AA0DC164B777A8FD2E
  • 0

#7
gringo_pr
Posted 30 October 2012 - 11:03 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#8
cramit02
Posted 30 October 2012 - 11:43 AM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
TDSSKILLER Log:

12:10:27.0421 2504 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:10:27.0437 2504 ============================================================
12:10:27.0437 2504 Current date / time: 2012/10/30 12:10:27.0437
12:10:27.0437 2504 SystemInfo:
12:10:27.0437 2504
12:10:27.0437 2504 OS Version: 5.1.2600 ServicePack: 3.0
12:10:27.0437 2504 Product type: Workstation
12:10:27.0437 2504 ComputerName: MIL-EAM-01
12:10:27.0437 2504 UserName: eamuser
12:10:27.0437 2504 Windows directory: C:\WINDOWS
12:10:27.0437 2504 System windows directory: C:\WINDOWS
12:10:27.0437 2504 Processor architecture: Intel x86
12:10:27.0437 2504 Number of processors: 2
12:10:27.0437 2504 Page size: 0x1000
12:10:27.0437 2504 Boot type: Normal boot
12:10:27.0437 2504 ============================================================
12:10:29.0109 2504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:10:29.0125 2504 Drive \Device\Harddisk5\DR13 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:10:29.0125 2504 ============================================================
12:10:29.0125 2504 \Device\Harddisk0\DR0:
12:10:29.0125 2504 MBR partitions:
12:10:29.0125 2504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
12:10:29.0125 2504 \Device\Harddisk5\DR13:
12:10:29.0125 2504 MBR partitions:
12:10:29.0125 2504 \Device\Harddisk5\DR13\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1F3101
12:10:29.0125 2504 ============================================================
12:10:29.0156 2504 C: <-> \Device\Harddisk0\DR0\Partition1
12:10:29.0156 2504 ============================================================
12:10:29.0156 2504 Initialize success
12:10:29.0156 2504 ============================================================
12:10:31.0359 2964 ============================================================
12:10:31.0359 2964 Scan started
12:10:31.0359 2964 Mode: Manual;
12:10:31.0359 2964 ============================================================
12:10:32.0187 2964 ================ Scan system memory ========================
12:10:32.0187 2964 System memory - ok
12:10:32.0187 2964 ================ Scan services =============================
12:10:32.0296 2964 Abiosdsk - ok
12:10:32.0296 2964 abp480n5 - ok
12:10:32.0343 2964 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:10:32.0343 2964 ACPI - ok
12:10:32.0375 2964 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:10:32.0375 2964 ACPIEC - ok
12:10:32.0375 2964 adpu160m - ok
12:10:32.0421 2964 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:10:32.0421 2964 aec - ok
12:10:32.0453 2964 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:10:32.0453 2964 AFD - ok
12:10:32.0453 2964 Aha154x - ok
12:10:32.0468 2964 aic78u2 - ok
12:10:32.0468 2964 aic78xx - ok
12:10:32.0500 2964 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:10:32.0500 2964 Alerter - ok
12:10:32.0515 2964 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:10:32.0515 2964 ALG - ok
12:10:32.0515 2964 AliIde - ok
12:10:32.0531 2964 amsint - ok
12:10:32.0531 2964 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:10:32.0531 2964 AppMgmt - ok
12:10:32.0531 2964 asc - ok
12:10:32.0531 2964 asc3350p - ok
12:10:32.0546 2964 asc3550 - ok
12:10:32.0609 2964 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:10:32.0609 2964 aspnet_state - ok
12:10:32.0625 2964 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:10:32.0625 2964 AsyncMac - ok
12:10:32.0625 2964 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:10:32.0625 2964 atapi - ok
12:10:32.0640 2964 Atdisk - ok
12:10:32.0640 2964 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:10:32.0640 2964 Atmarpc - ok
12:10:32.0671 2964 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:10:32.0671 2964 AudioSrv - ok
12:10:32.0703 2964 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:10:32.0703 2964 audstub - ok
12:10:32.0750 2964 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:10:32.0750 2964 Beep - ok
12:10:32.0906 2964 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
12:10:32.0921 2964 BHDrvx86 - ok
12:10:32.0953 2964 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:10:32.0968 2964 BITS - ok
12:10:33.0000 2964 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:10:33.0000 2964 Browser - ok
12:10:33.0015 2964 catchme - ok
12:10:33.0031 2964 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:10:33.0031 2964 cbidf2k - ok
12:10:33.0109 2964 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\0604000.009\ccSetx86.sys
12:10:33.0109 2964 ccSet_N360 - ok
12:10:33.0109 2964 cd20xrnt - ok
12:10:33.0125 2964 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:10:33.0125 2964 Cdaudio - ok
12:10:33.0125 2964 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:10:33.0125 2964 Cdfs - ok
12:10:33.0171 2964 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:10:33.0171 2964 Cdrom - ok
12:10:33.0171 2964 cerc6 - ok
12:10:33.0187 2964 Changer - ok
12:10:33.0203 2964 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:10:33.0203 2964 CiSvc - ok
12:10:33.0203 2964 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:10:33.0203 2964 ClipSrv - ok
12:10:33.0218 2964 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:10:33.0218 2964 clr_optimization_v2.0.50727_32 - ok
12:10:33.0218 2964 CmdIde - ok
12:10:33.0218 2964 COMSysApp - ok
12:10:33.0234 2964 Cpqarray - ok
12:10:33.0250 2964 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:10:33.0250 2964 CryptSvc - ok
12:10:33.0250 2964 dac2w2k - ok
12:10:33.0250 2964 dac960nt - ok
12:10:33.0296 2964 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:10:33.0296 2964 DcomLaunch - ok
12:10:33.0312 2964 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:10:33.0312 2964 Dhcp - ok
12:10:33.0312 2964 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:10:33.0328 2964 Disk - ok
12:10:33.0328 2964 dmadmin - ok
12:10:33.0359 2964 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:10:33.0359 2964 dmboot - ok
12:10:33.0375 2964 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:10:33.0375 2964 dmio - ok
12:10:33.0390 2964 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:10:33.0390 2964 dmload - ok
12:10:33.0390 2964 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:10:33.0390 2964 dmserver - ok
12:10:33.0421 2964 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:10:33.0421 2964 DMusic - ok
12:10:33.0437 2964 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:10:33.0437 2964 Dnscache - ok
12:10:33.0453 2964 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:10:33.0453 2964 Dot3svc - ok
12:10:33.0453 2964 dpti2o - ok
12:10:33.0453 2964 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:10:33.0453 2964 drmkaud - ok
12:10:33.0468 2964 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:10:33.0468 2964 EapHost - ok
12:10:33.0546 2964 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:10:33.0546 2964 eeCtrl - ok
12:10:33.0562 2964 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:10:33.0562 2964 EraserUtilRebootDrv - ok
12:10:33.0562 2964 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:10:33.0578 2964 ERSvc - ok
12:10:33.0593 2964 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:10:33.0609 2964 Eventlog - ok
12:10:33.0625 2964 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:10:33.0625 2964 EventSystem - ok
12:10:33.0656 2964 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:10:33.0656 2964 Fastfat - ok
12:10:33.0703 2964 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:10:33.0703 2964 FastUserSwitchingCompatibility - ok
12:10:33.0703 2964 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:10:33.0703 2964 Fdc - ok
12:10:33.0718 2964 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:10:33.0718 2964 Fips - ok
12:10:33.0718 2964 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:10:33.0734 2964 Flpydisk - ok
12:10:33.0750 2964 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:10:33.0750 2964 FltMgr - ok
12:10:33.0781 2964 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:10:33.0781 2964 FontCache3.0.0.0 - ok
12:10:33.0796 2964 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:10:33.0796 2964 Fs_Rec - ok
12:10:33.0812 2964 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:10:33.0812 2964 Ftdisk - ok
12:10:33.0812 2964 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:10:33.0812 2964 Gpc - ok
12:10:33.0828 2964 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:10:33.0828 2964 HDAudBus - ok
12:10:33.0875 2964 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:10:33.0875 2964 helpsvc - ok
12:10:33.0890 2964 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:10:33.0890 2964 HidServ - ok
12:10:33.0921 2964 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:10:33.0921 2964 hidusb - ok
12:10:34.0000 2964 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:10:34.0000 2964 hkmsvc - ok
12:10:34.0046 2964 [ 7330493E27AF4DC73DE0F3293E8B5514 ] HP1210FAX C:\WINDOWS\system32\Drivers\HPM1210FAX.sys
12:10:34.0046 2964 HP1210FAX - ok
12:10:34.0062 2964 hpn - ok
12:10:34.0125 2964 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:10:34.0125 2964 HTTP - ok
12:10:34.0156 2964 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:10:34.0156 2964 HTTPFilter - ok
12:10:34.0156 2964 i2omgmt - ok
12:10:34.0156 2964 i2omp - ok
12:10:34.0390 2964 [ 66A685B05066683621920BC14A45CFE8 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:10:34.0406 2964 ialm - ok
12:10:34.0468 2964 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:10:34.0468 2964 IDriverT - ok
12:10:34.0515 2964 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:10:34.0515 2964 idsvc - ok
12:10:34.0593 2964 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121005.002\IDSxpx86.sys
12:10:34.0593 2964 IDSxpx86 - ok
12:10:34.0593 2964 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:10:34.0593 2964 Imapi - ok
12:10:34.0640 2964 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:10:34.0640 2964 ImapiService - ok
12:10:34.0656 2964 ini910u - ok
12:10:34.0734 2964 [ 2FEB5BF0312E1CB76CD2CAA875CBAA5D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:10:34.0765 2964 IntcAzAudAddService - ok
12:10:34.0765 2964 IntelIde - ok
12:10:34.0765 2964 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:10:34.0765 2964 intelppm - ok
12:10:34.0796 2964 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:10:34.0796 2964 Ip6Fw - ok
12:10:34.0812 2964 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:10:34.0812 2964 IpFilterDriver - ok
12:10:34.0812 2964 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:10:34.0812 2964 IpInIp - ok
12:10:34.0843 2964 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:10:34.0843 2964 IpNat - ok
12:10:34.0875 2964 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:10:34.0875 2964 IPSec - ok
12:10:34.0906 2964 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:10:34.0906 2964 IRENUM - ok
12:10:34.0937 2964 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:10:34.0937 2964 isapnp - ok
12:10:35.0031 2964 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:10:35.0031 2964 JavaQuickStarterService - ok
12:10:35.0078 2964 [ C7DD03DE3946175BCB66F63058D9C1CB ] KAMNDSHF73467808252560 C:\Program Files\Kaseya\Agent\AgentMon.exe
12:10:35.0093 2964 KAMNDSHF73467808252560 - ok
12:10:35.0109 2964 [ F0C4A6D81D30866AAF8CFA983D9D13D7 ] KAPFA C:\WINDOWS\system32\drivers\KAPFA.SYS
12:10:35.0109 2964 KAPFA - ok
12:10:35.0125 2964 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:10:35.0125 2964 Kbdclass - ok
12:10:35.0156 2964 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:10:35.0156 2964 kbdhid - ok
12:10:35.0171 2964 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:10:35.0171 2964 kmixer - ok
12:10:35.0187 2964 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:10:35.0187 2964 KSecDD - ok
12:10:35.0203 2964 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:10:35.0203 2964 LanmanServer - ok
12:10:35.0234 2964 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:10:35.0234 2964 lanmanworkstation - ok
12:10:35.0234 2964 lbrtfdc - ok
12:10:35.0281 2964 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:10:35.0281 2964 LmHosts - ok
12:10:35.0296 2964 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
12:10:35.0296 2964 LMIGuardianSvc - ok
12:10:35.0328 2964 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
12:10:35.0328 2964 LMIInfo - ok
12:10:35.0328 2964 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
12:10:35.0328 2964 LMIMaint - ok
12:10:35.0343 2964 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:10:35.0343 2964 lmimirr - ok
12:10:35.0359 2964 LMIRfsClientNP - ok
12:10:35.0359 2964 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:10:35.0359 2964 LMIRfsDriver - ok
12:10:35.0390 2964 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
12:10:35.0390 2964 LogMeIn - ok
12:10:35.0421 2964 McComponentHostService - ok
12:10:35.0421 2964 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:10:35.0421 2964 Messenger - ok
12:10:35.0437 2964 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:10:35.0437 2964 mnmdd - ok
12:10:35.0453 2964 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:10:35.0453 2964 mnmsrvc - ok
12:10:35.0484 2964 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:10:35.0484 2964 Modem - ok
12:10:35.0484 2964 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:10:35.0484 2964 Mouclass - ok
12:10:35.0500 2964 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:10:35.0500 2964 mouhid - ok
12:10:35.0500 2964 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:10:35.0500 2964 MountMgr - ok
12:10:35.0500 2964 mraid35x - ok
12:10:35.0500 2964 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:10:35.0515 2964 MRxDAV - ok
12:10:35.0531 2964 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:10:35.0531 2964 MRxSmb - ok
12:10:35.0578 2964 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:10:35.0578 2964 MSDTC - ok
12:10:35.0578 2964 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:10:35.0578 2964 Msfs - ok
12:10:35.0578 2964 MSIServer - ok
12:10:35.0609 2964 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:10:35.0609 2964 MSKSSRV - ok
12:10:35.0625 2964 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:10:35.0625 2964 MSPCLOCK - ok
12:10:35.0640 2964 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:10:35.0640 2964 MSPQM - ok
12:10:35.0671 2964 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:10:35.0671 2964 mssmbios - ok
12:10:35.0687 2964 MSSQL$MOBILEDB - ok
12:10:35.0703 2964 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:10:35.0703 2964 MSSQLServerADHelper - ok
12:10:35.0718 2964 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:10:35.0718 2964 Mup - ok
12:10:35.0734 2964 [ DA52265242677E1C03B2560A03172612 ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
12:10:35.0734 2964 mvusbews - ok
12:10:35.0812 2964 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
12:10:35.0812 2964 N360 - ok
12:10:35.0859 2964 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:10:35.0859 2964 napagent - ok
12:10:36.0078 2964 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121007.005\NAVENG.SYS
12:10:36.0078 2964 NAVENG - ok
12:10:36.0281 2964 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121007.005\NAVEX15.SYS
12:10:36.0281 2964 NAVEX15 - ok
12:10:36.0296 2964 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:10:36.0296 2964 NDIS - ok
12:10:36.0312 2964 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:10:36.0312 2964 NdisTapi - ok
12:10:36.0343 2964 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:10:36.0343 2964 Ndisuio - ok
12:10:36.0343 2964 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:10:36.0343 2964 NdisWan - ok
12:10:36.0359 2964 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:10:36.0359 2964 NDProxy - ok
12:10:36.0375 2964 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:10:36.0375 2964 NetBIOS - ok
12:10:36.0390 2964 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:10:36.0390 2964 NetBT - ok
12:10:36.0421 2964 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:10:36.0421 2964 NetDDE - ok
12:10:36.0421 2964 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:10:36.0421 2964 NetDDEdsdm - ok
12:10:36.0437 2964 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:10:36.0453 2964 Netlogon - ok
12:10:36.0453 2964 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:10:36.0453 2964 Netman - ok
12:10:36.0484 2964 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:10:36.0484 2964 NetTcpPortSharing - ok
12:10:36.0515 2964 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:10:36.0515 2964 Nla - ok
12:10:36.0515 2964 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:10:36.0515 2964 Npfs - ok
12:10:36.0562 2964 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:10:36.0562 2964 Ntfs - ok
12:10:36.0562 2964 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:10:36.0562 2964 NtLmSsp - ok
12:10:36.0593 2964 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:10:36.0593 2964 NtmsSvc - ok
12:10:36.0609 2964 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:10:36.0609 2964 NuidFltr - ok
12:10:36.0625 2964 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:10:36.0625 2964 Null - ok
12:10:36.0656 2964 [ C87B011485670E5C10DF8D9064C7A14F ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
12:10:36.0656 2964 NWADI - ok
12:10:36.0671 2964 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:10:36.0671 2964 NwlnkFlt - ok
12:10:36.0687 2964 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:10:36.0687 2964 NwlnkFwd - ok
12:10:36.0703 2964 [ F20BC1F07E09CFF88499A6FE322477C9 ] NWRmNet_001 C:\WINDOWS\system32\DRIVERS\NWRmNet_001.sys
12:10:36.0703 2964 NWRmNet_001 - ok
12:10:36.0718 2964 [ A880714FA83F46E3A564F50B2A4F2BD8 ] NWUSBModem_001 C:\WINDOWS\system32\DRIVERS\nwusbmdm_001.sys
12:10:36.0718 2964 NWUSBModem_001 - ok
12:10:36.0718 2964 [ A880714FA83F46E3A564F50B2A4F2BD8 ] NWUSBPort2_001 C:\WINDOWS\system32\DRIVERS\nwusbser2_001.sys
12:10:36.0718 2964 NWUSBPort2_001 - ok
12:10:36.0718 2964 [ A880714FA83F46E3A564F50B2A4F2BD8 ] NWUSBPort_001 C:\WINDOWS\system32\DRIVERS\nwusbser_001.sys
12:10:36.0718 2964 NWUSBPort_001 - ok
12:10:36.0734 2964 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:10:36.0734 2964 Parport - ok
12:10:36.0750 2964 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:10:36.0750 2964 PartMgr - ok
12:10:36.0765 2964 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:10:36.0781 2964 ParVdm - ok
12:10:36.0781 2964 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:10:36.0781 2964 PCI - ok
12:10:36.0781 2964 PCIDump - ok
12:10:36.0781 2964 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:10:36.0781 2964 PCIIde - ok
12:10:36.0796 2964 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:10:36.0796 2964 Pcmcia - ok
12:10:36.0796 2964 PDCOMP - ok
12:10:36.0812 2964 PDFRAME - ok
12:10:36.0812 2964 PDRELI - ok
12:10:36.0812 2964 PDRFRAME - ok
12:10:36.0812 2964 perc2 - ok
12:10:36.0828 2964 perc2hib - ok
12:10:36.0843 2964 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:10:36.0859 2964 PlugPlay - ok
12:10:36.0859 2964 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:10:36.0859 2964 PolicyAgent - ok
12:10:36.0875 2964 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:10:36.0875 2964 PptpMiniport - ok
12:10:36.0875 2964 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:10:36.0875 2964 ProtectedStorage - ok
12:10:36.0875 2964 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:10:36.0875 2964 PSched - ok
12:10:36.0875 2964 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:10:36.0875 2964 Ptilink - ok
12:10:36.0890 2964 PTUMWBus - ok
12:10:36.0890 2964 PTUMWCDF - ok
12:10:36.0890 2964 PTUMWCSP - ok
12:10:36.0890 2964 PTUMWFLT - ok
12:10:36.0906 2964 PTUMWMdm - ok
12:10:36.0906 2964 PTUMWNET - ok
12:10:36.0906 2964 PTUMWNSP - ok
12:10:36.0906 2964 PTUMWVsp - ok
12:10:36.0921 2964 ql1080 - ok
12:10:36.0921 2964 Ql10wnt - ok
12:10:36.0921 2964 ql12160 - ok
12:10:36.0921 2964 ql1240 - ok
12:10:36.0921 2964 ql1280 - ok
12:10:36.0953 2964 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:10:36.0953 2964 RasAcd - ok
12:10:36.0968 2964 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:10:36.0968 2964 RasAuto - ok
12:10:37.0000 2964 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:10:37.0000 2964 Rasl2tp - ok
12:10:37.0015 2964 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:10:37.0015 2964 RasMan - ok
12:10:37.0015 2964 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:10:37.0015 2964 RasPppoe - ok
12:10:37.0031 2964 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:10:37.0031 2964 Raspti - ok
12:10:37.0031 2964 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:10:37.0031 2964 Rdbss - ok
12:10:37.0031 2964 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:10:37.0031 2964 RDPCDD - ok
12:10:37.0062 2964 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:10:37.0062 2964 rdpdr - ok
12:10:37.0078 2964 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:10:37.0078 2964 RDPWD - ok
12:10:37.0093 2964 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:10:37.0093 2964 RDSessMgr - ok
12:10:37.0125 2964 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:10:37.0125 2964 redbook - ok
12:10:37.0156 2964 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:10:37.0156 2964 RemoteAccess - ok
12:10:37.0187 2964 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:10:37.0187 2964 RemoteRegistry - ok
12:10:37.0218 2964 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:10:37.0218 2964 RpcLocator - ok
12:10:37.0234 2964 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:10:37.0250 2964 RpcSs - ok
12:10:37.0265 2964 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:10:37.0281 2964 RSVP - ok
12:10:37.0296 2964 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:10:37.0296 2964 RTLE8023xp - ok
12:10:37.0296 2964 [ FEF0EC417B4FC12810E2413608F485E2 ] RTLTEAMING C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
12:10:37.0312 2964 RTLTEAMING - ok
12:10:37.0312 2964 [ 3F4274D54052158AEAB974A523C768EA ] RTLVLAN C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
12:10:37.0312 2964 RTLVLAN - ok
12:10:37.0343 2964 [ 5FFD2AAF467B80FAB34929AFB7702060 ] RtNdPt5x C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
12:10:37.0343 2964 RtNdPt5x - ok
12:10:37.0343 2964 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:10:37.0343 2964 SamSs - ok
12:10:37.0437 2964 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:10:37.0437 2964 SASDIFSV - ok
12:10:37.0437 2964 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:10:37.0453 2964 SASKUTIL - ok
12:10:37.0468 2964 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:10:37.0468 2964 SCardSvr - ok
12:10:37.0484 2964 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:10:37.0484 2964 Schedule - ok
12:10:37.0515 2964 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:10:37.0515 2964 Secdrv - ok
12:10:37.0531 2964 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:10:37.0531 2964 seclogon - ok
12:10:37.0531 2964 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:10:37.0531 2964 SENS - ok
12:10:37.0546 2964 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:10:37.0546 2964 Serial - ok
12:10:37.0562 2964 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:10:37.0562 2964 Sfloppy - ok
12:10:37.0578 2964 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:10:37.0593 2964 SharedAccess - ok
12:10:37.0593 2964 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:10:37.0593 2964 ShellHWDetection - ok
12:10:37.0593 2964 Simbad - ok
12:10:37.0687 2964 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
12:10:37.0687 2964 SMSIVZAM5 - ok
12:10:37.0687 2964 Sparrow - ok
12:10:37.0703 2964 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:10:37.0703 2964 splitter - ok
12:10:37.0718 2964 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:10:37.0718 2964 Spooler - ok
12:10:37.0750 2964 [ 3612108D36EA74F6F9FC5005E88E353B ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:10:37.0750 2964 SQLBrowser - ok
12:10:37.0781 2964 [ D37B8CE340B71D9E0AB2440ADDB2FDBF ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:10:37.0781 2964 SQLWriter - ok
12:10:37.0796 2964 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:10:37.0796 2964 sr - ok
12:10:37.0812 2964 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:10:37.0812 2964 srservice - ok
12:10:37.0875 2964 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\N360\0604000.009\SRTSP.SYS
12:10:37.0875 2964 SRTSP - ok
12:10:37.0890 2964 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\N360\0604000.009\SRTSPX.SYS
12:10:37.0890 2964 SRTSPX - ok
12:10:37.0906 2964 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:10:37.0906 2964 Srv - ok
12:10:37.0937 2964 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:10:37.0937 2964 SSDPSRV - ok
12:10:37.0953 2964 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:10:37.0953 2964 stisvc - ok
12:10:37.0968 2964 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:10:37.0968 2964 swenum - ok
12:10:37.0968 2964 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:10:37.0968 2964 swmidi - ok
12:10:37.0984 2964 SwPrv - ok
12:10:37.0984 2964 symc810 - ok
12:10:37.0984 2964 symc8xx - ok
12:10:38.0015 2964 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\N360\0604000.009\SYMDS.SYS
12:10:38.0015 2964 SymDS - ok
12:10:38.0046 2964 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\N360\0604000.009\SYMEFA.SYS
12:10:38.0062 2964 SymEFA - ok
12:10:38.0093 2964 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:10:38.0093 2964 SymEvent - ok
12:10:38.0156 2964 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\N360\0604000.009\Ironx86.SYS
12:10:38.0156 2964 SymIRON - ok
12:10:38.0156 2964 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0604000.009\SYMTDI.SYS
12:10:38.0171 2964 SYMTDI - ok
12:10:38.0171 2964 sym_hi - ok
12:10:38.0171 2964 sym_u3 - ok
12:10:38.0171 2964 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:10:38.0171 2964 sysaudio - ok
12:10:38.0203 2964 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:10:38.0203 2964 SysmonLog - ok
12:10:38.0203 2964 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:10:38.0203 2964 TapiSrv - ok
12:10:38.0250 2964 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:10:38.0250 2964 Tcpip - ok
12:10:38.0281 2964 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:10:38.0281 2964 TDPIPE - ok
12:10:38.0281 2964 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:10:38.0296 2964 TDTCP - ok
12:10:38.0390 2964 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:10:38.0406 2964 TeamViewer7 - ok
12:10:38.0406 2964 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:10:38.0406 2964 TermDD - ok
12:10:38.0453 2964 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:10:38.0453 2964 TermService - ok
12:10:38.0468 2964 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:10:38.0468 2964 Themes - ok
12:10:38.0500 2964 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:10:38.0500 2964 TlntSvr - ok
12:10:38.0500 2964 TosIde - ok
12:10:38.0515 2964 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:10:38.0531 2964 TrkWks - ok
12:10:38.0546 2964 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:10:38.0546 2964 Udfs - ok
12:10:38.0562 2964 ultra - ok
12:10:38.0562 2964 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:10:38.0562 2964 Update - ok
12:10:38.0578 2964 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:10:38.0578 2964 upnphost - ok
12:10:38.0593 2964 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:10:38.0593 2964 UPS - ok
12:10:38.0609 2964 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:10:38.0609 2964 usbccgp - ok
12:10:38.0656 2964 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:10:38.0656 2964 usbehci - ok
12:10:38.0687 2964 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:10:38.0687 2964 usbhub - ok
12:10:38.0703 2964 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:10:38.0703 2964 usbprint - ok
12:10:38.0718 2964 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:10:38.0718 2964 usbscan - ok
12:10:38.0734 2964 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:10:38.0734 2964 usbstor - ok
12:10:38.0781 2964 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:10:38.0781 2964 usbuhci - ok
12:10:38.0781 2964 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:10:38.0781 2964 VgaSave - ok
12:10:38.0796 2964 ViaIde - ok
12:10:38.0828 2964 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:10:38.0828 2964 VolSnap - ok
12:10:38.0843 2964 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:10:38.0843 2964 VSS - ok
12:10:38.0875 2964 [ 376C58324663CA0682AAB6C06E5DF689 ] VZWConfigService C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
12:10:38.0875 2964 VZWConfigService - ok
12:10:38.0906 2964 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:10:38.0906 2964 W32Time - ok
12:10:38.0921 2964 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:10:38.0921 2964 Wanarp - ok
12:10:38.0953 2964 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:10:38.0953 2964 Wdf01000 - ok
12:10:38.0953 2964 WDICA - ok
12:10:39.0000 2964 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:10:39.0000 2964 wdmaud - ok
12:10:39.0000 2964 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:10:39.0000 2964 WebClient - ok
12:10:39.0093 2964 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:10:39.0093 2964 winmgmt - ok
12:10:39.0140 2964 [ 9AA00D6092C46E59376153A3A4104D18 ] WinVNC4 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
12:10:39.0140 2964 WinVNC4 - ok
12:10:39.0171 2964 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:10:39.0171 2964 WmdmPmSN - ok
12:10:39.0203 2964 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:10:39.0203 2964 Wmi - ok
12:10:39.0234 2964 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:10:39.0234 2964 WmiApSrv - ok
12:10:39.0250 2964 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:10:39.0250 2964 WS2IFSL - ok
12:10:39.0281 2964 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:10:39.0281 2964 wscsvc - ok
12:10:39.0296 2964 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:10:39.0296 2964 wuauserv - ok
12:10:39.0328 2964 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:10:39.0343 2964 WZCSVC - ok
12:10:39.0359 2964 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:10:39.0359 2964 xmlprov - ok
12:10:39.0359 2964 ================ Scan global ===============================
12:10:39.0390 2964 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:10:39.0421 2964 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:10:39.0421 2964 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:10:39.0437 2964 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:10:39.0437 2964 [Global] - ok
12:10:39.0437 2964 ================ Scan MBR ==================================
12:10:39.0453 2964 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:10:39.0656 2964 \Device\Harddisk0\DR0 - ok
12:10:39.0656 2964 [ 08B26729634452D0C2889C002B1BB97C ] \Device\Harddisk5\DR13
12:10:45.0500 2964 \Device\Harddisk5\DR13 - ok
12:10:45.0500 2964 ================ Scan VBR ==================================
12:10:45.0515 2964 [ 64A5191A154DB3EE9570FB510FF3851B ] \Device\Harddisk0\DR0\Partition1
12:10:45.0515 2964 \Device\Harddisk0\DR0\Partition1 - ok
12:10:45.0515 2964 [ 2B3723CCC79FA7A3A99F00ED4F02F62F ] \Device\Harddisk5\DR13\Partition1
12:10:45.0515 2964 \Device\Harddisk5\DR13\Partition1 - ok
12:10:45.0515 2964 ============================================================
12:10:45.0515 2964 Scan finished
12:10:45.0515 2964 ============================================================
12:10:45.0531 0968 Detected object count: 0
12:10:45.0531 0968 Actual detected object count: 0



aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-30 12:13:09
-----------------------------
12:13:09.156 OS Version: Windows 5.1.2600 Service Pack 3
12:13:09.156 Number of processors: 2 586 0x170A
12:13:09.156 ComputerName: MIL-EAM-01 UserName: eamuser
12:13:11.000 Initialize success
12:13:11.546 AVAST engine defs: 12102301
12:21:30.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:21:30.000 Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
12:21:30.031 Disk 0 MBR read successfully
12:21:30.031 Disk 0 MBR scan
12:21:30.312 Disk 0 Windows XP default MBR code
12:21:30.312 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:21:30.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
12:21:30.468 Disk 0 scanning sectors +976771120
12:21:30.562 Disk 0 scanning C:\WINDOWS\system32\drivers
12:21:38.687 Service scanning
12:21:49.078 Modules scanning
12:21:51.796 Disk 0 trace - called modules:
12:21:51.812 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:21:52.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b207ab8]
12:21:52.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8b1ad9e8]
12:21:52.328 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b1add98]
12:21:53.093 AVAST engine scan C:\WINDOWS
12:21:56.718 AVAST engine scan C:\WINDOWS\system32
12:23:11.609 AVAST engine scan C:\WINDOWS\system32\drivers
12:23:28.109 AVAST engine scan C:\Documents and Settings\Administrator
12:23:52.437 File: C:\Documents and Settings\Administrator\Desktop\Utilities\RK_Quarantine\78de36c424f35315000078ddbdec5907.exe.vir **INFECTED** Win32:FakeAV-EAB [Trj]
12:23:58.078 File: C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo\Solid State Networks\kvokl.dll **INFECTED** Win32:BHO-AGO [Trj]
12:24:12.296 AVAST engine scan C:\Documents and Settings\All Users
12:24:39.468 Scan finished successfully
12:27:07.890 Disk 0 MBR has been saved successfully to "H:\G2G_Fixes\MBR.dat"
12:27:07.953 The log file has been saved successfully to "H:\G2G_Fixes\aswMBR.txt"
  • 0

#9
gringo_pr
Posted 30 October 2012 - 12:11 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
SafeBoot Key Repair

Please download SafeBootKeyRepair Save it to your desktop.
  • Double click on SafeBootKeyRepair.exe to run it.
    A window will open showing only "Please wait... The process may take a few minutes, so let it run.
  • When finished, Notepad will open with a report, saved at C:\SafeBoot_Repair.txt
  • Please copy and paste the contents of the SafeBoot_Repair.txt file in your next reply.
Please try to boot to Safe Mode now... let me know if you still have problems.
  • 0

#10
cramit02
Posted 30 October 2012 - 12:39 PM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thanks for all of your help so far, it's very much appreciated.

SafeMode has been restored, it seemed like it wanted to choke on MUP.sys (same place it always choked before BSOD) but the CD-Rom spun up and SafeMode progressed. The computer is currently idling in Safe Mode w Networking. Internet remains inoperable; when I look into the Hardware Manager the Ethernet Controller is still an unknown device.

Next Steps to take?



Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\KAMNDSHF73467808252560]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\KAMNDSHF73467808252560]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KAMNDSHF73467808252560
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Wdf01000.sys
  • 0

Advertisements

#11
gringo_pr
Posted 30 October 2012 - 01:45 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
"Complete Internet Repair"


  • Download "Complete Internet Repair" and choose run
  • when asked to extract - extract to the desktop
  • open the "Complete Internet Repair" folder
  • double click on "CIntRep.exe"
  • OK any security responces
  • put a Checkmark in all boxes
  • Click on the "GO" button
  • restart the computer

  • 0

#12
cramit02
Posted 30 October 2012 - 03:32 PM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Alright, I ran Complete Internet Repair and the computer restarted itself. No change in internet connectivity, device still showing as unknown.

Ideas?
  • 0

#13
gringo_pr
Posted 30 October 2012 - 04:38 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image

On the start repairs tab select advanced mode and click start
Posted Image

Select the items below (remove the ticks from the rest ) and tick restart system when finished
Reset Registry permisions
reset File permisions
repair WMI
repair windows firewall
repair internet explorer
remove policies set by infection
repair winsock & DNS cache
remove temp files
repair proxy settings
repair windows update
  • 0

#14
cramit02
Posted 31 October 2012 - 08:46 AM

cramit02

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I had a few issues in Step 3, System File Check. I put my WinXP SP3 disc in and it still couldn't find/access some of the required DLLs. Other than that the repairs ran smoothly, still no internet connection, Ethernet Controller still shows as an unknown device in device manager. Is there a log from Windows Repair that I can attach for you?
  • 0

#15
gringo_pr
Posted 31 October 2012 - 08:54 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP