Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

win32:sirefef-sm[trj] & win32:rootkit-gen[rtk] [Closed]

Started by portboy123 , May 08 2012 09:16 AM

  • This topic is locked This topic is locked
134 replies to this topic

#76 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 04:22 PM

hi jeff here is the new log , i did get the warning message again. ComboFix 12-05-14.03 - Frank 05/14/2012 17:40:11.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.278 [GMT -4:00]
Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Frank\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\system32\dllcache\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CTSFM2K
-------\Legacy_DB2
-------\Legacy_INT15.SYS
-------\Legacy_K750MDFL
-------\Legacy_PCTAVSVC
-------\Legacy_QSERVER
-------\Legacy_WMHIDLO
-------\Service_ctsfm2k
-------\Service_db2
-------\Service_int15.sys
-------\Service_k750mdfl
-------\Service_pctavsvc
-------\Service_qserver
-------\Service_WmHidLo
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 21:56 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-05-09 00:42 . 2012-05-09 00:42 -------- d-----w- c:\program files\ERUNT
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\Frank\Application Data\SpeedMaxPc
2012-05-08 02:06 . 2012-05-08 02:06 -------- d-----w- c:\documents and settings\Frank\Application Data\DriverCure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-04-09 00:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 15:17 . 2011-05-16 16:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15 . 2011-01-08 17:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-01-08 17:30 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-16 04:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-01-08 17:30 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-01-08 17:30 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-01-08 17:30 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-01-08 17:30 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-01-08 17:30 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-01-08 17:30 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-01-08 17:30 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-09-05 20:27 203776 --sha-w- c:\windows\system32\unrar.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-12_03.20.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-14 22:00 . 2012-05-14 22:00 16384 c:\windows\temp\usgthrsvc\Perflib_Perfdata_7d4.dat
+ 2012-05-12 13:22 . 2012-05-12 13:22 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-05-12 01:53 . 2012-05-12 01:53 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-05-12 13:24 . 2012-05-12 13:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-14 21:59 . 2009-10-07 06:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\219a5bc.msp
+ 2012-05-14 10:49 . 2012-05-14 10:49 180224 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000002\UsrClass.dat
+ 2012-05-14 10:49 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-14-2012\ERDNT.EXE
+ 2012-05-13 14:16 . 2012-05-13 14:16 180224 c:\windows\ERDNT\AutoBackup\5-13-2012\Users\00000002\UsrClass.dat
+ 2012-05-13 14:16 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-13-2012\ERDNT.EXE
+ 2012-05-12 13:30 . 2012-05-12 13:30 180224 c:\windows\ERDNT\AutoBackup\5-12-2012\Users\00000002\UsrClass.dat
+ 2012-05-12 13:30 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-12-2012\ERDNT.EXE
+ 2012-05-12 13:23 . 2012-05-12 13:23 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
- 2009-04-15 13:48 . 2009-04-15 13:48 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-12 13:17 . 2012-05-12 13:17 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-11 19:57 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\219a5cb.msp
+ 2011-08-17 13:49 . 2011-08-17 13:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2012-05-14 10:49 . 2012-05-14 10:49 8355840 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000001\ntuser.dat
+ 2012-05-13 14:16 . 2012-05-13 14:16 8318976 c:\windows\ERDNT\AutoBackup\5-13-2012\Users\00000001\ntuser.dat
+ 2012-05-12 13:30 . 2012-05-12 13:30 8318976 c:\windows\ERDNT\AutoBackup\5-12-2012\Users\00000001\ntuser.dat
+ 2007-08-29 17:57 . 2012-05-12 13:12 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\219a5c3.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
c:\documents and settings\Frank\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cleanMFT32 -c C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ----a-w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 09:00 131072 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper]
2005-09-11 17:24 258048 ----a-w- c:\program files\iISystem Wiper\SystemWiper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 18:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 18:19 323584 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-31 22:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/16/2011 12:20 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/8/2011 1:30 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/8/2011 1:30 PM 20696]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 10:26 AM 450848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2010 8:40 PM 22344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2010 8:40 PM 654408]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\BULKUSB.sys --> c:\windows\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;CaptureView VGA;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 11:09 AM 96256]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\Frank\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Frank\LOCALS~1\Temp\mfe_rr.sys [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-23 01:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-ITBar7Position - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3572)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-14 18:09:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-14 22:09
ComboFix2.txt 2012-05-14 19:18
ComboFix3.txt 2012-05-14 15:21
ComboFix4.txt 2012-05-13 15:19
ComboFix5.txt 2012-05-14 21:20
.
Pre-Run: 15,410,073,600 bytes free
Post-Run: 15,321,636,864 bytes free
.
- - End Of File - - D2DD903F1245BFDFF8B3AA9E74CF97F1

    Advertisements

Register to Remove

#77 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 07:24 PM

You still did receive the message about Zero Access?
Posted Image
 
 

#78 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 07:32 PM

yes about 1 or 2 minutes into the combo fix scan

#79 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 07:48 PM

Hi, Ok...I am talking with colleagues about your system. I will return as quickly as I can. :)
Posted Image
 
 

#80 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 May 2012 - 07:55 AM

Hi, Run TDSSKiller again and post the new log that is created. :)
Posted Image
 
 

#81 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 15 May 2012 - 09:17 AM

hi jeff just ran tdss killer here is the log 11:06:48.0825 1368 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 11:06:48.0915 1368 ============================================================ 11:06:48.0915 1368 Current date / time: 2012/05/15 11:06:48.0915 11:06:48.0915 1368 SystemInfo: 11:06:48.0915 1368 11:06:48.0915 1368 OS Version: 5.1.2600 ServicePack: 3.0 11:06:48.0915 1368 Product type: Workstation 11:06:48.0915 1368 ComputerName: FRANK-SONY 11:06:48.0915 1368 UserName: Frank 11:06:48.0915 1368 Windows directory: C:\WINDOWS 11:06:48.0915 1368 System windows directory: C:\WINDOWS 11:06:48.0915 1368 Processor architecture: Intel x86 11:06:48.0915 1368 Number of processors: 1 11:06:48.0915 1368 Page size: 0x1000 11:06:48.0915 1368 Boot type: Safe boot with network 11:06:48.0915 1368 ============================================================ 11:06:52.0901 1368 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 11:06:52.0911 1368 Drive \Device\Harddisk1\DR2 - Size: 0x77700000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:06:52.0941 1368 ============================================================ 11:06:52.0941 1368 \Device\Harddisk0\DR0: 11:06:52.0941 1368 MBR partitions: 11:06:52.0941 1368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1 11:06:52.0941 1368 \Device\Harddisk1\DR2: 11:06:52.0951 1368 MBR partitions: 11:06:52.0951 1368 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x3BB7C1 11:06:52.0951 1368 ============================================================ 11:06:53.0041 1368 C: <-> \Device\Harddisk0\DR0\Partition0 11:06:53.0041 1368 ============================================================ 11:06:53.0041 1368 Initialize success 11:06:53.0041 1368 ============================================================ 11:07:12.0259 1400 ============================================================ 11:07:12.0259 1400 Scan started 11:07:12.0259 1400 Mode: Manual; 11:07:12.0259 1400 ============================================================ 11:07:12.0800 1400 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 11:07:12.0820 1400 !SASCORE - ok 11:07:13.0120 1400 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys 11:07:13.0130 1400 Aavmker4 - ok 11:07:13.0180 1400 Abiosdsk - ok 11:07:13.0220 1400 abp480n5 - ok 11:07:13.0330 1400 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 11:07:13.0380 1400 ac97intc - ok 11:07:13.0461 1400 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:07:13.0471 1400 ACPI - ok 11:07:13.0571 1400 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 11:07:13.0591 1400 ACPIEC - ok 11:07:13.0621 1400 adpu160m - ok 11:07:13.0701 1400 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 11:07:13.0701 1400 aec - ok 11:07:13.0801 1400 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 11:07:13.0811 1400 AFD - ok 11:07:13.0881 1400 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 11:07:13.0901 1400 agp440 - ok 11:07:13.0951 1400 Aha154x - ok 11:07:13.0991 1400 aic78u2 - ok 11:07:14.0041 1400 aic78xx - ok 11:07:14.0122 1400 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 11:07:14.0122 1400 Alerter - ok 11:07:14.0222 1400 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 11:07:14.0222 1400 ALG - ok 11:07:14.0262 1400 AliIde - ok 11:07:14.0312 1400 amsint - ok 11:07:14.0362 1400 AppMgmt - ok 11:07:14.0432 1400 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 11:07:14.0442 1400 Arp1394 - ok 11:07:14.0482 1400 asc - ok 11:07:14.0532 1400 asc3350p - ok 11:07:14.0582 1400 asc3550 - ok 11:07:15.0063 1400 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 11:07:15.0554 1400 aspnet_state - ok 11:07:15.0664 1400 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys 11:07:15.0704 1400 aswFsBlk - ok 11:07:16.0004 1400 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys 11:07:16.0034 1400 aswMon2 - ok 11:07:16.0114 1400 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys 11:07:16.0114 1400 aswRdr - ok 11:07:16.0545 1400 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys 11:07:16.0715 1400 aswSnx - ok 11:07:16.0845 1400 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys 11:07:16.0936 1400 aswSP - ok 11:07:17.0026 1400 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys 11:07:17.0036 1400 aswTdi - ok 11:07:17.0136 1400 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:07:17.0136 1400 AsyncMac - ok 11:07:17.0206 1400 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 11:07:17.0206 1400 atapi - ok 11:07:17.0246 1400 Atdisk - ok 11:07:17.0326 1400 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:07:17.0346 1400 Atmarpc - ok 11:07:17.0426 1400 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 11:07:17.0436 1400 AudioSrv - ok 11:07:17.0536 1400 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 11:07:17.0556 1400 audstub - ok 11:07:17.0747 1400 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 11:07:17.0757 1400 avast! Antivirus - ok 11:07:17.0867 1400 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 11:07:17.0867 1400 Beep - ok 11:07:17.0947 1400 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 11:07:18.0287 1400 BITS - ok 11:07:18.0388 1400 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 11:07:18.0388 1400 Browser - ok 11:07:18.0438 1400 CA500AI - ok 11:07:18.0488 1400 CA500AV - ok 11:07:18.0528 1400 catchme - ok 11:07:18.0618 1400 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 11:07:18.0648 1400 cbidf2k - ok 11:07:18.0718 1400 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 11:07:18.0718 1400 CCDECODE - ok 11:07:18.0768 1400 cd20xrnt - ok 11:07:18.0858 1400 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 11:07:18.0858 1400 Cdaudio - ok 11:07:18.0908 1400 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 11:07:18.0908 1400 Cdfs - ok 11:07:18.0999 1400 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:07:18.0999 1400 Cdrom - ok 11:07:19.0049 1400 Changer - ok 11:07:19.0129 1400 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 11:07:19.0149 1400 CiSvc - ok 11:07:19.0259 1400 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 11:07:19.0279 1400 ClipSrv - ok 11:07:19.0399 1400 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:07:19.0539 1400 clr_optimization_v2.0.50727_32 - ok 11:07:19.0579 1400 CmdIde - ok 11:07:19.0629 1400 COMSysApp - ok 11:07:19.0740 1400 Cpqarray - ok 11:07:19.0780 1400 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE 11:07:19.0790 1400 Creative Service for CDROM Access - ok 11:07:19.0870 1400 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 11:07:19.0870 1400 CryptSvc - ok 11:07:19.0920 1400 dac2w2k - ok 11:07:19.0990 1400 dac960nt - ok 11:07:20.0070 1400 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 11:07:20.0100 1400 DcomLaunch - ok 11:07:20.0180 1400 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 11:07:20.0190 1400 Dhcp - ok 11:07:20.0250 1400 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 11:07:20.0250 1400 Disk - ok 11:07:20.0290 1400 dmadmin - ok 11:07:20.0391 1400 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 11:07:20.0451 1400 dmboot - ok 11:07:20.0501 1400 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 11:07:20.0511 1400 dmio - ok 11:07:20.0601 1400 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 11:07:20.0601 1400 dmload - ok 11:07:20.0681 1400 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 11:07:20.0701 1400 dmserver - ok 11:07:20.0781 1400 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 11:07:20.0781 1400 DMusic - ok 11:07:20.0871 1400 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 11:07:20.0881 1400 Dnscache - ok 11:07:20.0961 1400 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 11:07:20.0981 1400 Dot3svc - ok 11:07:21.0041 1400 dpti2o - ok 11:07:21.0132 1400 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 11:07:21.0132 1400 drmkaud - ok 11:07:21.0222 1400 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 11:07:21.0232 1400 EapHost - ok 11:07:21.0312 1400 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 11:07:21.0312 1400 ERSvc - ok 11:07:21.0362 1400 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 11:07:21.0382 1400 Eventlog - ok 11:07:21.0482 1400 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 11:07:21.0492 1400 EventSystem - ok 11:07:21.0552 1400 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 11:07:21.0582 1400 Fastfat - ok 11:07:21.0672 1400 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 11:07:21.0682 1400 FastUserSwitchingCompatibility - ok 11:07:21.0773 1400 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 11:07:21.0783 1400 Fdc - ok 11:07:21.0883 1400 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 11:07:21.0903 1400 FilterService - ok 11:07:21.0943 1400 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 11:07:21.0943 1400 Fips - ok 11:07:22.0003 1400 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 11:07:22.0003 1400 Flpydisk - ok 11:07:22.0093 1400 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 11:07:22.0133 1400 FltMgr - ok 11:07:22.0393 1400 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 11:07:22.0534 1400 FontCache3.0.0.0 - ok 11:07:22.0634 1400 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:07:22.0634 1400 Fs_Rec - ok 11:07:22.0754 1400 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:07:22.0814 1400 Ftdisk - ok 11:07:22.0864 1400 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 11:07:22.0864 1400 gameenum - ok 11:07:22.0944 1400 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:07:22.0944 1400 Gpc - ok 11:07:23.0144 1400 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 11:07:23.0195 1400 gusvc - ok 11:07:23.0295 1400 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 11:07:23.0295 1400 helpsvc - ok 11:07:23.0345 1400 HidServ - ok 11:07:23.0415 1400 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 11:07:23.0435 1400 hkmsvc - ok 11:07:23.0475 1400 hpn - ok 11:07:23.0555 1400 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 11:07:23.0565 1400 HTTP - ok 11:07:23.0645 1400 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 11:07:23.0735 1400 HTTPFilter - ok 11:07:23.0785 1400 i2omgmt - ok 11:07:23.0835 1400 i2omp - ok 11:07:23.0926 1400 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:07:23.0926 1400 i8042prt - ok 11:07:24.0056 1400 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:07:24.0126 1400 idsvc - ok 11:07:24.0196 1400 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 11:07:24.0196 1400 Imapi - ok 11:07:24.0306 1400 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 11:07:24.0356 1400 ImapiService - ok 11:07:24.0426 1400 ini910u - ok 11:07:24.0536 1400 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 11:07:24.0546 1400 IntelIde - ok 11:07:24.0627 1400 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 11:07:24.0637 1400 Ip6Fw - ok 11:07:24.0687 1400 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:07:24.0727 1400 IpFilterDriver - ok 11:07:24.0797 1400 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:07:24.0797 1400 IpInIp - ok 11:07:24.0897 1400 IPN2120 (1dd7142cb14892c45d7c725a3d84b16b) C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys 11:07:24.0937 1400 IPN2120 - ok 11:07:25.0007 1400 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:07:25.0027 1400 IpNat - ok 11:07:25.0077 1400 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:07:25.0077 1400 IPSec - ok 11:07:25.0137 1400 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 11:07:25.0137 1400 IRENUM - ok 11:07:25.0197 1400 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:07:25.0197 1400 isapnp - ok 11:07:25.0237 1400 ivusb - ok 11:07:25.0458 1400 JavaQuickStarterService (74e30a41cdcf331c74bc4d97be40cc5b) C:\Program Files\Java\jre6\bin\jqs.exe 11:07:25.0508 1400 JavaQuickStarterService - ok 11:07:25.0598 1400 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys 11:07:25.0618 1400 Jukebox3 - ok 11:07:25.0678 1400 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:07:25.0678 1400 Kbdclass - ok 11:07:25.0748 1400 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 11:07:25.0768 1400 kmixer - ok 11:07:25.0878 1400 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 11:07:25.0888 1400 KSecDD - ok 11:07:25.0979 1400 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 11:07:25.0989 1400 lanmanserver - ok 11:07:26.0079 1400 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 11:07:26.0159 1400 lanmanworkstation - ok 11:07:26.0209 1400 lbrtfdc - ok 11:07:26.0329 1400 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 11:07:26.0339 1400 LmHosts - ok 11:07:26.0469 1400 ltmodem5 (fbbb02cdbbd8aeebcf63aa817aad3acb) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 11:07:26.0539 1400 ltmodem5 - ok 11:07:26.0640 1400 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 11:07:26.0690 1400 lvpopflt - ok 11:07:26.0800 1400 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 11:07:26.0800 1400 LVPr2Mon - ok 11:07:26.0980 1400 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 11:07:27.0030 1400 LVPrcSrv - ok 11:07:27.0140 1400 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys 11:07:27.0200 1400 LVRS - ok 11:07:27.0601 1400 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 11:07:27.0811 1400 LVUVC - ok 11:07:27.0981 1400 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 11:07:27.0981 1400 MBAMProtector - ok 11:07:28.0212 1400 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 11:07:28.0292 1400 MBAMService - ok 11:07:28.0362 1400 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 11:07:28.0392 1400 Messenger - ok 11:07:28.0582 1400 MFE_RR - ok 11:07:28.0642 1400 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 11:07:28.0642 1400 mnmdd - ok 11:07:28.0733 1400 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 11:07:28.0753 1400 mnmsrvc - ok 11:07:28.0843 1400 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 11:07:28.0843 1400 Modem - ok 11:07:28.0913 1400 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:07:28.0913 1400 Mouclass - ok 11:07:28.0973 1400 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 11:07:28.0973 1400 MountMgr - ok 11:07:29.0023 1400 mraid35x - ok 11:07:29.0113 1400 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:07:29.0153 1400 MRxDAV - ok 11:07:29.0263 1400 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:07:29.0283 1400 MRxSmb - ok 11:07:29.0373 1400 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 11:07:29.0383 1400 MSDTC - ok 11:07:29.0484 1400 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 11:07:29.0494 1400 Msfs - ok 11:07:29.0534 1400 MSIServer - ok 11:07:29.0594 1400 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:07:29.0614 1400 MSKSSRV - ok 11:07:29.0654 1400 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:07:29.0664 1400 MSPCLOCK - ok 11:07:29.0744 1400 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 11:07:29.0754 1400 MSPQM - ok 11:07:29.0884 1400 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:07:29.0884 1400 mssmbios - ok 11:07:29.0944 1400 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 11:07:29.0954 1400 MSTEE - ok 11:07:30.0044 1400 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 11:07:30.0064 1400 ms_mpu401 - ok 11:07:30.0155 1400 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 11:07:30.0185 1400 Mup - ok 11:07:30.0245 1400 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 11:07:30.0255 1400 NABTSFEC - ok 11:07:30.0355 1400 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 11:07:30.0375 1400 napagent - ok 11:07:30.0455 1400 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 11:07:30.0465 1400 NDIS - ok 11:07:30.0515 1400 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 11:07:30.0525 1400 NdisIP - ok 11:07:30.0605 1400 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:07:30.0605 1400 NdisTapi - ok 11:07:30.0665 1400 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:07:30.0665 1400 Ndisuio - ok 11:07:30.0745 1400 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:07:30.0755 1400 NdisWan - ok 11:07:30.0856 1400 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 11:07:30.0856 1400 NDProxy - ok 11:07:30.0926 1400 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 11:07:30.0936 1400 NetBIOS - ok 11:07:30.0976 1400 NetBT - ok 11:07:31.0046 1400 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 11:07:31.0066 1400 NetDDE - ok 11:07:31.0106 1400 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 11:07:31.0116 1400 NetDDEdsdm - ok 11:07:31.0186 1400 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:07:31.0186 1400 Netlogon - ok 11:07:31.0286 1400 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 11:07:31.0296 1400 Netman - ok 11:07:31.0507 1400 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:07:31.0527 1400 NetTcpPortSharing - ok 11:07:31.0617 1400 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 11:07:31.0617 1400 NIC1394 - ok 11:07:31.0697 1400 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 11:07:31.0717 1400 Nla - ok 11:07:31.0837 1400 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 11:07:31.0837 1400 Npfs - ok 11:07:31.0917 1400 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 11:07:31.0937 1400 Ntfs - ok 11:07:32.0007 1400 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:07:32.0017 1400 NtLmSsp - ok 11:07:32.0107 1400 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 11:07:32.0137 1400 NtmsSvc - ok 11:07:32.0218 1400 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 11:07:32.0218 1400 Null - ok 11:07:32.0398 1400 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 11:07:32.0488 1400 nv - ok 11:07:32.0558 1400 NVSvc (697a09635e30d3722e1124ec33face15) C:\WINDOWS\system32\nvsvc32.exe 11:07:32.0568 1400 NVSvc - ok 11:07:32.0668 1400 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:07:32.0688 1400 NwlnkFlt - ok 11:07:32.0788 1400 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:07:32.0788 1400 NwlnkFwd - ok 11:07:32.0888 1400 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 11:07:32.0909 1400 ohci1394 - ok 11:07:32.0979 1400 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 11:07:32.0979 1400 Parport - ok 11:07:33.0059 1400 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 11:07:33.0079 1400 PartMgr - ok 11:07:33.0169 1400 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 11:07:33.0169 1400 ParVdm - ok 11:07:33.0219 1400 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 11:07:33.0229 1400 PCI - ok 11:07:33.0279 1400 PCIDump - ok 11:07:33.0339 1400 PCIIde - ok 11:07:33.0409 1400 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 11:07:33.0409 1400 Pcmcia - ok 11:07:33.0459 1400 pctplsg - ok 11:07:33.0509 1400 PDCOMP - ok 11:07:33.0569 1400 PDFRAME - ok 11:07:33.0620 1400 PDRELI - ok 11:07:33.0670 1400 PDRFRAME - ok 11:07:33.0710 1400 perc2 - ok 11:07:33.0760 1400 perc2hib - ok 11:07:33.0920 1400 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 11:07:33.0920 1400 PlugPlay - ok 11:07:34.0000 1400 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:07:34.0000 1400 PolicyAgent - ok 11:07:34.0100 1400 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:07:34.0100 1400 PptpMiniport - ok 11:07:34.0160 1400 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 11:07:34.0170 1400 Processor - ok 11:07:34.0190 1400 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:07:34.0190 1400 ProtectedStorage - ok 11:07:34.0250 1400 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 11:07:34.0250 1400 PSched - ok 11:07:34.0331 1400 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:07:34.0331 1400 Ptilink - ok 11:07:34.0431 1400 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 11:07:34.0451 1400 PxHelp20 - ok 11:07:34.0501 1400 ql1080 - ok 11:07:34.0541 1400 Ql10wnt - ok 11:07:34.0591 1400 ql12160 - ok 11:07:34.0661 1400 ql1240 - ok 11:07:34.0701 1400 ql1280 - ok 11:07:34.0781 1400 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:07:34.0781 1400 RasAcd - ok 11:07:34.0881 1400 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 11:07:34.0881 1400 RasAuto - ok 11:07:34.0931 1400 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:07:34.0941 1400 Rasl2tp - ok 11:07:35.0032 1400 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 11:07:35.0082 1400 RasMan - ok 11:07:35.0152 1400 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:07:35.0162 1400 RasPppoe - ok 11:07:35.0202 1400 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 11:07:35.0212 1400 Raspti - ok 11:07:35.0272 1400 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:07:35.0292 1400 Rdbss - ok 11:07:35.0342 1400 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:07:35.0342 1400 RDPCDD - ok 11:07:35.0462 1400 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 11:07:35.0482 1400 RDPWD - ok 11:07:35.0572 1400 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 11:07:35.0612 1400 RDSessMgr - ok 11:07:35.0723 1400 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 11:07:35.0733 1400 redbook - ok 11:07:35.0783 1400 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 11:07:35.0793 1400 RemoteAccess - ok 11:07:35.0893 1400 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 11:07:35.0923 1400 ROOTMODEM - ok 11:07:36.0023 1400 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 11:07:36.0033 1400 RpcLocator - ok 11:07:36.0123 1400 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 11:07:36.0133 1400 RpcSs - ok 11:07:36.0233 1400 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 11:07:36.0283 1400 RSVP - ok 11:07:36.0384 1400 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 11:07:36.0394 1400 RTL8023xp - ok 11:07:36.0434 1400 rtl8139 - ok 11:07:36.0494 1400 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 11:07:36.0494 1400 SamSs - ok 11:07:36.0654 1400 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 11:07:36.0654 1400 SASDIFSV - ok 11:07:36.0774 1400 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 11:07:36.0794 1400 SASKUTIL - ok 11:07:36.0864 1400 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 11:07:36.0874 1400 SCardSvr - ok 11:07:36.0974 1400 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 11:07:36.0984 1400 Schedule - ok 11:07:37.0105 1400 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:07:37.0125 1400 Secdrv - ok 11:07:37.0175 1400 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 11:07:37.0185 1400 seclogon - ok 11:07:37.0235 1400 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 11:07:37.0255 1400 SENS - ok 11:07:37.0335 1400 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 11:07:37.0335 1400 serenum - ok 11:07:37.0415 1400 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 11:07:37.0415 1400 Serial - ok 11:07:37.0565 1400 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 11:07:37.0565 1400 Sfloppy - ok 11:07:37.0635 1400 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 11:07:37.0655 1400 SharedAccess - ok 11:07:37.0745 1400 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 11:07:37.0755 1400 ShellHWDetection - ok 11:07:37.0796 1400 Simbad - ok 11:07:37.0876 1400 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 11:07:37.0886 1400 SLIP - ok 11:07:37.0946 1400 Sparrow - ok 11:07:38.0006 1400 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 11:07:38.0006 1400 splitter - ok 11:07:38.0116 1400 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 11:07:38.0136 1400 Spooler - ok 11:07:38.0216 1400 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 11:07:38.0236 1400 sr - ok 11:07:38.0326 1400 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 11:07:38.0346 1400 srservice - ok 11:07:38.0467 1400 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 11:07:38.0487 1400 Srv - ok 11:07:38.0567 1400 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 11:07:38.0587 1400 SSDPSRV - ok 11:07:38.0707 1400 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 11:07:38.0727 1400 stisvc - ok 11:07:38.0797 1400 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 11:07:38.0797 1400 streamip - ok 11:07:38.0907 1400 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 11:07:38.0907 1400 swenum - ok 11:07:38.0957 1400 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 11:07:38.0967 1400 swmidi - ok 11:07:39.0007 1400 SwPrv - ok 11:07:39.0077 1400 symc810 - ok 11:07:39.0127 1400 symc8xx - ok 11:07:39.0168 1400 sym_hi - ok 11:07:39.0238 1400 sym_u3 - ok 11:07:39.0298 1400 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 11:07:39.0298 1400 sysaudio - ok 11:07:39.0368 1400 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 11:07:39.0398 1400 SysmonLog - ok 11:07:39.0508 1400 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 11:07:39.0528 1400 TapiSrv - ok 11:07:39.0628 1400 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:07:39.0648 1400 Tcpip - ok 11:07:39.0738 1400 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 11:07:39.0738 1400 TDPIPE - ok 11:07:39.0808 1400 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 11:07:39.0808 1400 TDTCP - ok 11:07:39.0869 1400 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 11:07:39.0869 1400 TermDD - ok 11:07:39.0969 1400 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 11:07:39.0989 1400 TermService - ok 11:07:40.0079 1400 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 11:07:40.0079 1400 Themes - ok 11:07:40.0149 1400 TosIde - ok 11:07:40.0229 1400 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 11:07:40.0269 1400 TrkWks - ok 11:07:40.0369 1400 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 11:07:40.0369 1400 tunmp - ok 11:07:40.0429 1400 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 11:07:40.0429 1400 Udfs - ok 11:07:40.0539 1400 ultra - ok 11:07:40.0730 1400 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 11:07:40.0760 1400 UMVPFSrv - ok 11:07:40.0860 1400 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 11:07:40.0880 1400 Update - ok 11:07:40.0990 1400 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 11:07:41.0020 1400 upnphost - ok 11:07:41.0110 1400 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 11:07:41.0120 1400 UPS - ok 11:07:41.0210 1400 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 11:07:41.0230 1400 usbaudio - ok 11:07:41.0321 1400 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:07:41.0321 1400 usbccgp - ok 11:07:41.0401 1400 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:07:41.0401 1400 usbhub - ok 11:07:41.0471 1400 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 11:07:41.0481 1400 usbprint - ok 11:07:41.0531 1400 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 11:07:41.0531 1400 usbscan - ok 11:07:41.0591 1400 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:07:41.0591 1400 USBSTOR - ok 11:07:41.0641 1400 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:07:41.0641 1400 usbuhci - ok 11:07:41.0711 1400 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 11:07:41.0711 1400 VgaSave - ok 11:07:41.0731 1400 ViaIde - ok 11:07:41.0801 1400 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 11:07:41.0811 1400 VolSnap - ok 11:07:41.0931 1400 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 11:07:41.0952 1400 VSS - ok 11:07:42.0052 1400 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 11:07:42.0072 1400 W32Time - ok 11:07:42.0142 1400 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:07:42.0142 1400 Wanarp - ok 11:07:42.0232 1400 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 11:07:42.0252 1400 wceusbsh - ok 11:07:42.0292 1400 WDC_SAM - ok 11:07:42.0342 1400 WDICA - ok 11:07:42.0412 1400 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 11:07:42.0422 1400 wdmaud - ok 11:07:42.0512 1400 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 11:07:42.0552 1400 WebClient - ok 11:07:42.0713 1400 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 11:07:42.0723 1400 winmgmt - ok 11:07:42.0863 1400 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll 11:07:42.0943 1400 WinRM - ok 11:07:43.0043 1400 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 11:07:43.0053 1400 WmdmPmSN - ok 11:07:43.0153 1400 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 11:07:43.0163 1400 WmiApSrv - ok 11:07:43.0384 1400 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 11:07:43.0464 1400 WMPNetworkSvc - ok 11:07:43.0564 1400 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 11:07:43.0574 1400 WpdUsb - ok 11:07:43.0654 1400 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 11:07:43.0654 1400 WS2IFSL - ok 11:07:43.0744 1400 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 11:07:43.0754 1400 wscsvc - ok 11:07:43.0814 1400 WSearch - ok 11:07:43.0924 1400 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 11:07:43.0924 1400 WSTCODEC - ok 11:07:44.0004 1400 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 11:07:44.0115 1400 wuauserv - ok 11:07:44.0205 1400 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 11:07:44.0235 1400 WudfPf - ok 11:07:44.0315 1400 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 11:07:44.0325 1400 WudfRd - ok 11:07:44.0375 1400 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 11:07:44.0395 1400 WudfSvc - ok 11:07:44.0495 1400 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 11:07:44.0525 1400 WZCSVC - ok 11:07:44.0595 1400 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 11:07:44.0615 1400 xmlprov - ok 11:07:44.0816 1400 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 11:07:44.0916 1400 YahooAUService - ok 11:07:45.0106 1400 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 11:07:45.0276 1400 \Device\Harddisk0\DR0 - ok 11:07:45.0336 1400 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2 11:07:45.0356 1400 \Device\Harddisk1\DR2 - ok 11:07:45.0386 1400 Boot (0x1200) (292e643157beae72249dcb34f5dfe109) \Device\Harddisk0\DR0\Partition0 11:07:45.0386 1400 \Device\Harddisk0\DR0\Partition0 - ok 11:07:45.0427 1400 Boot (0x1200) (f93c03526484f470f22fc0fbcfb6563f) \Device\Harddisk1\DR2\Partition0 11:07:45.0437 1400 \Device\Harddisk1\DR2\Partition0 - ok 11:07:45.0447 1400 ============================================================ 11:07:45.0447 1400 Scan finished 11:07:45.0447 1400 ============================================================ 11:07:45.0517 1392 Detected object count: 0 11:07:45.0517 1392 Actual detected object count: 0

#82 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 May 2012 - 10:47 AM

Hi,

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
Posted Image
 
 

#83 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 15 May 2012 - 11:48 AM

jeff i downloaded rogue killer to my desktop and when i opened it it did a quick scan of updateing but i didnt get any promps to enter 1 and validate should i just hit scan. should i shut my anti virus and firewall off?

Edited by portboy123, 15 May 2012 - 11:49 AM.

#84 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 15 May 2012 - 11:56 AM

hi jeff i did hit the scan button here is the log RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Frank [Admin rights]
Mode: Scan -- Date: 05/15/2012 13:49:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380215A +++++
--- User ---
[MBR] 7caaadf4f38e767c2c3f8c9092d08ba5
[BSP] 6e6495d431fd772e8b45697f066b6bb2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#85 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 15 May 2012 - 12:14 PM

jeff just noticed theres a RK-QUARTINE folder on my desktop with a PhysicalDrive0-User DAT File 1 kb and a Quartine report Time : 15/05/2012 13:49:22 -------------------------- i did run a avast scan this morning in safe mode unplugged my cable and shut off firewall and i got a report ERROR THE FILE CANNOT BE ACCESSED BY THE SYSTEM(1920) The file is C:\Windows...\3377185364 when i hightlight it it is C:\Windows\$NtUninstallKB58311$\3377185364 dont know if this is anything just trying to fix this thanks

    Advertisements

Register to Remove

#86 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 May 2012 - 02:39 PM

Hi, Please run a new scan with ComboFix. Just double-click it and let it run....then let me know if the Zero Access warning is still being shown and post the log that is made to your next reply. :)
Posted Image
 
 

#87 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 15 May 2012 - 03:03 PM

jeff when i go to close out of rouge killer it ask if i whan to wiyhout deleating anything as to [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND should i just close or delete it. just looked it says please look at different tabs and delete elements sorry

Edited by portboy123, 15 May 2012 - 03:06 PM.

#88 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 May 2012 - 04:22 PM

Hi, Just close out of RogueKiller and then run a new scan with ComboFix. In your next reply let me know if you still receive the ZeroAccess warning and post the new ComboFix log. :)
Posted Image
 
 

#89 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 15 May 2012 - 05:31 PM

hi jeff ran combo fix with avast off and firewall off and disconnected ethernet plug. a few minutes into the scan a popup opened and said RootKit. Zero Access it has inserted itself into the tcp/ip stack. i clicked ok it scanned a few minutes then another popup that said Rootkit is detected then it wanted to restart and i hit ok. this time it started with just my background on the screen no icons or task tray or start button it ran right through this time with no popups or messages.finished scanning then rebooted itself. started normal. and gave the log. here it is ComboFix 12-05-15.03 - Frank 05/15/2012 18:54:39.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.287 [GMT -4:00]
Running from: G:\franks.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\system32\dllcache\netbt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-09 00:42 . 2012-05-09 00:42 -------- d-----w- c:\program files\ERUNT
2012-05-08 02:06 . 2012-05-08 02:06 -------- d-----w- c:\documents and settings\Frank\Application Data\DriverCure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-04-09 00:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 15:17 . 2011-05-16 16:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15 . 2011-01-08 17:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-01-08 17:30 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-16 04:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-01-08 17:30 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-01-08 17:30 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-01-08 17:30 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-01-08 17:30 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-01-08 17:30 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-01-08 17:30 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-01-08 17:30 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-09-05 20:27 203776 --sha-w- c:\windows\system32\unrar.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-12_03.20.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-15 23:14 . 2012-05-15 23:14 16384 c:\windows\temp\usgthrsvc\Perflib_Perfdata_748.dat
+ 2012-05-12 13:22 . 2012-05-12 13:22 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-05-12 01:53 . 2012-05-12 01:53 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-05-12 13:24 . 2012-05-12 13:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-15 23:14 . 2009-10-07 06:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\219a5bc.msp
+ 2012-05-15 12:38 . 2012-05-15 12:38 180224 c:\windows\ERDNT\AutoBackup\5-15-2012\Users\00000002\UsrClass.dat
+ 2012-05-15 12:38 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-15-2012\ERDNT.EXE
+ 2012-05-14 10:49 . 2012-05-14 10:49 180224 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000002\UsrClass.dat
+ 2012-05-14 10:49 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-14-2012\ERDNT.EXE
+ 2012-05-13 14:16 . 2012-05-13 14:16 180224 c:\windows\ERDNT\AutoBackup\5-13-2012\Users\00000002\UsrClass.dat
+ 2012-05-13 14:16 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-13-2012\ERDNT.EXE
+ 2012-05-12 13:30 . 2012-05-12 13:30 180224 c:\windows\ERDNT\AutoBackup\5-12-2012\Users\00000002\UsrClass.dat
+ 2012-05-12 13:30 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-12-2012\ERDNT.EXE
+ 2012-05-12 13:23 . 2012-05-12 13:23 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-05-12 13:17 . 2012-05-12 13:17 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-04-15 13:48 . 2009-04-15 13:48 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-11 19:57 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\219a5cb.msp
+ 2011-08-17 13:49 . 2011-08-17 13:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2012-05-15 12:38 . 2012-05-15 12:38 8491008 c:\windows\ERDNT\AutoBackup\5-15-2012\Users\00000001\ntuser.dat
+ 2012-05-14 10:49 . 2012-05-14 10:49 8355840 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000001\ntuser.dat
+ 2012-05-13 14:16 . 2012-05-13 14:16 8318976 c:\windows\ERDNT\AutoBackup\5-13-2012\Users\00000001\ntuser.dat
+ 2012-05-12 13:30 . 2012-05-12 13:30 8318976 c:\windows\ERDNT\AutoBackup\5-12-2012\Users\00000001\ntuser.dat
+ 2007-08-29 17:57 . 2012-05-12 13:12 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\219a5c3.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
c:\documents and settings\Frank\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cleanMFT32 -c C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ----a-w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 09:00 131072 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper]
2005-09-11 17:24 258048 ----a-w- c:\program files\iISystem Wiper\SystemWiper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 18:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 18:19 323584 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-31 22:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/16/2011 12:20 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/8/2011 1:30 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/8/2011 1:30 PM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2010 8:40 PM 654408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 10:26 AM 450848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2010 8:40 PM 22344]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\BULKUSB.sys --> c:\windows\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;CaptureView VGA;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 11:09 AM 96256]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\Frank\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Frank\LOCALS~1\Temp\mfe_rr.sys [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-23 01:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-ITBar7Position - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 19:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-15 19:26:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 23:26
ComboFix2.txt 2012-05-14 22:09
ComboFix3.txt 2012-05-14 19:18
ComboFix4.txt 2012-05-14 15:21
ComboFix5.txt 2012-05-15 13:05
.
Pre-Run: 15,028,142,080 bytes free
Post-Run: 15,044,972,544 bytes free
.
- - End Of File - - 82BDA95223BAC06707A802291F247F6E

#90 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 May 2012 - 06:38 PM

Hi,

OTL
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemroot%\*. /rp /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·