Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with someting that prevents mbam from installing


  • This topic is locked This topic is locked
7 replies to this topic

#1 beretzky

beretzky

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 23 January 2012 - 05:57 PM

Hi,
I am having trouble installing malwarebytes anti malware onto my system. My system details include:
-Window xp home edition
-2002 version service pack 3
-amd athlon xp 1800+
-1.5ghz, 960 mb of ram.

Please finde attached my dds and gmer logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Loreta at 0:32:03 on 2012-01-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.182 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.msn.com/



2)GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-23 10:57:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_2F040L0 rev.VAM51JJ0
Running: gmer.exe; Driver: C:\DOCUME~1\Loreta\LOCALS~1\Temp\ufndrkog.sys


---- System - GMER 1.0.15 ----

SSDT 86166E68 ZwAlertResumeThread
SSDT 86166F48 ZwAlertThread
SSDT 86450340 ZwAllocateVirtualMemory
SSDT 864684D0 ZwAssignProcessToJobObject
SSDT 86472880 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF6CBA710]
SSDT 8649A5A8 ZwCreateMutant
SSDT 864BC3C8 ZwCreateSymbolicLinkObject
SSDT 8647B320 ZwCreateThread
SSDT 86497498 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF6CBA990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF6CBAEF0]
SSDT 861753A0 ZwDuplicateObject
SSDT 864A29A8 ZwFreeVirtualMemory
SSDT 861749C0 ZwImpersonateAnonymousToken
SSDT 86174A80 ZwImpersonateThread
SSDT 86448778 ZwLoadDriver
SSDT 864A28A8 ZwMapViewOfSection
SSDT 8649A4E8 ZwOpenEvent
SSDT 86165D50 ZwOpenProcess
SSDT 861752C0 ZwOpenProcessToken
SSDT 8651D4F0 ZwOpenSection
SSDT 86165C80 ZwOpenThread
SSDT 864683E0 ZwProtectVirtualMemory
SSDT 8652BAB0 ZwResumeThread
SSDT 864DB7B0 ZwSetContextThread
SSDT 8645AE58 ZwSetInformationProcess
SSDT 86497578 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF6CBB140]
SSDT 8651D5B0 ZwSuspendProcess
SSDT 8652BB90 ZwSuspendThread
SSDT 86176EF8 ZwTerminateProcess
SSDT 864DB6D0 ZwTerminateThread
SSDT 8645AF48 ZwUnmapViewOfSection
SSDT 86450250 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 214 804E2880 4 Bytes [E8, A4, 49, 86]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Loreta\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 038600F3
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0386003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 038603D2
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 038601B0
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0386031C
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 03860488
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 03860266
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 038605F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 0386053E
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 033400F3
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0334003A
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 033403D2
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 033401B0
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0334031C
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 03340488
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 03340266
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 033405F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 0334053E
.text C:\Program Files\Internet Explorer\iexplore.exe[3136] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.mbam@ mbam.script
Reg HKLM\SOFTWARE\Classes\CLSID\{054C51FD-5425-7ABF-DF38-89AEC63A5CB8}\InProcServer32@ C:\WINDOWS\ime\softkbd.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{054C51FD-5425-7ABF-DF38-89AEC63A5CB8}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\FreedomAPI.asApi.1\CLSID
Reg HKLM\SOFTWARE\Classes\FreedomAPI.asApi.1\CLSID@ {7D8297A7-E529-409B-AAE7-E76D4A2A291D}
Reg HKLM\SOFTWARE\Classes\FreedomAPI.avApi.1\CLSID
Reg HKLM\SOFTWARE\Classes\FreedomAPI.avApi.1\CLSID@ {C92D5D57-FE27-4175-8504-6F8D706EE8C9}
Reg HKLM\SOFTWARE\Classes\FreedomAPI.fwApi.1\CLSID
Reg HKLM\SOFTWARE\Classes\FreedomAPI.fwApi.1\CLSID@ {FC0BC391-271F-4E82-8542-62BDE9182860}
Reg HKLM\SOFTWARE\Classes\FreedomAPI.genApi.1\CLSID
Reg HKLM\SOFTWARE\Classes\FreedomAPI.genApi.1\CLSID@ {FEA47533-43DB-4E83-A623-55F2F5166CEC}
Reg HKLM\SOFTWARE\Classes\MalwareEngine.MalwareEngine@ MalwareEngineService Object
Reg HKLM\SOFTWARE\Classes\MalwareEngine.MalwareEngine\CLSID
Reg HKLM\SOFTWARE\Classes\MalwareEngine.MalwareEngine\CLSID@ {9997FB0D-4EE6-48EB-8BFE-C278C03C1345}
Reg HKLM\SOFTWARE\Classes\MalwareEngine.MalwareEngine\CurVer
Reg HKLM\SOFTWARE\Classes\MalwareEngine.MalwareEngine\CurVer@ MalwareEngine.MalwareEngine.1
Reg HKLM\SOFTWARE\Classes\MalwareEngine.MalwareEngine.1@ MalwareEngineService Object
Reg HKLM\SOFTWARE\Classes\MalwareEngine.MalwareEngine.1\CLSID
Reg HKLM\SOFTWARE\Classes\MalwareEngine.MalwareEngine.1\CLSID@ {9997FB0D-4EE6-48EB-8BFE-C278C03C1345}
Reg HKLM\SOFTWARE\Classes\mbam.script@ Malwarebytes' Anti-Malware script
Reg HKLM\SOFTWARE\Classes\mbam.script\shell
Reg HKLM\SOFTWARE\Classes\mbam.script\shell\open
Reg HKLM\SOFTWARE\Classes\mbam.script\shell\open\command
Reg HKLM\SOFTWARE\Classes\mbam.script\shell\open\command@ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" %1
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayEventLog@ RpClientGatewayEventLog Class
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayEventLog\CLSID
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayEventLog\CLSID@ {C45773E8-AD6A-4C91-BBE4-31D49AFA806C}
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayEventLog\CurVer
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayEventLog\CurVer@ rpclientgateway.RpClientGatewayEventLog.1
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayEventLog.1@ RpClientGatewayEventLog Class
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayEventLog.1\CLSID
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayEventLog.1\CLSID@ {C45773E8-AD6A-4C91-BBE4-31D49AFA806C}
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface@ RpClientGatewayScriptInterface Class
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface\CLSID
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface\CLSID@ {BE373603-040E-4BDA-864C-F28CB6FFAE45}
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface\CurVer
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface\CurVer@ rpclientgateway.RpClientGatewayScriptInterface.1
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface.1@ RpClientGatewayScriptInterface Class
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface.1\CLSID
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface.1\CLSID@ {BE373603-040E-4BDA-864C-F28CB6FFAE45}
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface2@ RpClientGatewayScriptInterface2 Class
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface2\CLSID
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface2\CLSID@ {7379F0FF-EA46-4536-BEF5-68B6B5E54F9B}
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface2\CurVer
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface2\CurVer@ rpclientgateway.RpClientGatewayScriptInterface2.1
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface2.1@ RpClientGatewayScriptInterface2 Class
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface2.1\CLSID
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface2.1\CLSID@ {7379F0FF-EA46-4536-BEF5-68B6B5E54F9B}
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface3@ RpClientGatewayScriptInterface3 Class
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface3\CLSID
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface3\CLSID@ {4BC03417-1727-453c-81F2-3BA741E098B7}
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface3\CurVer
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface3\CurVer@ rpclientgateway.RpClientGatewayScriptInterface3.1
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface3.1@ RpClientGatewayScriptInterface3 Class
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface3.1\CLSID
Reg HKLM\SOFTWARE\Classes\rpclientgateway.RpClientGatewayScriptInterface3.1\CLSID@ {4BC03417-1727-453c-81F2-3BA741E098B7}
Reg HKLM\SOFTWARE\Classes\rpspalib.RpClientGatewayCampaignWindow@ RpClientGatewayCampaignWindow Class
Reg HKLM\SOFTWARE\Classes\rpspalib.RpClientGatewayCampaignWindow\CLSID
Reg HKLM\SOFTWARE\Classes\rpspalib.RpClientGatewayCampaignWindow\CLSID@ {82ECF597-F78D-4801-98BE-F155333DEAE1}
Reg HKLM\SOFTWARE\Classes\rpspalib.RpClientGatewayCampaignWindow\CurVer
Reg HKLM\SOFTWARE\Classes\rpspalib.RpClientGatewayCampaignWindow\CurVer@ rpspalib.RpClientGatewayCampaignWindow.1
Reg HKLM\SOFTWARE\Classes\rpspalib.RpClientGatewayCampaignWindow.1@ RpClientGatewayCampaignWindow Class
Reg HKLM\SOFTWARE\Classes\rpspalib.RpClientGatewayCampaignWindow.1\CLSID
Reg HKLM\SOFTWARE\Classes\rpspalib.RpClientGatewayCampaignWindow.1\CLSID@ {82ECF597-F78D-4801-98BE-F155333DEAE1}
Reg HKLM\SOFTWARE\Classes\rpspalib.RpMainUiWindow@ RpMainUiWindow Class
Reg HKLM\SOFTWARE\Classes\rpspalib.RpMainUiWindow\CLSID
Reg HKLM\SOFTWARE\Classes\rpspalib.RpMainUiWindow\CLSID@ {E9E09356-F6DB-4754-BEAC-DCBEE787E269}
Reg HKLM\SOFTWARE\Classes\rpspalib.RpMainUiWindow\CurVer
Reg HKLM\SOFTWARE\Classes\rpspalib.RpMainUiWindow\CurVer@ rpspalib.RpMainUiWindow.1
Reg HKLM\SOFTWARE\Classes\rpspalib.RpPreferences@ RpPreferences Class
Reg HKLM\SOFTWARE\Classes\rpspalib.RpPreferences\CLSID
Reg HKLM\SOFTWARE\Classes\rpspalib.RpPreferences\CLSID@ {9E86292A-AF23-47F2-9516-9458E2338753}
Reg HKLM\SOFTWARE\Classes\rpspalib.RpPreferences\CurVer
Reg HKLM\SOFTWARE\Classes\rpspalib.RpPreferences\CurVer@ rpspalib.RpPreferences.1
Reg HKLM\SOFTWARE\Classes\rpspalib.RpPreferences.1@ RpPreferences Class
Reg HKLM\SOFTWARE\Classes\rpspalib.RpPreferences.1\CLSID
Reg HKLM\SOFTWARE\Classes\rpspalib.RpPreferences.1\CLSID@ {9E86292A-AF23-47F2-9516-9458E2338753}
Reg HKLM\SOFTWARE\Classes\rpspalib.RpSharedToolbox@ RpSharedToolbox Class
Reg HKLM\SOFTWARE\Classes\rpspalib.RpSharedToolbox\CLSID
Reg HKLM\SOFTWARE\Classes\rpspalib.RpSharedToolbox\CLSID@ {07AB0748-F20D-48A1-B158-EEE199AA2894}
Reg HKLM\SOFTWARE\Classes\rpspalib.RpSharedToolbox\CurVer
Reg HKLM\SOFTWARE\Classes\rpspalib.RpSharedToolbox\CurVer@ rpspalib.RpSharedToolbox.1
Reg HKLM\SOFTWARE\Classes\rpspalib.RpSharedToolbox.1@ RpSharedToolbox Class
Reg HKLM\SOFTWARE\Classes\rpspalib.RpSharedToolbox.1\CLSID
Reg HKLM\SOFTWARE\Classes\rpspalib.RpSharedToolbox.1\CLSID@ {07AB0748-F20D-48A1-B158-EEE199AA2894}
Reg HKLM\SOFTWARE\Classes\rpspalib.TabbedGuiPageContaine.1@ RpMainUiWindow Class
Reg HKLM\SOFTWARE\Classes\rpspalib.TabbedGuiPageContaine.1\CLSID
Reg HKLM\SOFTWARE\Classes\rpspalib.TabbedGuiPageContaine.1\CLSID@ {E9E09356-F6DB-4754-BEAC-DCBEE787E269}
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshCampaignScriptHost@ RpSpaWshCampaignScriptHost Class
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshCampaignScriptHost\CLSID
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshCampaignScriptHost\CLSID@ {2AE410D9-D64B-4406-B5D2-370CECE80AC7}
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshCampaignScriptHost\CurVer
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshCampaignScriptHost\CurVer@ RpSpaWshComAgent.RpSpaWshCampaignScriptHost.1
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshCampaignScriptHost.1@ RpSpaWshCampaignScriptHost Class
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshCampaignScriptHost.1\CLSID
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshCampaignScriptHost.1\CLSID@ {2AE410D9-D64B-4406-B5D2-370CECE80AC7}
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2@ RpSpaWshSoftwareDetectorHost2 Class
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2\CLSID
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2\CLSID@ {C9CDD1CC-8385-4267-B7B3-7B7002A24618}
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2\CurVer
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2\CurVer@ RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2.1
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2.1@ RpSpaWshSoftwareDetectorHost2 Class
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2.1\CLSID
Reg HKLM\SOFTWARE\Classes\RpSpaWshComAgent.RpSpaWshSoftwareDetectorHost2.1\CLSID@ {C9CDD1CC-8385-4267-B7B3-7B7002A24618}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.FileManager@ CFileManager Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.FileManager\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.FileManager\CLSID@ {CB09629D-571B-4A3E-9F06-742C2F866E55}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.FileManager\CurVer
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.FileManager\CurVer@ SecurityAwareCOM.FileManager.1
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.FileManager.1@ CFileManager Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.FileManager.1\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.FileManager.1\CLSID@ {CB09629D-571B-4A3E-9F06-742C2F866E55}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.NetworkEngine@ CNetworkEngine Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.NetworkEngine\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.NetworkEngine\CLSID@ {1FD7D8D8-2A37-4d10-8CA1-380E25693F57}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.NetworkEngine\CurVer
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.NetworkEngine\CurVer@ SecurityAwareCOM.NetworkEngine.1
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.NetworkEngine.1@ CNetworkEngine Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.NetworkEngine.1\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.NetworkEngine.1\CLSID@ {1FD7D8D8-2A37-4d10-8CA1-380E25693F57}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.ProcessManager@ CProcessManager Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.ProcessManager\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.ProcessManager\CLSID@ {155C1332-21A6-49AD-88BC-4455E1ED0666}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.ProcessManager\CurVer
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.ProcessManager\CurVer@ SecurityAwareCOM.ProcessManager.1
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.ProcessManager.1@ CProcessManager Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.ProcessManager.1\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.ProcessManager.1\CLSID@ {155C1332-21A6-49AD-88BC-4455E1ED0666}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.RegEdit@ CRegEdit Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.RegEdit\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.RegEdit\CLSID@ {7B8C087F-2E22-49B6-BBB5-8D1ABB70F400}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.RegEdit\CurVer
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.RegEdit\CurVer@ SecurityAwareCOM.RegEdit.1
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.RegEdit.1@ CRegEdit Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.RegEdit.1\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.RegEdit.1\CLSID@ {7B8C087F-2E22-49B6-BBB5-8D1ABB70F400}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.SecurityCenter@ CSecurityCenter Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.SecurityCenter\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.SecurityCenter\CLSID@ {6526F7AB-DF82-4604-8210-479A1610C09E}
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.SecurityCenter\CurVer
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.SecurityCenter\CurVer@ SecurityAwareCOM.SecurityCenter.1
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.SecurityCenter.1@ CSecurityCenter Object
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.SecurityCenter.1\CLSID
Reg HKLM\SOFTWARE\Classes\SecurityAwareCOM.SecurityCenter.1\CLSID@ {6526F7AB-DF82-4604-8210-479A1610C09E}
Reg HKLM\SOFTWARE\Classes\SpaComHandler.RpSoftwareVersion@ RpSoftwareVersion Class
Reg HKLM\SOFTWARE\Classes\SpaComHandler.RpSoftwareVersion\CLSID
Reg HKLM\SOFTWARE\Classes\SpaComHandler.RpSoftwareVersion\CLSID@ {FDA3CE84-8199-40BE-87FE-74C65164A620}
Reg HKLM\SOFTWARE\Classes\SpaComHandler.RpSoftwareVersion\CurVer
Reg HKLM\SOFTWARE\Classes\SpaComHandler.RpSoftwareVersion\CurVer@ SpaComHandler.RpSoftwareVersion.1
Reg HKLM\SOFTWARE\Classes\SpaComHandler.RpSoftwareVersion.1@ RpSoftwareVersion Class
Reg HKLM\SOFTWARE\Classes\SpaComHandler.RpSoftwareVersion.1\CLSID
Reg HKLM\SOFTWARE\Classes\SpaComHandler.RpSoftwareVersion.1\CLSID@ {FDA3CE84-8199-40BE-87FE-74C65164A620}
Reg HKLM\SOFTWARE\Classes\SSubTimer6.CTimer@ SSubTimer6.CTimer
Reg HKLM\SOFTWARE\Classes\SSubTimer6.CTimer\Clsid
Reg HKLM\SOFTWARE\Classes\SSubTimer6.CTimer\Clsid@ {71A27034-C7D8-11D2-BEF8-525400DFB47A}
Reg HKLM\SOFTWARE\Classes\SSubTimer6.GSubclass@ SSubTimer6.GSubclass
Reg HKLM\SOFTWARE\Classes\SSubTimer6.GSubclass\Clsid
Reg HKLM\SOFTWARE\Classes\SSubTimer6.GSubclass\Clsid@ {71A27032-C7D8-11D2-BEF8-525400DFB47A}
Reg HKLM\SOFTWARE\Classes\SSubTimer6.ISubclass@ SSubTimer6.ISubclass
Reg HKLM\SOFTWARE\Classes\SSubTimer6.ISubclass\Clsid
Reg HKLM\SOFTWARE\Classes\SSubTimer6.ISubclass\Clsid@ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridCell@ vbAcceleratorSGrid6.cGridCell
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridCell\Clsid
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridCell\Clsid@ {9BD3A001-42A2-491E-AACA-9512F6CF4CDB}
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridSortObject@ vbAcceleratorSGrid6.cGridSortObject
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridSortObject\Clsid
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridSortObject\Clsid@ {D2129738-6A78-4BCB-915A-412982CAA23D}
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.IGridCellOwnerDraw@ vbAcceleratorSGrid6.IGridCellOwnerDraw
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid@ {DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.vbalGrid@ vbAccelerator Grid Control
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.vbalGrid\Clsid
Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.vbalGrid\Clsid@ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  dds.txt   14.61KB   1 downloads
  • Attached File  ark.txt   42.83KB   0 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:12 PM

Posted 27 January 2012 - 07:40 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 beretzky

beretzky
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 02 February 2012 - 12:48 AM

Thanks for your response. I followed the instructions and here are the logs requested.

ComboFix 12-02-01.01 - Loreta 02/01/2012 23:59:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.436 [GMT -5:00]
Running from: c:\documents and settings\Loreta\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Common Files\Uninstall
c:\windows\EventSystem.log
c:\windows\jestertb.dll
c:\windows\system32\ndisapi.dll
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 00:22 . 2012-02-02 03:55 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-01-24 05:24 . 2012-01-24 05:24 -------- d-----w- c:\documents and settings\Loreta\Application Data\ElevatedDiagnostics
2012-01-12 04:47 . 2012-01-12 04:47 53 ----a-w- c:\windows\DelToolbox.bat
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 21:54 . 2009-04-21 00:43 87608 ----a-w- c:\documents and settings\Loreta\Application Data\inst.exe
2012-01-11 21:54 . 2009-04-21 00:43 47360 ----a-w- c:\documents and settings\Loreta\Application Data\pcouffin.sys
2012-01-11 20:20 . 2011-05-15 23:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 01:39 . 2011-01-11 00:17 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-11-17 01:39 . 2011-01-11 00:17 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-16 14:21 . 2006-02-28 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2006-02-28 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersonalAV
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RogersAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [2/1/2012 7:22 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [2/1/2012 7:22 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx86.sys [1/23/2012 6:20 PM 820344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [7/28/2009 9:53 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 9:53 AM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [2/1/2012 7:22 PM 136312]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2/1/2012 7:22 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/23/2012 11:12 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120201.002\IDSXpx86.sys [2/1/2012 9:34 PM 356280]
S2 gupdate1c9dceae93365cc;Google Update Service (gupdate1c9dceae93365cc);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:40 PM 133104]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 5:18 PM 308656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:40 PM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/20/2009 7:43 PM 47360]
S3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [7/2/2009 1:18 PM 238208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 03:39]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 03:39]
.
2012-02-02 c:\windows\Tasks\User_Feed_Synchronization-{61B055E5-9BF6-4461-AC80-1D4D41C173D3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?6887f6cd497b45e488d1a89967ed7a21
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?6887f6cd497b45e488d1a89967ed7a21
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Loreta\Application Data\Mozilla\Firefox\Profiles\tbk3jt3c.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://ca.msn.com/
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-MSDRV - NetFilter.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-USB Storage Toolbox - c:\program files\USB Disk Win98 Driver\Res.EXE
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
Completion time: 2012-02-02 00:34:54
ComboFix-quarantined-files.txt 2012-02-02 05:34
.
Pre-Run: 9,061,158,912 bytes free
Post-Run: 9,344,176,128 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FC839EBFEAD3C847E9A585A3A89E086B



and the first log:

22:48:29.0953 2632 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
22:48:31.0953 2632 ============================================================
22:48:31.0953 2632 Current date / time: 2012/02/01 22:48:31.0953
22:48:31.0953 2632 SystemInfo:
22:48:31.0953 2632
22:48:31.0953 2632 OS Version: 5.1.2600 ServicePack: 3.0
22:48:31.0953 2632 Product type: Workstation
22:48:31.0953 2632 ComputerName: ADMIN-EAAA50DC9
22:48:31.0953 2632 UserName: Loreta
22:48:31.0953 2632 Windows directory: C:\WINDOWS
22:48:31.0953 2632 System windows directory: C:\WINDOWS
22:48:31.0953 2632 Processor architecture: Intel x86
22:48:31.0953 2632 Number of processors: 1
22:48:31.0953 2632 Page size: 0x1000
22:48:31.0953 2632 Boot type: Normal boot
22:48:31.0953 2632 ============================================================
22:48:37.0531 2632 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:48:37.0546 2632 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:48:37.0562 2632 \Device\Harddisk0\DR0:
22:48:37.0562 2632 MBR used
22:48:37.0562 2632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
22:48:37.0562 2632 \Device\Harddisk1\DR1:
22:48:37.0562 2632 MBR used
22:48:37.0562 2632 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950ECA1
22:48:37.0671 2632 Initialize success
22:48:37.0671 2632 ============================================================
22:48:40.0359 3280 ============================================================
22:48:40.0359 3280 Scan started
22:48:40.0359 3280 Mode: Manual;
22:48:40.0359 3280 ============================================================
22:48:46.0578 3280 Abiosdsk - ok
22:48:47.0078 3280 abp480n5 - ok
22:48:47.0843 3280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:48:47.0859 3280 ACPI - ok
22:48:48.0281 3280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:48:48.0296 3280 ACPIEC - ok
22:48:48.0546 3280 adpu160m - ok
22:48:49.0140 3280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:48:49.0218 3280 aec - ok
22:48:49.0500 3280 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:48:49.0687 3280 AFD - ok
22:48:50.0281 3280 Aha154x - ok
22:48:50.0453 3280 aic78u2 - ok
22:48:50.0640 3280 aic78xx - ok
22:48:50.0796 3280 AliIde - ok
22:48:51.0453 3280 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
22:48:51.0453 3280 AmdK7 - ok
22:48:51.0593 3280 amsint - ok
22:48:51.0718 3280 asc - ok
22:48:52.0281 3280 asc3350p - ok
22:48:52.0671 3280 asc3550 - ok
22:48:52.0984 3280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:48:53.0000 3280 AsyncMac - ok
22:48:53.0390 3280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:48:53.0437 3280 atapi - ok
22:48:54.0015 3280 Atdisk - ok
22:48:54.0312 3280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:48:54.0343 3280 Atmarpc - ok
22:48:54.0875 3280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:48:54.0906 3280 audstub - ok
22:48:55.0796 3280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:48:55.0828 3280 Beep - ok
22:48:56.0812 3280 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx86.sys
22:48:57.0734 3280 BHDrvx86 - ok
22:48:58.0312 3280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:48:58.0359 3280 cbidf2k - ok
22:48:58.0937 3280 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:48:58.0984 3280 CCDECODE - ok
22:48:59.0421 3280 cd20xrnt - ok
22:48:59.0578 3280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:48:59.0671 3280 Cdaudio - ok
22:49:00.0156 3280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:49:00.0171 3280 Cdfs - ok
22:49:00.0765 3280 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:49:00.0828 3280 Cdrom - ok
22:49:01.0140 3280 Changer - ok
22:49:01.0437 3280 CmdIde - ok
22:49:01.0781 3280 Cpqarray - ok
22:49:02.0015 3280 dac2w2k - ok
22:49:02.0171 3280 dac960nt - ok
22:49:02.0890 3280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:49:02.0953 3280 Disk - ok
22:49:03.0218 3280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:49:03.0328 3280 dmboot - ok
22:49:03.0593 3280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:49:03.0671 3280 dmio - ok
22:49:03.0828 3280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:49:03.0859 3280 dmload - ok
22:49:04.0031 3280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:49:04.0046 3280 DMusic - ok
22:49:04.0453 3280 dpti2o - ok
22:49:04.0687 3280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:49:04.0687 3280 drmkaud - ok
22:49:04.0828 3280 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:49:04.0843 3280 eeCtrl - ok
22:49:04.0968 3280 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:49:04.0984 3280 EraserUtilRebootDrv - ok
22:49:05.0171 3280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:49:05.0171 3280 Fastfat - ok
22:49:05.0328 3280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:49:05.0328 3280 Fdc - ok
22:49:05.0453 3280 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
22:49:05.0453 3280 FETNDIS - ok
22:49:05.0593 3280 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
22:49:05.0609 3280 FETNDISB - ok
22:49:05.0796 3280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:49:05.0796 3280 Fips - ok
22:49:05.0968 3280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:49:05.0968 3280 Flpydisk - ok
22:49:06.0125 3280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:49:06.0140 3280 FltMgr - ok
22:49:06.0281 3280 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:49:06.0296 3280 fssfltr - ok
22:49:06.0562 3280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:49:06.0562 3280 Fs_Rec - ok
22:49:06.0703 3280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:49:06.0718 3280 Ftdisk - ok
22:49:06.0875 3280 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:49:06.0875 3280 gameenum - ok
22:49:07.0046 3280 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:49:07.0046 3280 GEARAspiWDM - ok
22:49:07.0218 3280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:49:07.0218 3280 Gpc - ok
22:49:07.0390 3280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:49:07.0390 3280 HidUsb - ok
22:49:07.0500 3280 hpn - ok
22:49:07.0609 3280 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:49:07.0609 3280 HPZid412 - ok
22:49:07.0750 3280 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:49:07.0750 3280 HPZipr12 - ok
22:49:07.0875 3280 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:49:07.0890 3280 HPZius12 - ok
22:49:08.0000 3280 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
22:49:08.0015 3280 HSFHWBS2 - ok
22:49:08.0203 3280 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
22:49:08.0250 3280 HSF_DP - ok
22:49:08.0390 3280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:49:08.0406 3280 HTTP - ok
22:49:08.0656 3280 i2omgmt - ok
22:49:08.0750 3280 i2omp - ok
22:49:08.0953 3280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:49:09.0000 3280 i8042prt - ok
22:49:09.0343 3280 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120201.002\IDSxpx86.sys
22:49:09.0359 3280 IDSxpx86 - ok
22:49:09.0546 3280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:49:09.0593 3280 Imapi - ok
22:49:09.0734 3280 ini910u - ok
22:49:09.0906 3280 IntelIde - ok
22:49:10.0031 3280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:49:10.0031 3280 Ip6Fw - ok
22:49:10.0156 3280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:49:10.0156 3280 IpFilterDriver - ok
22:49:10.0312 3280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:49:10.0312 3280 IpInIp - ok
22:49:10.0468 3280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:49:10.0484 3280 IpNat - ok
22:49:10.0734 3280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:49:10.0734 3280 IPSec - ok
22:49:10.0906 3280 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
22:49:10.0906 3280 irda - ok
22:49:11.0109 3280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:49:11.0109 3280 IRENUM - ok
22:49:11.0281 3280 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
22:49:11.0281 3280 irsir - ok
22:49:11.0500 3280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:49:11.0515 3280 isapnp - ok
22:49:11.0718 3280 JL2005C - ok
22:49:11.0921 3280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:49:11.0937 3280 Kbdclass - ok
22:49:12.0109 3280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:49:12.0125 3280 kmixer - ok
22:49:12.0281 3280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:49:12.0281 3280 KSecDD - ok
22:49:12.0421 3280 lbrtfdc - ok
22:49:12.0640 3280 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
22:49:12.0656 3280 MASPINT - ok
22:49:12.0765 3280 MBAMSwissArmy - ok
22:49:12.0890 3280 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:49:12.0890 3280 mdmxsdk - ok
22:49:13.0046 3280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:49:13.0046 3280 mnmdd - ok
22:49:13.0265 3280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:49:13.0265 3280 Modem - ok
22:49:13.0437 3280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:49:13.0453 3280 Mouclass - ok
22:49:13.0781 3280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:49:13.0843 3280 mouhid - ok
22:49:14.0218 3280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:49:14.0343 3280 MountMgr - ok
22:49:14.0578 3280 mraid35x - ok
22:49:14.0718 3280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:49:14.0734 3280 MRxDAV - ok
22:49:14.0921 3280 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:49:15.0000 3280 MRxSmb - ok
22:49:15.0312 3280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:49:15.0312 3280 Msfs - ok
22:49:15.0500 3280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:49:15.0500 3280 MSKSSRV - ok
22:49:15.0703 3280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:49:15.0703 3280 MSPCLOCK - ok
22:49:15.0875 3280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:49:15.0890 3280 MSPQM - ok
22:49:16.0109 3280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:49:16.0125 3280 mssmbios - ok
22:49:16.0375 3280 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:49:16.0375 3280 MSTEE - ok
22:49:16.0593 3280 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
22:49:16.0609 3280 ms_mpu401 - ok
22:49:16.0750 3280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:49:16.0750 3280 Mup - ok
22:49:17.0062 3280 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:49:17.0078 3280 NABTSFEC - ok
22:49:18.0250 3280 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120201.003\NAVENG.SYS
22:49:18.0250 3280 NAVENG - ok
22:49:18.0906 3280 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120201.003\NAVEX15.SYS
22:49:19.0109 3280 NAVEX15 - ok
22:49:19.0281 3280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:49:19.0281 3280 NDIS - ok
22:49:19.0437 3280 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:49:19.0437 3280 NdisIP - ok
22:49:19.0640 3280 NDISRD - ok
22:49:19.0750 3280 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:49:19.0765 3280 NdisTapi - ok
22:49:20.0000 3280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:49:20.0078 3280 Ndisuio - ok
22:49:20.0250 3280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:49:20.0265 3280 NdisWan - ok
22:49:20.0890 3280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:49:21.0046 3280 NDProxy - ok
22:49:21.0234 3280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:49:21.0234 3280 NetBIOS - ok
22:49:21.0406 3280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:49:21.0406 3280 NetBT - ok
22:49:21.0609 3280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:49:21.0609 3280 Npfs - ok
22:49:21.0859 3280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:49:21.0875 3280 Ntfs - ok
22:49:22.0109 3280 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
22:49:22.0171 3280 NTSIM - ok
22:49:22.0343 3280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:49:22.0343 3280 Null - ok
22:49:22.0500 3280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:49:22.0500 3280 NwlnkFlt - ok
22:49:22.0625 3280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:49:22.0625 3280 NwlnkFwd - ok
22:49:22.0796 3280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:49:22.0796 3280 Parport - ok
22:49:23.0031 3280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:49:23.0031 3280 PartMgr - ok
22:49:23.0234 3280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:49:23.0234 3280 ParVdm - ok
22:49:23.0828 3280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:49:23.0890 3280 PCI - ok
22:49:24.0093 3280 PCIDump - ok
22:49:24.0171 3280 PCIIde - ok
22:49:24.0312 3280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:49:24.0328 3280 Pcmcia - ok
22:49:24.0531 3280 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:49:24.0546 3280 pcouffin - ok
22:49:25.0046 3280 PDCOMP - ok
22:49:25.0125 3280 PDFRAME - ok
22:49:25.0187 3280 PDRELI - ok
22:49:25.0234 3280 PDRFRAME - ok
22:49:25.0562 3280 pepifilter (cec24da7f7dd1758e569019232f49def) C:\WINDOWS\system32\DRIVERS\lv302af.sys
22:49:25.0640 3280 pepifilter - ok
22:49:25.0734 3280 perc2 - ok
22:49:26.0437 3280 perc2hib - ok
22:49:26.0578 3280 PID_08A0 (642bfb100d0a7693355fe01b256e349a) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
22:49:26.0593 3280 PID_08A0 - ok
22:49:26.0750 3280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:49:26.0765 3280 PptpMiniport - ok
22:49:27.0078 3280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:49:27.0078 3280 PSched - ok
22:49:27.0281 3280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:49:27.0281 3280 Ptilink - ok
22:49:27.0406 3280 ql1080 - ok
22:49:27.0562 3280 Ql10wnt - ok
22:49:27.0656 3280 ql12160 - ok
22:49:27.0750 3280 ql1240 - ok
22:49:27.0843 3280 ql1280 - ok
22:49:28.0031 3280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:49:28.0031 3280 RasAcd - ok
22:49:28.0234 3280 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:49:28.0234 3280 Rasirda - ok
22:49:28.0437 3280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:49:28.0437 3280 Rasl2tp - ok
22:49:28.0703 3280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:49:28.0781 3280 RasPppoe - ok
22:49:29.0125 3280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:49:29.0140 3280 Raspti - ok
22:49:29.0687 3280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:49:29.0703 3280 Rdbss - ok
22:49:29.0875 3280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:49:29.0875 3280 RDPCDD - ok
22:49:30.0187 3280 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:49:30.0218 3280 RDPWD - ok
22:49:30.0406 3280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:49:30.0406 3280 redbook - ok
22:49:30.0531 3280 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
22:49:30.0546 3280 RimUsb - ok
22:49:30.0734 3280 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:49:30.0734 3280 RimVSerPort - ok
22:49:30.0906 3280 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:49:30.0906 3280 ROOTMODEM - ok
22:49:31.0078 3280 RPSKT - ok
22:49:31.0203 3280 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
22:49:31.0218 3280 RT73 - ok
22:49:31.0359 3280 RTL8187B (d668006d3f4249d20729ef6da27c916e) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
22:49:31.0359 3280 RTL8187B - ok
22:49:31.0453 3280 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:49:31.0453 3280 SASDIFSV - ok
22:49:31.0593 3280 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:49:31.0609 3280 SASKUTIL - ok
22:49:31.0750 3280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:49:31.0750 3280 Secdrv - ok
22:49:32.0078 3280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:49:32.0078 3280 serenum - ok
22:49:32.0531 3280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:49:32.0546 3280 Serial - ok
22:49:32.0718 3280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:49:32.0734 3280 Sfloppy - ok
22:49:32.0921 3280 Simbad - ok
22:49:33.0265 3280 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:49:33.0375 3280 SLIP - ok
22:49:33.0562 3280 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:49:33.0640 3280 SONYPVU1 - ok
22:49:33.0875 3280 Sparrow - ok
22:49:34.0125 3280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:49:34.0140 3280 splitter - ok
22:49:34.0375 3280 SQTECH905C (2831ce28570a3cc5c079a58a12878760) C:\WINDOWS\system32\Drivers\Capt905c.sys
22:49:34.0375 3280 SQTECH905C - ok
22:49:34.0609 3280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:49:34.0796 3280 sr - ok
22:49:35.0109 3280 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
22:49:35.0140 3280 SRTSP - ok
22:49:35.0390 3280 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
22:49:35.0390 3280 SRTSPX - ok
22:49:35.0687 3280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:49:35.0718 3280 Srv - ok
22:49:36.0093 3280 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:49:36.0109 3280 streamip - ok
22:49:36.0312 3280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:49:36.0328 3280 swenum - ok
22:49:36.0515 3280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:49:36.0515 3280 swmidi - ok
22:49:36.0687 3280 symc810 - ok
22:49:36.0859 3280 symc8xx - ok
22:49:37.0171 3280 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
22:49:37.0203 3280 SymDS - ok
22:49:37.0468 3280 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
22:49:37.0515 3280 SymEFA - ok

22:49:37.0671 3280 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:49:37.0687 3280 SymEvent - ok
22:49:38.0015 3280 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
22:49:38.0015 3280 SymIRON - ok
22:49:38.0640 3280 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
22:49:38.0734 3280 SYMTDI - ok
22:49:38.0906 3280 sym_hi - ok
22:49:39.0078 3280 sym_u3 - ok
22:49:39.0500 3280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:49:39.0531 3280 sysaudio - ok
22:49:39.0765 3280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:49:39.0781 3280 Tcpip - ok
22:49:39.0937 3280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:49:39.0937 3280 TDPIPE - ok
22:49:40.0187 3280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:49:40.0187 3280 TDTCP - ok
22:49:40.0406 3280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:49:40.0437 3280 TermDD - ok
22:49:40.0546 3280 TosIde - ok
22:49:40.0687 3280 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
22:49:40.0687 3280 uagp35 - ok
22:49:41.0140 3280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:49:41.0171 3280 Udfs - ok
22:49:41.0312 3280 ultra - ok
22:49:41.0468 3280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:49:41.0484 3280 Update - ok
22:49:41.0671 3280 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:49:41.0687 3280 USBAAPL - ok
22:49:41.0859 3280 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:49:41.0890 3280 usbaudio - ok
22:49:42.0328 3280 usbbus - ok
22:49:42.0875 3280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:49:43.0062 3280 usbccgp - ok
22:49:43.0484 3280 UsbDiag - ok
22:49:44.0000 3280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:49:44.0093 3280 usbehci - ok
22:49:44.0578 3280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:49:44.0593 3280 usbhub - ok
22:49:45.0031 3280 USBModem - ok
22:49:45.0578 3280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:49:45.0593 3280 usbprint - ok
22:49:46.0171 3280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:49:46.0218 3280 usbscan - ok
22:49:46.0765 3280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:49:46.0875 3280 USBSTOR - ok
22:49:47.0921 3280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:49:47.0953 3280 usbuhci - ok
22:49:48.0484 3280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:49:48.0515 3280 VgaSave - ok
22:49:49.0062 3280 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
22:49:49.0218 3280 viaagp1 - ok
22:49:49.0343 3280 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys
22:49:49.0359 3280 viagfx - ok
22:49:49.0500 3280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:49:49.0500 3280 ViaIde - ok
22:49:49.0718 3280 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINDOWS\system32\drivers\vinyl97.sys
22:49:49.0718 3280 VIAudio - ok
22:49:49.0921 3280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:49:49.0937 3280 VolSnap - ok
22:49:50.0125 3280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:49:50.0140 3280 Wanarp - ok
22:49:50.0250 3280 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:49:50.0281 3280 Wdf01000 - ok
22:49:50.0390 3280 WDICA - ok
22:49:50.0671 3280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:49:50.0671 3280 wdmaud - ok
22:49:50.0859 3280 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
22:49:50.0953 3280 winachsf - ok
22:49:51.0125 3280 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:49:51.0125 3280 WSTCODEC - ok
22:49:51.0250 3280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:49:51.0250 3280 WudfPf - ok
22:49:51.0359 3280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:49:51.0359 3280 WudfRd - ok
22:49:51.0390 3280 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:49:51.0578 3280 \Device\Harddisk0\DR0 - ok
22:49:51.0578 3280 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:49:51.0593 3280 \Device\Harddisk1\DR1 - ok
22:49:51.0593 3280 Boot (0x1200) (2b3832ddadfdbf7c57a0a46b62ee91ad) \Device\Harddisk0\DR0\Partition0
22:49:51.0593 3280 \Device\Harddisk0\DR0\Partition0 - ok
22:49:51.0593 3280 Boot (0x1200) (654f7b1e7a56ae7ab9ffa20ec0b717c4) \Device\Harddisk1\DR1\Partition0
22:49:51.0593 3280 \Device\Harddisk1\DR1\Partition0 - ok
22:49:51.0593 3280 ============================================================
22:49:51.0593 3280 Scan finished
22:49:51.0593 3280 =======================================
22:49:51.0593 1224 Detected object count: 0
22:49:51.0593 1224 Actual detected object count: 0


Hope this helps!

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:12 PM

Posted 02 February 2012 - 04:49 PM

Hi

see if you are able to install Malwarebytes now


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



If you are still unable to install Malwarebytes, then continue on with the ESET scan, then run the following:

  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\WINDOWS).
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste or attach the content of it in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 beretzky

beretzky
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 06 February 2012 - 11:13 PM

Hi,
It seems mbam has downloaded, but everytime I go to start it I get the following:

run time error 339
component 'vbalsgrid6.ocx" or one of its dependencies not correctly registered: a file is missing or invalid.

#6 beretzky

beretzky
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 06 February 2012 - 11:17 PM

I couldn't get the zip file Junction to work. It read:

junction is not recognized as an internal or external command operable program or batch file. here is the esetscan as requested:

C:\Documents and Settings\Loreta\Application Data\AVG\Rescue\PC Tuneup 2011\101019003117578.rsc multiple threats
C:\Documents and Settings\Loreta\My Documents\Downloads\frostwire-4.21.1.windows.exe Win32/OpenCandy application
C:\Documents and Settings\Loreta\My Documents\My Videos\frostwire-4.21.3.windows.exe Win32/OpenCandy application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:12 PM

Posted 07 February 2012 - 06:27 PM

Hi,

Please make sure that junction is saved to the c:\windows folder or else it wont work

follow these steps to completely uninstall MBAM then re-install it


If you are having any problems with Malwarebytes' Anti-Malware protection please do the following.
  • Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  • Restart your computer (very important).
  • Download and run this utility.
  • It will ask to restart your computer (please allow it to).
  • After the computer restarts, install the latest version from here.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:12 PM

Posted 19 February 2012 - 06:29 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users