Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Crypt.ANVH but wont go away


  • This topic is locked This topic is locked
29 replies to this topic

#1 BigAl07

BigAl07

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 January 2012 - 11:07 AM

Trojan horse Crypt.ANVH

I'm trying to help a friend on his computer. He had this same (or verryyyy similar) problem a couple of months ago and formatted his HDD to get rid of it. Monday morning he called and it's starting all over again. It has an occasional "beep" like a file is completed downloading or something like that. Also he's unable to connect to any remote drives anymore.

I have some log files I can post up:

HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:38:19 AM, on 1/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\postgres\bin\pg_ctl.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
c:\csremote38\WEB-INF\classes\CSEntService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\apache-tomcat-6.0.18\bin\tomcat6.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\WINDOWS\system32\java.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\20-20 Technologies\2020Design\mswin\60\scbar.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Jeffs Files\aswMBR.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = C:\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = C:\3apps\Catapult\Sched.exe
O4 - Global Startup: 20-20 Shortcut Bar.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hbs.local
O17 - HKLM\Software\..\Telephony: DomainName = hbs.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{521D8BF7-4FC3-48A3-B38A-2981F0BD13BA}: NameServer = 192.168.1.135,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hbs.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: CS-Enterprise Application Server Service (CSEntService) - Unknown owner - c:\csremote38\WEB-INF\classes\CSEntService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\postgres\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\apache-tomcat-6.0.18\bin\tomcat6.exe

--
End of file - 7920 bytes

Checkup TXT
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG 2012
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java™ SE Development Kit 6 Update 10
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

fss txt
Farbar Service Scanner Version: 18-01-2012 01
Ran by jcarver (administrator) on 25-01-2012 at 09:31:19
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Mini Toolbox Results
MiniToolBox by Farbar Version: 18-01-2012
Ran by jcarver (administrator) on 25-01-2012 at 09:34:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.1.123 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.253 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.1.135 register=PRIMARY
add dns name="Local Area Connection" addr=205.152.132.23 index=2
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : cabinet1

Primary Dns Suffix . . . . . . . : hbs.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hbs.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1E-C9-2C-82-81

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.123

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.253

DNS Servers . . . . . . . . . . . : 192.168.1.135

205.152.132.23

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: hbssrv.hbs.local
Address: 192.168.1.135

DNS request timed out.
timeout was 2 seconds.


Pinging google.com [74.125.47.103] with 32 bytes of data:



Reply from 74.125.47.103: bytes=32 time=22ms TTL=49

Reply from 74.125.47.103: bytes=32 time=19ms TTL=49



Ping statistics for 74.125.47.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 22ms, Average = 20ms

Server: hbssrv.hbs.local
Address: 192.168.1.135

DNS request timed out.
timeout was 2 seconds.


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=523ms TTL=43

Reply from 98.139.180.149: bytes=32 time=759ms TTL=43



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 523ms, Maximum = 759ms, Average = 641ms

Server: hbssrv.hbs.local
Address: 192.168.1.135

DNS request timed out.
timeout was 2 seconds.


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e c9 2c 82 81 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.253 192.168.1.123 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.123 192.168.1.123 20
192.168.1.123 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.123 192.168.1.123 20
224.0.0.0 240.0.0.0 192.168.1.123 192.168.1.123 20
255.255.255.255 255.255.255.255 192.168.1.123 192.168.1.123 1
Default Gateway: 192.168.1.253
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/25/2012 09:16:43 AM) (Source: Userenv) (User: jcarver)jcarver
Description: Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Error: (01/25/2012 09:16:43 AM) (Source: Userenv) (User: jcarver)jcarver
Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=hbs,DC=local. The file must be present at the location <\\hbs.local\sysvol\hbs.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error: (01/25/2012 08:23:20 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Error: (01/25/2012 08:23:20 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=hbs,DC=local. The file must be present at the location <\\hbs.local\sysvol\hbs.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error: (01/25/2012 07:50:23 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/25/2012 07:50:00 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/25/2012 07:36:07 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/25/2012 07:36:05 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/25/2012 07:36:04 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/25/2012 07:35:50 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (01/25/2012 07:50:00 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.504.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/25/2012 07:36:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.504.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/25/2012 07:35:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.504.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/24/2012 03:37:12 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (01/24/2012 02:37:12 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (01/24/2012 02:07:11 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (01/24/2012 01:53:28 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Error: (01/24/2012 01:53:28 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (01/24/2012 01:52:36 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain HBS due to the following:
%%1722.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (01/24/2012 01:52:11 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (01/25/2012 09:16:43 AM) (Source: Userenv)(User: jcarver)jcarver
Description:

Error: (01/25/2012 09:16:43 AM) (Source: Userenv)(User: jcarver)jcarver
Description: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=hbs,DC=local\\hbs.local\sysvol\hbs.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniThe network location cannot be reached. For information about network troubleshooting, see Windows Help.

Error: (01/25/2012 08:23:20 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description:

Error: (01/25/2012 08:23:20 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=hbs,DC=local\\hbs.local\sysvol\hbs.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniThe network location cannot be reached. For information about network troubleshooting, see Windows Help.

Error: (01/25/2012 07:50:23 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/25/2012 07:50:00 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/25/2012 07:36:07 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/25/2012 07:36:05 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/25/2012 07:36:04 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/25/2012 07:35:50 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL


=========================== Installed Programs ============================

20-20 Design Version 9.0 (Version: 9.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1873)
AVG 2012 (Version: 12.0.1890)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.2109)
AVG 2012 (Version: 2012.0.1901)
Broadcom Gigabit Integrated Controller (Version: 10.50.03)
BufferChm (Version: 70.0.170.000)
Client Activator 2.0 - English
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
DeviceManagementQFolder (Version: 1.00.0000)
Eagle for Windows
Harmony 3.80.164 (Version: 3.80.164)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0 Software (Version: 7.1)
hph_software_req (Version: 70.0.260.000)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ SE Development Kit 6 Update 10 (Version: 1.6.0.100)
LogMeIn (Version: 4.1.1890)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NVIDIA Drivers (Version: 1.4)
NVIDIA nView Desktop Manager (Version: 125.14)
NVIDIA Performance Drivers (Version: 2.0.0.18)
PostgreSQL 8.2 (Version: 8.2)
PowerDVD (Version: 8.0)
QuickTime (Version: 7.71.80.42)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Sentinel Protection Installer 7.5.0 (Version: 7.5.0)
SoundMAX (Version: 5.10.01.7270)
Toolbox (Version: 70.0.170.000)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3325.54 MB
Available physical RAM: 1999.27 MB
Total Pagefile: 7255.03 MB
Available Pagefile: 5615.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.44 GB) (Free:51.76 GB) NTFS

========================= Users: ========================================

User accounts for \\CABINET1

Administrator Guest HelpAssistant
LogMeInRemoteUser postgres SUPPORT_388945a0
user


**** End of log ****


aswMBR TXT
aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-25 09:35:33
-----------------------------
09:35:33.572 OS Version: Windows 5.1.2600 Service Pack 3
09:35:33.572 Number of processors: 2 586 0x1706
09:35:33.572 ComputerName: CABINET1 UserName: jcarver
09:35:34.260 Initialize success
09:47:35.107 AVAST engine defs: 12012500
09:48:03.576 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:48:03.576 Disk 0 Vendor: ST380815 4.AD Size: 76293MB BusType: 3
09:48:03.576 Disk 0 MBR read successfully
09:48:03.576 Disk 0 MBR scan
09:48:03.623 Disk 0 Windows XP default MBR code
09:48:03.623 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
09:48:03.654 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 112455
09:48:03.670 Disk 0 scanning sectors +156232125
09:48:03.748 Disk 0 scanning C:\WINDOWS\system32\drivers
09:48:17.123 Service scanning
09:48:17.467 Service MpKsl4c83c706 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B3BC494-AD6C-4DE1-95AF-E16AD368EF8F}\MpKsl4c83c706.sys **LOCKED** 32
09:48:18.030 Modules scanning
09:48:21.780 Disk 0 trace - called modules:
09:48:21.780
09:48:22.139 AVAST engine scan C:\WINDOWS
09:48:30.264 AVAST engine scan C:\WINDOWS\system32
09:50:43.471 AVAST engine scan C:\WINDOWS\system32\drivers
09:50:58.752 AVAST engine scan C:\Documents and Settings\jcarver
09:52:50.521 AVAST engine scan C:\Documents and Settings\All Users
09:53:37.913 Scan finished successfully
10:01:31.519 Disk 0 MBR has been saved successfully to "C:\Jeffs Files\MBR.dat"
10:01:31.519 The log file has been saved successfully to "C:\Jeffs Files\aswMBR.txt"


MalwareBytes Scan
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jcarver :: CABINET1 [administrator]

1/25/2012 10:03:39 AM
mbam-log-2012-01-25 (10-03-39).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 332056
Time elapsed: 50 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


History from MS Security Essentials
MS Security Essentials

1/24/2012
TrojanDropper:Win32/Sirefer.B
SEVERE - Removed
Category: Trojan Dropper

Description: This program is dangerous and installs other programs.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
containerfile:C:\WINDOWS\system32\drivers\netbt.sys
file:C:\WINDOWS\system32\drivers\netbt.sys->[Obfuscator.PN]

1/24/2012
Exploir:Java/CVE-201103544.U
SEVERE - Removed
Category: Exploit

Description: This program is dangerous and exploits the computer on which it is run.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
containerfile:C:\WINDOWS\Temp\jar_cache1291939392910036284.tmp
file:C:\WINDOWS\Temp\jar_cache1291939392910036284.tmp->abcred.class

1/25/2012
Exploit:Java/Blacole.DF
SEVERE - Removed
Category: Exploit

Description: This program is dangerous and exploits the computer on which it is run.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
containerfile:C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\13\296ba84d-72261275
file:C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\13\296ba84d-72261275->Update.class

Edited by boopme, 25 January 2012 - 05:06 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 29 January 2012 - 02:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BigAl07

BigAl07
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 January 2012 - 09:02 AM

Thank you Gringo for looking at my logs. I've followed the instructions and here are the reports/logs from each item:

DDS Log
dds_txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by jcarver at 8:50:27 on 2012-01-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2137 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\postgres\bin\pg_ctl.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
c:\csremote38\WEB-INF\classes\CSEntService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\apache-tomcat-6.0.18\bin\tomcat6.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\WINDOWS\system32\java.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\postgres\bin\postgres.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\20-20 Technologies\2020Design\mswin\60\scbar.exe
C:\postgres\bin\postgres.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\jcarver\startm~1\programs\startup\eaglel~1.lnk - c:\3apps\catapult\3listen.exe
StartupFolder: c:\docume~1\jcarver\startm~1\programs\startup\eagles~1.lnk - c:\3apps\catapult\Sched.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\20-20s~1.lnk - c:\program files\20-20 technologies\2020design\mswin\60\scbar.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1322941174875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{521D8BF7-4FC3-48A3-B38A-2981F0BD13BA} : NameServer = 192.168.1.135,205.152.132.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: LMIinit - LMIinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jcarver\application data\mozilla\firefox\profiles\dofbysyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsldc59c208;MpKsldc59c208;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b3bc494-ad6c-4de1-95af-e16ad368ef8f}\MpKsldc59c208.sys [2012-1-29 29904]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CSEntService;CS-Enterprise Application Server Service;c:\csremote38\web-inf\classes\CSEntService.exe [2011-12-5 49152]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-3 47640]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-5-14 4440064]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\postgres\bin\pg_ctl.exe runservice -w -n "pgsql-8.2" -d "c:\postgres\data\" --> c:\postgres\bin\pg_ctl.exe runservice -w -N pgsql-8.2 [?]
R2 Tomcat6;Apache Tomcat;c:\apache-tomcat-6.0.18\bin\tomcat6.exe [2008-7-22 57344]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
chm.file=c:\windows\HH.exe %1
.
=============== Created Last 30 ================
.
2012-01-29 07:02:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b3bc494-ad6c-4de1-95af-e16ad368ef8f}\offreg.dll
2012-01-29 07:02:04 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b3bc494-ad6c-4de1-95af-e16ad368ef8f}\MpKsldc59c208.sys
2012-01-25 14:37:36 388096 ----a-r- c:\documents and settings\jcarver\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-25 14:37:35 -------- d-----w- c:\program files\Trend Micro
2012-01-25 14:27:04 -------- d-----w- C:\Jeffs Files
2012-01-24 18:45:32 -------- d-----w- c:\documents and settings\jcarver\local settings\application data\Citrix
2012-01-24 18:45:30 103720 ----a-w- c:\documents and settings\jcarver\GoToAssistDownloadHelper.exe
2012-01-24 18:39:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-24 18:39:28 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-01-24 18:39:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-24 18:32:16 -------- d-----w- c:\windows\system32\appmgmt
2012-01-24 17:19:17 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b3bc494-ad6c-4de1-95af-e16ad368ef8f}\mpengine.dll
2012-01-11 19:13:47 -------- d-----w- c:\documents and settings\jcarver\local settings\application data\Amazon
2012-01-11 19:13:36 -------- d-----w- c:\program files\Amazon
2012-01-11 12:16:45 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-11 12:16:45 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-11 12:16:45 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-11 12:16:45 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-16 20:02:43 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-16 20:02:43 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-12-16 20:02:42 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-16 20:02:42 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 13:57:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 8:50:45.71 ===============

dds_attach_txt (says to attach unless specifically instructed to post and I'm going by your explicit instructions to post it here)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/3/2011 11:58:31 AM
System Uptime: 1/25/2012 1:34:11 PM (115 hours ago)
.
Motherboard: Dell Inc. | | 0TP412
Processor: Intel Pentium III Xeon processor | CPU | 2660/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 51.58 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 12/3/2011 1:32:55 PM - System Checkpoint
RP2: 12/3/2011 1:39:45 PM - Installed Broadcom Gigabit Integrated Controller.
RP3: 12/3/2011 1:55:34 PM - Installed Windows Installer KB893803v2.
RP4: 12/3/2011 2:02:41 PM - Installed Windows XP KB921411.
RP5: 12/3/2011 2:07:11 PM - Installed Microsoft Office Professional Edition 2003
RP6: 12/3/2011 2:18:34 PM - Installed Windows XP Service Pack 3.
RP7: 12/3/2011 2:28:15 PM - Installed Windows Internet Explorer 8.
RP8: 12/3/2011 2:33:06 PM - Installed SoundMAX
RP9: 12/3/2011 2:33:09 PM - Installed SoundMAX
RP10: 12/3/2011 2:42:38 PM - Software Distribution Service 3.0
RP11: 12/3/2011 2:47:55 PM - Software Distribution Service 3.0
RP12: 12/3/2011 3:01:10 PM - Installed LogMeIn
RP13: 12/4/2011 2:13:59 PM - Software Distribution Service 3.0
RP14: 12/4/2011 2:15:58 PM - Software Distribution Service 3.0
RP15: 12/5/2011 7:39:09 AM - Installed AVG 2012
RP16: 12/5/2011 7:39:22 AM - Installed AVG 2012
RP17: 12/5/2011 8:20:47 AM - Installed Adobe Reader X (10.1.1).
RP18: 12/5/2011 8:46:35 AM - Installed Sentinel Protection Installer 7.5.0
RP19: 12/5/2011 8:48:50 AM - Installed Windows KB954550-v5.
RP20: 12/5/2011 8:48:55 AM - Printer Driver Microsoft XPS Document Writer Installed
RP21: 12/5/2011 8:51:44 AM - Printer Driver Microsoft XPS Document Writer Installed
RP22: 12/5/2011 9:11:26 AM - Installed QuickTime
RP23: 12/5/2011 9:14:55 AM - Installed 20-20 Design Version 9.0
RP24: 12/5/2011 10:02:51 AM - Installed Install Manufacturer Catalogs
RP25: 12/5/2011 10:18:56 AM - Installed PostgreSQL 8.2
RP26: 12/5/2011 10:45:44 AM - Software Distribution Service 3.0
RP27: 12/6/2011 3:00:13 AM - Software Distribution Service 3.0
RP28: 12/6/2011 10:09:42 AM - Software Distribution Service 3.0
RP29: 12/7/2011 3:00:14 AM - Software Distribution Service 3.0
RP30: 12/7/2011 10:05:02 AM - Software Distribution Service 3.0
RP31: 12/8/2011 3:00:21 AM - Software Distribution Service 3.0
RP32: 12/8/2011 10:04:58 AM - Software Distribution Service 3.0
RP33: 12/9/2011 10:04:16 AM - Software Distribution Service 3.0
RP34: 12/10/2011 10:04:32 AM - Software Distribution Service 3.0
RP35: 12/11/2011 1:40:17 AM - Software Distribution Service 3.0
RP36: 12/11/2011 10:04:44 AM - Software Distribution Service 3.0
RP37: 12/12/2011 10:04:58 AM - Software Distribution Service 3.0
RP38: 12/13/2011 10:04:51 AM - Software Distribution Service 3.0
RP39: 12/14/2011 3:00:16 AM - Software Distribution Service 3.0
RP40: 12/15/2011 3:23:16 AM - System Checkpoint
RP41: 12/15/2011 3:24:58 AM - Software Distribution Service 3.0
RP42: 12/16/2011 3:24:34 AM - Software Distribution Service 3.0
RP43: 12/17/2011 3:24:53 AM - Software Distribution Service 3.0
RP44: 12/18/2011 2:29:56 AM - Software Distribution Service 3.0
RP45: 12/19/2011 2:47:22 AM - System Checkpoint
RP46: 12/19/2011 3:24:40 AM - Software Distribution Service 3.0
RP47: 12/19/2011 7:17:18 AM - Printer Driver LogMeIn Printer Driver Installed
RP48: 12/19/2011 7:22:10 AM - Installed Compatibility Pack for the 2007 Office system
RP49: 12/20/2011 7:45:48 AM - System Checkpoint
RP50: 12/21/2011 4:23:25 PM - System Checkpoint
RP51: 12/22/2011 4:45:52 PM - System Checkpoint
RP52: 12/23/2011 5:45:53 PM - System Checkpoint
RP53: 12/24/2011 6:45:54 PM - System Checkpoint
RP54: 12/25/2011 6:51:34 PM - System Checkpoint
RP55: 12/26/2011 7:09:57 PM - System Checkpoint
RP56: 12/27/2011 7:45:59 PM - System Checkpoint
RP57: 12/28/2011 8:45:59 PM - System Checkpoint
RP58: 12/29/2011 9:46:01 PM - System Checkpoint
RP59: 12/30/2011 10:46:02 PM - System Checkpoint
RP60: 1/1/2012 12:10:04 AM - System Checkpoint
RP61: 1/2/2012 12:14:13 AM - System Checkpoint
RP62: 1/3/2012 12:21:12 AM - System Checkpoint
RP63: 1/4/2012 12:46:07 AM - System Checkpoint
RP64: 1/5/2012 1:46:09 AM - System Checkpoint
RP65: 1/6/2012 2:46:10 AM - System Checkpoint
RP66: 1/7/2012 3:46:12 AM - System Checkpoint
RP67: 1/8/2012 3:46:13 AM - System Checkpoint
RP68: 1/9/2012 5:29:23 AM - System Checkpoint
RP69: 1/10/2012 5:46:16 AM - System Checkpoint
RP70: 1/11/2012 6:46:17 AM - System Checkpoint
RP71: 1/12/2012 4:24:16 PM - System Checkpoint
RP72: 1/13/2012 4:24:31 PM - System Checkpoint
RP73: 1/14/2012 4:37:30 PM - System Checkpoint
RP74: 1/15/2012 6:13:31 PM - System Checkpoint
RP75: 1/16/2012 6:37:32 PM - System Checkpoint
RP76: 1/17/2012 7:37:33 PM - System Checkpoint
RP77: 1/18/2012 8:37:35 PM - System Checkpoint
RP78: 1/19/2012 9:36:27 PM - System Checkpoint
RP79: 1/20/2012 3:30:16 PM - Installed Java™ 6 Update 30
RP80: 1/23/2012 1:02:14 PM - System Checkpoint
RP81: 1/24/2012 1:34:11 PM - Removed Java™ 6 Update 16
RP82: 1/24/2012 1:38:58 PM - Installed Java™ 6 Update 30
RP83: 1/25/2012 9:37:35 AM - Installed HiJackThis
RP84: 1/26/2012 2:39:01 PM - System Checkpoint
RP85: 1/27/2012 4:25:52 PM - System Checkpoint
RP86: 1/28/2012 4:39:17 PM - System Checkpoint
RP87: 1/29/2012 6:00:02 PM - System Checkpoint
.
==== Installed Programs ======================
.
20-20 Design Version 9.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Apple Application Support
Apple Software Update
AVG 2012
Broadcom Gigabit Integrated Controller
BufferChm
Client Activator 2.0 - English
Compatibility Pack for the 2007 Office system
DeviceManagementQFolder
Eagle for Windows
Harmony 3.80.164
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
hph_software_req
Java Auto Updater
Java™ 6 Update 30
Java™ SE Development Kit 6 Update 10
LogMeIn
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
PostgreSQL 8.2
PowerDVD
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sentinel Protection Installer 7.5.0
SoundMAX
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/29/2012 2:00:28 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/29/2012 1:45:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/29/2012 1:40:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/28/2012 1:45:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/28/2012 1:40:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/27/2012 1:45:28 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/27/2012 1:40:28 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/26/2012 1:45:27 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/26/2012 1:40:27 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/25/2012 7:50:00 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/25/2012 7:36:05 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/25/2012 7:35:49 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/25/2012 11:04:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/25/2012 11:03:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm MpFilter
1/25/2012 11:02:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/25/2012 11:01:18 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/25/2012 1:45:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.504.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/24/2012 12:19:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.90.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/24/2012 1:17:22 PM, error: Service Control Manager [7034] - The CS-Enterprise Application Server Service service terminated unexpectedly. It has done this 2 time(s).
1/23/2012 9:07:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.90.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/23/2012 8:55:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/23/2012 12:23:20 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.90.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/23/2012 12:20:55 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.90.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
1/23/2012 12:15:40 PM, error: Service Control Manager [7034] - The CS-Enterprise Application Server Service service terminated unexpectedly. It has done this 1 time(s).
1/23/2012 12:15:40 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
1/23/2012 12:15:40 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
1/23/2012 12:15:33 PM, error: NETLOGON [5719] - No Domain Controller is available for domain HBS due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/23/2012 12:13:19 PM, error: NETLOGON [5719] - No Domain Controller is available for domain HBS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/23/2012 11:44:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.90.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================

Rookit Unhook Report
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6A9E000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 7745536 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 190.38 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 5844992 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 190.38 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAB326000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 851968 bytes
0xB7E53000 iastor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB7D65000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAB455000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6926000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAB559000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAE432000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 360448 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xAACF0000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD5A5000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAB512000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAA844000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAB41E000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 225280 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB6984000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAAE75000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D38000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB6A13000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xAB4C5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6A3E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAB5E5000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA44F6000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAE40E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6A66000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB69DC000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAB4F0000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAAB90000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB7E1B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D1E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7E3B000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7DF2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB69C5000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAAE38000 C:\WINDOWS\System32\Drivers\SENTINEL.SYS 86016 bytes (SafeNet, Inc., Sentinel System Driver (NT Parallel driver))
0xAAB53000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB69FF000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB6A8A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAB5B2000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7E09000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB69B4000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAF8EE000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB82A8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8288000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB1346000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB3F2B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB1356000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB8268000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 53248 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB82C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB82E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB4886000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8298000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB3859000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xB1366000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8308000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAAAA0000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB3F1B000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8278000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB82F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB4896000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB80F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB4846000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8330000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xB8370000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xAFBA9000 C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS 32768 bytes (SafeNet, Inc., Sentinel System USB Driver)
0xB84B0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB83F8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xB8358000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB84A0000 C:\DOCUME~1\jcarver\LOCALS~1\Temp\mbr.sys 28672 bytes
0xB83B0000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB8398000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB8418000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8420000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB83B8000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B3BC494-AD6C-4DE1-95AF-E16AD368EF8F}\MpKsldc59c208.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xB83F0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB8360000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB3425000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB8368000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8408000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8410000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8400000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB33FD000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB84BC000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xAB816000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7CA5000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAB092000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7CC9000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAADB0000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAF799000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAB81E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAB812000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7CC1000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7CA1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB85CE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB8630000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB85D0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB861C000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB862C000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xB85D2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85CA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8628000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB87A9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB868C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB87A8000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xB86A7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================



Thanks for your help. I'll be watching for replies.
Allen

Edited by BigAl07, 30 January 2012 - 09:03 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 30 January 2012 - 12:18 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BigAl07

BigAl07
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 January 2012 - 02:30 PM

Ok I've done as requested and it did find (does find) a rootkit. It comes up with "ComboFix - ZeroAccess" warning screen that states:

"You are infected with Rookit.ZeroAccess! It has inserted itself into the tcp/ip stack.This is a particularly difficult infection.

If for any reason that you're unable to connect to the internet after running ComboFix, reboot once and see if that fixes it.

If it's not fixed, run ComboFix one more time"



Then after clicking "OK" it resumes the scan and in about 2 minutes pops up "Warning: you are infected with a Rootkit... ComboFix needs to restart your computer"

Upon restarting during the initial start-up (as soon as the Windows Desktop is visible but no icons etc) the CMD screen pops up again stating:

"Please wait. ComboFix is preparing to run"

It's been there for over an hour with no change what so ever. Do we just leave it and wait to see what happens over night or what do you suggest?

Thanks in advance,
Allen

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 30 January 2012 - 03:00 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BigAl07

BigAl07
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 January 2012 - 03:28 PM

Ok that did the trick. It had to reboot 3 different time (each one back into Safe Mode). After the final time when it was complete and the LOG popped up I went ahead and left it in Safe Mode just for good measure.

ComboFix Log
ComboFix 12-01-30.02 - jcarver 01/30/2012 15:15:01.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3034 [GMT -5:00]
Running from: c:\jeffs files\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jcarver\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 18:06 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1BAECBC-CE43-4BF9-A6E6-4EE5A80128D0}\mpengine.dll
2012-01-25 14:37 . 2012-01-25 14:37 388096 ----a-r- c:\documents and settings\jcarver\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-25 14:37 . 2012-01-25 14:37 -------- d-----w- c:\program files\Trend Micro
2012-01-25 14:27 . 2012-01-30 17:45 -------- d-----w- C:\Jeffs Files
2012-01-24 18:45 . 2012-01-24 18:45 -------- d-----w- c:\documents and settings\jcarver\Local Settings\Application Data\Citrix
2012-01-24 18:39 . 2012-01-24 18:39 -------- d-----w- c:\program files\Common Files\Java
2012-01-24 18:39 . 2012-01-24 18:39 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-24 18:39 . 2012-01-24 18:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-24 18:39 . 2012-01-24 18:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-11 19:13 . 2012-01-11 19:13 -------- d-----w- c:\documents and settings\jcarver\Local Settings\Application Data\Amazon
2012-01-11 19:13 . 2012-01-23 15:20 -------- d-----w- c:\program files\Amazon
2012-01-11 12:16 . 2012-01-11 12:16 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-11 12:16 . 2012-01-11 12:16 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-11 12:16 . 2012-01-11 12:16 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-11 12:16 . 2012-01-11 12:16 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2011-12-06 15:09 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2011-12-04 19:13 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-16 20:02 . 2011-12-03 20:01 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-16 20:02 . 2011-12-03 20:01 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-16 20:02 . 2011-12-03 20:01 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-16 20:02 . 2011-12-03 20:01 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-10 20:24 . 2011-12-19 14:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 13:57 . 2011-12-05 13:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-04 05:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-03-03 22:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec
2012-01-11 12:16 . 2011-12-05 12:29 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-01-08 1044480]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\jcarver\Start Menu\Programs\Startup\
Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2011-12-6 573440]
Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2011-12-6 745472]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
20-20 Shortcut Bar.lnk - c:\program files\20-20 Technologies\2020Design\mswin\60\scbar.exe [2011-12-5 143360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-16 20:02 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 CSEntService;CS-Enterprise Application Server Service;c:\csremote38\WEB-INF\classes\CSEntService.exe [12/5/2011 10:16 AM 49152]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/26/2011 6:15 PM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [5/14/2009 9:01 AM 4440064]
S2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\postgres\bin\pg_ctl.exe runservice -w -N "pgsql-8.2" -D "c:\postgres\data\" --> c:\postgres\bin\pg_ctl.exe runservice -w -N pgsql-8.2 [?]
S2 Tomcat6;Apache Tomcat;c:\apache-tomcat-6.0.18\bin\tomcat6.exe [7/22/2008 2:01 AM 57344]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-01-30 c:\windows\Tasks\User_Feed_Synchronization-{D0A73DB3-BDAC-447D-BAFB-AD55F29CEEAF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2012-01-30 c:\windows\Tasks\User_Feed_Synchronization-{ECFA5014-BA27-4D99-B188-6F32FC27C28B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.197.96.15 216.235.190.1 66.169.79.204
TCP: Interfaces\{521D8BF7-4FC3-48A3-B38A-2981F0BD13BA}: NameServer = 192.168.1.135,205.152.132.23
FF - ProfilePath - c:\documents and settings\jcarver\Application Data\Mozilla\Firefox\Profiles\dofbysyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-30 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2012-01-30 15:26:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 20:26
.
Pre-Run: 55,311,065,088 bytes free
Post-Run: 56,405,180,416 bytes free
.
- - End Of File - - 02CED88841533FC46362D002A53EC32C

#8 BigAl07

BigAl07
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 January 2012 - 03:34 PM

One thing to note is that this computer can get onto the Internet but he can't access a networked drive from it. I assume it has something to do with the file
C:\WINDOWS\system32\Drivers\netbt.sys was initially infected and probably hosed now.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 30 January 2012 - 04:18 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 BigAl07

BigAl07
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 January 2012 - 04:27 PM

That was a FAST one:

FSS Scan
Farbar Service Scanner Version: 18-01-2012 01
Ran by jcarver (administrator) on 30-01-2012 at 16:28:07
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(9) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Gringo I'm still running this machine in SAFE MODE. Did you want that scan in NORMAL mode?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 30 January 2012 - 04:52 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 BigAl07

BigAl07
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 31 January 2012 - 08:17 AM

Wow! That was a fast scan (Still in SAFE Mode)


TDSSKiller Replort
08:17:38.0421 1856 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
08:17:38.0953 1856 ============================================================
08:17:38.0953 1856 Current date / time: 2012/01/31 08:17:38.0953
08:17:38.0953 1856 SystemInfo:
08:17:38.0953 1856
08:17:38.0953 1856 OS Version: 5.1.2600 ServicePack: 3.0
08:17:38.0953 1856 Product type: Workstation
08:17:38.0953 1856 ComputerName: CABINET1
08:17:38.0953 1856 UserName: jcarver
08:17:38.0953 1856 Windows directory: C:\WINDOWS
08:17:38.0953 1856 System windows directory: C:\WINDOWS
08:17:38.0953 1856 Processor architecture: Intel x86
08:17:38.0953 1856 Number of processors: 2
08:17:38.0953 1856 Page size: 0x1000
08:17:38.0953 1856 Boot type: Safe boot with network
08:17:38.0953 1856 ============================================================
08:17:39.0187 1856 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:17:39.0203 1856 \Device\Harddisk0\DR0:
08:17:39.0203 1856 MBR used
08:17:39.0203 1856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x94E3276
08:17:39.0234 1856 Initialize success
08:17:39.0234 1856 ============================================================
08:17:45.0515 1068 ============================================================
08:17:45.0515 1068 Scan started
08:17:45.0515 1068 Mode: Manual;
08:17:45.0515 1068 ============================================================
08:17:46.0890 1068 Abiosdsk - ok
08:17:46.0906 1068 abp480n5 - ok
08:17:46.0968 1068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:17:46.0968 1068 ACPI - ok
08:17:47.0000 1068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:17:47.0000 1068 ACPIEC - ok
08:17:47.0046 1068 ADIHdAudAddService (54613c0cab4c452c852efafb97a8a0e9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:17:47.0062 1068 ADIHdAudAddService - ok
08:17:47.0062 1068 adpu160m - ok
08:17:47.0109 1068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:17:47.0109 1068 aec - ok
08:17:47.0171 1068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:17:47.0171 1068 AFD - ok
08:17:47.0171 1068 Aha154x - ok
08:17:47.0187 1068 aic78u2 - ok
08:17:47.0203 1068 aic78xx - ok
08:17:47.0218 1068 AliIde - ok
08:17:47.0234 1068 amsint - ok
08:17:47.0250 1068 asc - ok
08:17:47.0265 1068 asc3350p - ok
08:17:47.0281 1068 asc3550 - ok
08:17:47.0359 1068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:17:47.0359 1068 AsyncMac - ok
08:17:47.0406 1068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
08:17:47.0406 1068 atapi - ok
08:17:47.0421 1068 Atdisk - ok
08:17:47.0468 1068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:17:47.0468 1068 Atmarpc - ok
08:17:47.0515 1068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:17:47.0515 1068 audstub - ok
08:17:47.0578 1068 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
08:17:47.0578 1068 AVGIDSDriver - ok
08:17:47.0593 1068 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
08:17:47.0593 1068 AVGIDSEH - ok
08:17:47.0609 1068 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
08:17:47.0609 1068 AVGIDSFilter - ok
08:17:47.0625 1068 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
08:17:47.0625 1068 AVGIDSShim - ok
08:17:47.0640 1068 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
08:17:47.0656 1068 Avgldx86 - ok
08:17:47.0656 1068 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
08:17:47.0656 1068 Avgmfx86 - ok
08:17:47.0671 1068 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
08:17:47.0671 1068 Avgrkx86 - ok
08:17:47.0703 1068 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
08:17:47.0703 1068 Avgtdix - ok
08:17:47.0750 1068 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:17:47.0750 1068 b57w2k - ok
08:17:47.0796 1068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:17:47.0796 1068 Beep - ok
08:17:47.0812 1068 catchme - ok
08:17:47.0859 1068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:17:47.0859 1068 cbidf2k - ok
08:17:47.0875 1068 cd20xrnt - ok
08:17:47.0953 1068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:17:47.0953 1068 Cdaudio - ok
08:17:48.0000 1068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:17:48.0000 1068 Cdfs - ok
08:17:48.0015 1068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:17:48.0015 1068 Cdrom - ok
08:17:48.0046 1068 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
08:17:48.0046 1068 cercsr6 - ok
08:17:48.0062 1068 Changer - ok
08:17:48.0093 1068 CmdIde - ok
08:17:48.0140 1068 Cpqarray - ok
08:17:48.0171 1068 dac2w2k - ok
08:17:48.0171 1068 dac960nt - ok
08:17:48.0250 1068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:17:48.0250 1068 Disk - ok
08:17:48.0359 1068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:17:48.0359 1068 dmboot - ok
08:17:48.0406 1068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:17:48.0406 1068 dmio - ok
08:17:48.0406 1068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:17:48.0406 1068 dmload - ok
08:17:48.0468 1068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:17:48.0468 1068 DMusic - ok
08:17:48.0484 1068 dpti2o - ok
08:17:48.0515 1068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:17:48.0515 1068 drmkaud - ok
08:17:48.0609 1068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:17:48.0609 1068 Fastfat - ok
08:17:48.0656 1068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:17:48.0656 1068 Fdc - ok
08:17:48.0687 1068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:17:48.0687 1068 Fips - ok
08:17:48.0703 1068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:17:48.0703 1068 Flpydisk - ok
08:17:48.0750 1068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:17:48.0750 1068 FltMgr - ok
08:17:48.0781 1068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:17:48.0781 1068 Fs_Rec - ok
08:17:48.0796 1068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:17:48.0796 1068 Ftdisk - ok
08:17:48.0843 1068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:17:48.0843 1068 Gpc - ok
08:17:48.0859 1068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:17:48.0859 1068 HDAudBus - ok
08:17:48.0890 1068 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:17:48.0890 1068 hidusb - ok
08:17:48.0906 1068 hpn - ok
08:17:48.0984 1068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:17:48.0984 1068 HTTP - ok
08:17:49.0000 1068 i2omgmt - ok
08:17:49.0000 1068 i2omp - ok
08:17:49.0078 1068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:17:49.0078 1068 i8042prt - ok
08:17:49.0109 1068 iastor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\drivers\iastor.sys
08:17:49.0125 1068 iastor - ok
08:17:49.0140 1068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:17:49.0140 1068 Imapi - ok
08:17:49.0156 1068 ini910u - ok
08:17:49.0187 1068 IntelIde - ok
08:17:49.0234 1068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:17:49.0234 1068 intelppm - ok
08:17:49.0296 1068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:17:49.0296 1068 Ip6Fw - ok
08:17:49.0343 1068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:17:49.0359 1068 IpFilterDriver - ok
08:17:49.0421 1068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:17:49.0421 1068 IpInIp - ok
08:17:49.0437 1068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:17:49.0453 1068 IpNat - ok
08:17:49.0453 1068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:17:49.0453 1068 IPSec - ok
08:17:49.0484 1068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:17:49.0484 1068 IRENUM - ok
08:17:49.0515 1068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:17:49.0515 1068 isapnp - ok
08:17:49.0562 1068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:17:49.0562 1068 Kbdclass - ok
08:17:49.0609 1068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:17:49.0609 1068 kbdhid - ok
08:17:49.0656 1068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:17:49.0656 1068 kmixer - ok
08:17:49.0703 1068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:17:49.0703 1068 KSecDD - ok
08:17:49.0718 1068 lbrtfdc - ok
08:17:49.0859 1068 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
08:17:49.0859 1068 LMIInfo - ok
08:17:49.0890 1068 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
08:17:49.0890 1068 lmimirr - ok
08:17:49.0906 1068 LMIRfsClientNP - ok
08:17:49.0968 1068 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
08:17:49.0968 1068 LMIRfsDriver - ok
08:17:50.0031 1068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:17:50.0031 1068 mnmdd - ok
08:17:50.0078 1068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:17:50.0078 1068 Modem - ok
08:17:50.0093 1068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:17:50.0093 1068 Mouclass - ok
08:17:50.0140 1068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:17:50.0140 1068 mouhid - ok
08:17:50.0156 1068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:17:50.0156 1068 MountMgr - ok
08:17:50.0187 1068 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:17:50.0187 1068 MpFilter - ok
08:17:50.0203 1068 mraid35x - ok
08:17:50.0218 1068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:17:50.0218 1068 MRxDAV - ok
08:17:50.0265 1068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:17:50.0265 1068 MRxSmb - ok
08:17:50.0281 1068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:17:50.0281 1068 Msfs - ok
08:17:50.0328 1068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:17:50.0328 1068 MSKSSRV - ok
08:17:50.0359 1068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:17:50.0359 1068 MSPCLOCK - ok
08:17:50.0359 1068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:17:50.0359 1068 MSPQM - ok
08:17:50.0406 1068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:17:50.0406 1068 mssmbios - ok
08:17:50.0453 1068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:17:50.0453 1068 Mup - ok
08:17:50.0515 1068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:17:50.0515 1068 NDIS - ok
08:17:50.0562 1068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:17:50.0562 1068 NdisTapi - ok
08:17:50.0562 1068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:17:50.0562 1068 Ndisuio - ok
08:17:50.0578 1068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:17:50.0578 1068 NdisWan - ok
08:17:50.0625 1068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:17:50.0625 1068 NDProxy - ok
08:17:50.0640 1068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:17:50.0640 1068 NetBIOS - ok
08:17:50.0703 1068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\netbt.sys
08:17:50.0703 1068 NetBT - ok
08:17:50.0750 1068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:17:50.0750 1068 Npfs - ok
08:17:50.0796 1068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:17:50.0796 1068 Ntfs - ok
08:17:50.0859 1068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:17:50.0859 1068 Null - ok
08:17:51.0062 1068 nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:17:51.0218 1068 nv - ok
08:17:51.0281 1068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:17:51.0281 1068 NwlnkFlt - ok
08:17:51.0296 1068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:17:51.0296 1068 NwlnkFwd - ok
08:17:51.0343 1068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:17:51.0343 1068 Parport - ok
08:17:51.0343 1068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:17:51.0359 1068 PartMgr - ok
08:17:51.0375 1068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:17:51.0375 1068 ParVdm - ok
08:17:51.0375 1068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:17:51.0375 1068 PCI - ok
08:17:51.0390 1068 PCIDump - ok
08:17:51.0406 1068 PCIIde - ok
08:17:51.0437 1068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:17:51.0437 1068 Pcmcia - ok
08:17:51.0453 1068 PDCOMP - ok
08:17:51.0468 1068 PDFRAME - ok
08:17:51.0468 1068 PDRELI - ok
08:17:51.0484 1068 PDRFRAME - ok
08:17:51.0500 1068 perc2 - ok
08:17:51.0515 1068 perc2hib - ok
08:17:51.0578 1068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:17:51.0593 1068 PptpMiniport - ok
08:17:51.0593 1068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:17:51.0609 1068 PSched - ok
08:17:51.0609 1068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:17:51.0609 1068 Ptilink - ok
08:17:51.0656 1068 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:17:51.0656 1068 PxHelp20 - ok
08:17:51.0671 1068 ql1080 - ok
08:17:51.0687 1068 Ql10wnt - ok
08:17:51.0687 1068 ql12160 - ok
08:17:51.0703 1068 ql1240 - ok
08:17:51.0718 1068 ql1280 - ok
08:17:51.0734 1068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:17:51.0734 1068 RasAcd - ok
08:17:51.0781 1068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:17:51.0781 1068 Rasl2tp - ok
08:17:51.0796 1068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:17:51.0796 1068 RasPppoe - ok
08:17:51.0812 1068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:17:51.0812 1068 Raspti - ok
08:17:51.0828 1068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:17:51.0828 1068 Rdbss - ok
08:17:51.0843 1068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:17:51.0843 1068 RDPCDD - ok
08:17:51.0906 1068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:17:51.0906 1068 rdpdr - ok
08:17:51.0953 1068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:17:51.0953 1068 RDPWD - ok
08:17:51.0984 1068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:17:51.0984 1068 redbook - ok
08:17:52.0062 1068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:17:52.0062 1068 Secdrv - ok
08:17:52.0109 1068 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
08:17:52.0109 1068 Sentinel - ok
08:17:52.0125 1068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:17:52.0125 1068 serenum - ok
08:17:52.0140 1068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:17:52.0140 1068 Serial - ok
08:17:52.0187 1068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:17:52.0187 1068 Sfloppy - ok
08:17:52.0203 1068 Simbad - ok
08:17:52.0250 1068 SNTNLUSB (9de6e60ce7fd82b4985de5d9c22265ad) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
08:17:52.0250 1068 SNTNLUSB - ok
08:17:52.0250 1068 Sparrow - ok
08:17:52.0296 1068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:17:52.0296 1068 splitter - ok
08:17:52.0328 1068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:17:52.0328 1068 sr - ok
08:17:52.0359 1068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:17:52.0359 1068 Srv - ok
08:17:52.0453 1068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:17:52.0453 1068 swenum - ok
08:17:52.0500 1068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:17:52.0500 1068 swmidi - ok
08:17:52.0515 1068 symc810 - ok
08:17:52.0531 1068 symc8xx - ok
08:17:52.0546 1068 sym_hi - ok
08:17:52.0562 1068 sym_u3 - ok
08:17:52.0609 1068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:17:52.0609 1068 sysaudio - ok
08:17:52.0671 1068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:17:52.0671 1068 Tcpip - ok
08:17:52.0703 1068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:17:52.0703 1068 TDPIPE - ok
08:17:52.0734 1068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:17:52.0734 1068 TDTCP - ok
08:17:52.0750 1068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:17:52.0765 1068 TermDD - ok
08:17:52.0796 1068 TosIde - ok
08:17:52.0828 1068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:17:52.0828 1068 Udfs - ok
08:17:52.0828 1068 ultra - ok
08:17:52.0890 1068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:17:52.0890 1068 Update - ok
08:17:52.0937 1068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:17:52.0937 1068 usbccgp - ok
08:17:52.0968 1068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:17:52.0968 1068 usbehci - ok
08:17:53.0015 1068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:17:53.0015 1068 usbhub - ok
08:17:53.0062 1068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:17:53.0062 1068 usbprint - ok
08:17:53.0078 1068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:17:53.0078 1068 USBSTOR - ok
08:17:53.0109 1068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:17:53.0109 1068 usbuhci - ok
08:17:53.0125 1068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:17:53.0125 1068 VgaSave - ok
08:17:53.0140 1068 ViaIde - ok
08:17:53.0156 1068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:17:53.0156 1068 VolSnap - ok
08:17:53.0203 1068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:17:53.0203 1068 Wanarp - ok
08:17:53.0203 1068 WDICA - ok
08:17:53.0250 1068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:17:53.0250 1068 wdmaud - ok
08:17:53.0328 1068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:17:53.0328 1068 WS2IFSL - ok
08:17:53.0375 1068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:17:53.0531 1068 \Device\Harddisk0\DR0 - ok
08:17:53.0546 1068 Boot (0x1200) (9d42ace3999d969511a4a7e1373a9dd8) \Device\Harddisk0\DR0\Partition0
08:17:53.0546 1068 \Device\Harddisk0\DR0\Partition0 - ok
08:17:53.0546 1068 ============================================================
08:17:53.0546 1068 Scan finished
08:17:53.0546 1068 ============================================================
08:17:53.0562 1540 Detected object count: 0
08:17:53.0562 1540 Actual detected object count: 0


Gringo
Thank you for your continued help and support.
Allen

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 31 January 2012 - 08:44 AM

Hello BigAl07

run this in normal mode if possible

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 BigAl07

BigAl07
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 31 January 2012 - 10:02 AM

aswMBR
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-31 09:26:10
-----------------------------
09:26:10.662 OS Version: Windows 5.1.2600 Service Pack 3
09:26:10.662 Number of processors: 2 586 0x1706
09:26:10.662 ComputerName: CABINET1 UserName: jcarver
09:26:13.860 Initialize success
09:26:35.156 AVAST engine defs: 12013100
09:26:42.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:26:42.360 Disk 0 Vendor: ST380815 4.AD Size: 76293MB BusType: 3
09:26:42.395 Disk 0 MBR read successfully
09:26:42.395 Disk 0 MBR scan
09:26:42.483 Disk 0 Windows XP default MBR code
09:26:42.501 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
09:26:42.536 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 112455
09:26:42.571 Disk 0 scanning sectors +156232125
09:26:42.764 Disk 0 scanning C:\WINDOWS\system32\drivers
09:27:12.283 Service scanning
09:27:13.689 Modules scanning
09:27:18.029 Disk 0 trace - called modules:
09:27:18.064 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:27:18.661 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a68dab8]
09:27:18.661 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a68e028]
09:27:19.153 AVAST engine scan C:\WINDOWS
09:27:41.240 AVAST engine scan C:\WINDOWS\system32
09:31:57.995 AVAST engine scan C:\WINDOWS\system32\drivers
09:32:15.937 AVAST engine scan C:\Documents and Settings\jcarver
09:33:59.049 AVAST engine scan C:\Documents and Settings\All Users
09:35:57.678 Scan finished successfully
10:02:28.413 Disk 0 MBR has been saved successfully to "C:\Jeffs Files\MBR.dat"
10:02:28.413 The log file has been saved successfully to "C:\Jeffs Files\aswMBR.txt"
10:03:21.885 Disk 0 MBR has been saved successfully to "C:\Jeffs Files\MBR.dat"
10:03:22.167 The log file has been saved successfully to "C:\Jeffs Files\aswMBR_1_31.txt"

#15 BigAl07

BigAl07
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 31 January 2012 - 11:03 AM

I meant to mention that the first time I ran the above scanner after about 5 mins of scanning (after the Definitions were downloaded) I got the Blue Screen Of Death but a reboot and rescan did not duplicate that result.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users