Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google chrome infected with browser hijacker


  • This topic is locked This topic is locked
23 replies to this topic

#1 Ectomorph

Ectomorph

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 16 September 2012 - 04:50 PM

My google chrome searches redirect via www.fastestwebsearch.com this is obviously malware that is likely leaving me wide open to further infection. I could really do with some help on this. I have raised my issue in the general malware advice section and have exhausted all options here. I have prepared logs in this section so i really hope something can be done.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Paul at 20:46:43 on 2012-09-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.922 [GMT 1:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\paul\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221483667767
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224250961812
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{46730264-159A-4342-B2D0-91AD96010C67} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-16 676936]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-7-21 4170752]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\netgear\wnda3200\WifiDevChkSvc.exe [2011-9-20 167936]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-9-20 1759584]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-9-20 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-16 22856]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120914.002\naveng.sys [2012-9-14 92704]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120914.002\navex15.sys [2012-9-14 1601184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-19 250056]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2011-9-20 360529]
S3 ks2avs;Kontrol S2 WDM Audio;c:\windows\system32\drivers\ks2avs.sys [2012-8-19 346192]
S3 ks2usb_svc;Traktor Kontrol S2;c:\windows\system32\drivers\ks2usb.sys [2012-8-19 78416]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
.
=============== Created Last 30 ================
.
2012-09-16 13:41:12 -------- d-----w- c:\documents and settings\paul\application data\Malwarebytes
2012-09-16 13:40:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-16 13:40:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 13:40:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-16 07:44:52 -------- d-----w- c:\program files\ESET
2012-09-02 18:23:20 -------- d-----w- c:\program files\Enigma Software Group
2012-09-02 18:22:10 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-08-19 11:02:40 78416 ----a-w- c:\windows\system32\drivers\ks2usb.sys
2012-08-19 11:02:40 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-08-19 11:02:39 346192 ----a-w- c:\windows\system32\drivers\ks2avs.sys
2012-08-19 11:02:20 -------- dc-h--w- c:\documents and settings\all users\application data\{45A5DECC-D6B1-4364-8030-F693CF272758}
2012-08-19 10:52:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-19 10:45:01 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2012-08-19 10:45:01 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2012-08-19 10:45:00 545024 ----a-w- c:\windows\system32\drivers\smwdm.sys
2012-08-19 10:45:00 49152 ----a-w- c:\windows\system32\DSndUp.exe
2012-08-19 10:45:00 45056 ----a-w- c:\windows\system32\CleanUp.exe
2012-08-19 10:45:00 -------- d-----w- c:\program files\Analog Devices
.
==================== Find3M ====================
.
2012-08-19 14:39:29 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 20:48:24.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 17 September 2012 - 10:18 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 20 September 2012 - 03:04 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 22 September 2012 - 05:23 AM

Sorry, i have been away from a computer for a few days. But i still need help with this! Hope to hear from you soon!

#5 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 22 September 2012 - 05:29 AM

I will follow the instructions and post the results :-)

#6 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 23 September 2012 - 06:06 AM

# AdwCleaner v2.002 - Logfile created 09/23/2012 at 11:36:41
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Paul - IVPC166
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Paul\My Documents\Downloads\adwcleaner (2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [6147 octets] - [16/09/2012 17:31:42]
AdwCleaner[R1].txt - [908 octets] - [23/09/2012 11:33:28]
AdwCleaner[R2].txt - [967 octets] - [23/09/2012 11:33:57]
AdwCleaner[S3].txt - [874 octets] - [23/09/2012 11:36:41]

########## EOF - C:\AdwCleaner[S3].txt - [933 octets] ##########

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Remove -- Date : 09/23/2012 12:05:27

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [LOADED]
SSDT[12] : NtAlertResumeThread @ 0x80637C36 -> HOOKED (Unknown @ 0x8A51AA00)
SSDT[13] : NtAlertThread @ 0x80592EFA -> HOOKED (Unknown @ 0x8A5C7EC0)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8A5AB940)
SSDT[31] : NtConnectPort @ 0x80590C5B -> HOOKED (Unknown @ 0x8A485BA8)
SSDT[43] : NtCreateMutant @ 0x80580B62 -> HOOKED (Unknown @ 0x8A5C4AD0)
SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (Unknown @ 0x8A4BB728)
SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8A049C30)
SSDT[89] : NtImpersonateAnonymousToken @ 0x8059BB5D -> HOOKED (Unknown @ 0x8A5AB908)
SSDT[91] : NtImpersonateThread @ 0x805874C1 -> HOOKED (Unknown @ 0x8A5312A0)
SSDT[108] : NtMapViewOfSection @ 0x8057AA19 -> HOOKED (Unknown @ 0x8A35F0A8)
SSDT[114] : NtOpenEvent @ 0x80589B69 -> HOOKED (Unknown @ 0x8A6031D8)
SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x8A086398)
SSDT[129] : NtOpenThreadToken @ 0x805746D2 -> HOOKED (Unknown @ 0x8A3CFEC0)
SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0x89F850A8)
SSDT[206] : NtResumeThread @ 0x80586737 -> HOOKED (Unknown @ 0x888968C0)
SSDT[213] : NtSetContextThread @ 0x8063629D -> HOOKED (Unknown @ 0x8A4A28D0)
SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8A5990A0)
SSDT[229] : NtSetInformationThread @ 0x80576ABD -> HOOKED (Unknown @ 0x8A487DD8)
SSDT[253] : NtSuspendProcess @ 0x80637B7B -> HOOKED (Unknown @ 0x8A4B87C8)
SSDT[254] : NtSuspendThread @ 0x80637A97 -> HOOKED (Unknown @ 0x8A45B868)
SSDT[257] : NtTerminateProcess @ 0x8058E6B9 -> HOOKED (Unknown @ 0x8A3C8EC0)
SSDT[258] : NtTerminateThread @ 0x80582DD9 -> HOOKED (Unknown @ 0x8A4C5A10)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A5A1 -> HOOKED (Unknown @ 0x8A3CCEC0)
SSDT[277] : NtWriteVirtualMemory @ 0x805873F6 -> HOOKED (Unknown @ 0x8A603210)
_INLINE_ : NtCreateKey -> HOOKED (\??\C:\WINDOWS\system32\drivers\aksfridge.sys @ 0x804D7FEC)
_INLINE_ : NtOpenKey -> HOOKED (\??\C:\WINDOWS\system32\drivers\aksfridge.sys @ 0x804D7FF1)

here goes!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 23 September 2012 - 06:47 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 23 September 2012 - 04:23 PM

21:35:51.0390 1620 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:35:51.0593 1620 ============================================================
21:35:51.0593 1620 Current date / time: 2012/09/23 21:35:51.0593
21:35:51.0593 1620 SystemInfo:
21:35:51.0593 1620
21:35:51.0593 1620 OS Version: 5.1.2600 ServicePack: 3.0
21:35:51.0593 1620 Product type: Workstation
21:35:51.0593 1620 ComputerName: IVPC166
21:35:51.0593 1620 UserName: Paul
21:35:51.0593 1620 Windows directory: C:\WINDOWS
21:35:51.0593 1620 System windows directory: C:\WINDOWS
21:35:51.0593 1620 Processor architecture: Intel x86
21:35:51.0593 1620 Number of processors: 2
21:35:51.0593 1620 Page size: 0x1000
21:35:51.0593 1620 Boot type: Normal boot
21:35:51.0593 1620 ============================================================
21:35:56.0687 1620 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:35:56.0687 1620 ============================================================
21:35:56.0687 1620 \Device\Harddisk0\DR0:
21:35:56.0687 1620 MBR partitions:
21:35:56.0687 1620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
21:35:56.0687 1620 ============================================================
21:35:56.0734 1620 C: <-> \Device\Harddisk0\DR0\Partition1
21:35:56.0734 1620 ============================================================
21:35:56.0734 1620 Initialize success
21:35:56.0734 1620 ============================================================
21:36:03.0312 3220 ============================================================
21:36:03.0312 3220 Scan started
21:36:03.0312 3220 Mode: Manual;
21:36:03.0312 3220 ============================================================
21:36:05.0171 3220 ================ Scan system memory ========================
21:36:07.0218 3220 System memory - ok
21:36:07.0218 3220 ================ Scan services =============================
21:36:07.0375 3220 Abiosdsk - ok
21:36:07.0375 3220 abp480n5 - ok
21:36:07.0484 3220 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:36:07.0484 3220 ACPI - ok
21:36:07.0546 3220 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:36:07.0562 3220 ACPIEC - ok
21:36:07.0671 3220 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:07.0718 3220 AdobeFlashPlayerUpdateSvc - ok
21:36:07.0734 3220 adpu160m - ok
21:36:07.0750 3220 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
21:36:07.0750 3220 aeaudio - ok
21:36:07.0828 3220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:36:07.0843 3220 aec - ok
21:36:07.0921 3220 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:36:07.0921 3220 AegisP - ok
21:36:08.0000 3220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:36:08.0015 3220 AFD - ok
21:36:08.0015 3220 AFGMp50 - ok
21:36:08.0031 3220 AFGSp50 - ok
21:36:08.0046 3220 Aha154x - ok
21:36:08.0046 3220 aic78u2 - ok
21:36:08.0062 3220 aic78xx - ok
21:36:08.0171 3220 [ 11F424D02AEA63A3A53445087072FDD0 ] aksfridge C:\WINDOWS\system32\drivers\aksfridge.sys
21:36:08.0203 3220 aksfridge - ok
21:36:08.0250 3220 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:36:08.0265 3220 Alerter - ok
21:36:08.0296 3220 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:36:08.0312 3220 ALG - ok
21:36:08.0328 3220 AliIde - ok
21:36:08.0328 3220 amsint - ok
21:36:08.0437 3220 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:36:08.0453 3220 AppMgmt - ok
21:36:08.0640 3220 [ 3BC98A53C0ABE3FEB3B2B9B3BD9E7AA5 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
21:36:08.0718 3220 AR9271 - ok
21:36:08.0734 3220 asc - ok
21:36:08.0750 3220 asc3350p - ok
21:36:08.0750 3220 asc3550 - ok
21:36:08.0859 3220 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:36:08.0937 3220 aspnet_state - ok
21:36:08.0984 3220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:36:09.0000 3220 AsyncMac - ok
21:36:09.0015 3220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:36:09.0015 3220 atapi - ok
21:36:09.0031 3220 Atdisk - ok
21:36:09.0062 3220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:36:09.0062 3220 Atmarpc - ok
21:36:09.0078 3220 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:36:09.0109 3220 AudioSrv - ok
21:36:09.0156 3220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:36:09.0156 3220 audstub - ok
21:36:09.0218 3220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:36:09.0234 3220 Beep - ok
21:36:09.0281 3220 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:36:09.0359 3220 BITS - ok
21:36:09.0390 3220 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:36:09.0468 3220 Browser - ok
21:36:09.0500 3220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:36:09.0515 3220 cbidf2k - ok
21:36:09.0546 3220 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:36:09.0562 3220 CCDECODE - ok
21:36:09.0734 3220 [ 04945313BC60488E0C14AD1167160659 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
21:36:09.0750 3220 ccEvtMgr - ok
21:36:09.0765 3220 [ 2203161EC24C210D51DB69C604F4A504 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
21:36:09.0765 3220 ccSetMgr - ok
21:36:09.0781 3220 cd20xrnt - ok
21:36:09.0796 3220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:36:09.0812 3220 Cdaudio - ok
21:36:09.0875 3220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:36:09.0890 3220 Cdfs - ok
21:36:09.0906 3220 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:36:09.0921 3220 Cdrom - ok
21:36:09.0937 3220 Changer - ok
21:36:10.0000 3220 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:36:10.0015 3220 CiSvc - ok
21:36:10.0046 3220 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:36:10.0062 3220 ClipSrv - ok
21:36:10.0125 3220 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:10.0250 3220 clr_optimization_v2.0.50727_32 - ok
21:36:10.0250 3220 CmdIde - ok
21:36:10.0265 3220 COMSysApp - ok
21:36:10.0281 3220 Cpqarray - ok
21:36:10.0312 3220 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:36:10.0328 3220 CryptSvc - ok
21:36:10.0328 3220 dac2w2k - ok
21:36:10.0343 3220 dac960nt - ok
21:36:10.0562 3220 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:36:10.0609 3220 DcomLaunch - ok
21:36:10.0703 3220 [ 9709D3D9E592D3217353F3FAFE29FAA3 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
21:36:10.0703 3220 DefWatch - ok
21:36:10.0734 3220 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:36:10.0734 3220 Dhcp - ok
21:36:10.0750 3220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:36:10.0765 3220 Disk - ok
21:36:10.0765 3220 dmadmin - ok
21:36:10.0843 3220 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:36:10.0906 3220 dmboot - ok
21:36:10.0937 3220 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:36:10.0953 3220 dmio - ok
21:36:10.0984 3220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:36:11.0000 3220 dmload - ok
21:36:11.0031 3220 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:36:11.0046 3220 dmserver - ok
21:36:11.0093 3220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:36:11.0109 3220 DMusic - ok
21:36:11.0156 3220 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:36:11.0171 3220 Dnscache - ok
21:36:11.0234 3220 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:36:11.0234 3220 Dot3svc - ok
21:36:11.0250 3220 dpti2o - ok
21:36:11.0312 3220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:36:11.0312 3220 drmkaud - ok
21:36:11.0375 3220 [ A8B3EC8EE13CBE14F067C72110155A1B ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
21:36:11.0390 3220 E1000 - ok
21:36:11.0656 3220 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:36:11.0671 3220 EapHost - ok
21:36:11.0765 3220 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:36:11.0796 3220 eeCtrl - ok
21:36:11.0875 3220 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:36:11.0890 3220 EraserUtilRebootDrv - ok
21:36:11.0937 3220 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:36:11.0953 3220 ERSvc - ok
21:36:11.0984 3220 esgiguard - ok
21:36:12.0031 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:36:12.0062 3220 Eventlog - ok
21:36:12.0125 3220 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:36:12.0156 3220 EventSystem - ok
21:36:12.0187 3220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:36:12.0218 3220 Fastfat - ok
21:36:12.0281 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:36:12.0312 3220 FastUserSwitchingCompatibility - ok
21:36:12.0328 3220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:36:12.0343 3220 Fdc - ok
21:36:12.0406 3220 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:36:12.0531 3220 Fips - ok
21:36:12.0703 3220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:36:12.0718 3220 Flpydisk - ok
21:36:12.0765 3220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:36:12.0781 3220 FltMgr - ok
21:36:12.0859 3220 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:36:12.0875 3220 FontCache3.0.0.0 - ok
21:36:12.0906 3220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:36:12.0921 3220 Fs_Rec - ok
21:36:12.0921 3220 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:36:12.0937 3220 Ftdisk - ok
21:36:13.0000 3220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:36:13.0015 3220 Gpc - ok
21:36:13.0125 3220 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:36:13.0140 3220 gupdate - ok
21:36:13.0140 3220 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:36:13.0140 3220 gupdatem - ok
21:36:13.0234 3220 [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
21:36:13.0281 3220 hardlock - ok
21:36:13.0296 3220 hasplms - ok
21:36:13.0734 3220 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:36:13.0750 3220 helpsvc - ok
21:36:13.0781 3220 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:36:13.0796 3220 HidServ - ok
21:36:13.0828 3220 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:36:13.0843 3220 HidUsb - ok
21:36:13.0890 3220 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:36:13.0906 3220 hkmsvc - ok
21:36:13.0921 3220 hpn - ok
21:36:13.0984 3220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:36:14.0000 3220 HTTP - ok
21:36:14.0062 3220 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:36:14.0078 3220 HTTPFilter - ok
21:36:14.0078 3220 i2omgmt - ok
21:36:14.0093 3220 i2omp - ok
21:36:14.0156 3220 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:36:14.0171 3220 i8042prt - ok
21:36:14.0296 3220 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:36:14.0359 3220 ialm - ok
21:36:14.0515 3220 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:36:14.0578 3220 idsvc - ok
21:36:14.0609 3220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:36:14.0640 3220 Imapi - ok
21:36:14.0687 3220 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:36:14.0734 3220 ImapiService - ok
21:36:14.0734 3220 ini910u - ok
21:36:14.0765 3220 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:36:14.0765 3220 IntelIde - ok
21:36:14.0828 3220 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:36:14.0843 3220 intelppm - ok
21:36:14.0859 3220 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:36:14.0875 3220 Ip6Fw - ok
21:36:14.0921 3220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:36:14.0937 3220 IpFilterDriver - ok
21:36:14.0953 3220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:36:14.0968 3220 IpInIp - ok
21:36:14.0984 3220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:36:15.0000 3220 IpNat - ok
21:36:15.0000 3220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:36:15.0015 3220 IPSec - ok
21:36:15.0046 3220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:36:15.0062 3220 IRENUM - ok
21:36:15.0093 3220 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:36:15.0109 3220 isapnp - ok
21:36:15.0281 3220 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:36:15.0312 3220 JavaQuickStarterService - ok
21:36:15.0562 3220 [ AD7C73C72480EECB7675C90EB565E7CB ] jswpsapi C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe
21:36:15.0625 3220 jswpsapi - ok
21:36:15.0671 3220 [ AD67795900AA8C05CC4570F5349E0639 ] JSWSCIMD C:\WINDOWS\system32\DRIVERS\jswscimd.sys
21:36:15.0671 3220 JSWSCIMD - ok
21:36:15.0703 3220 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:36:15.0703 3220 Kbdclass - ok
21:36:15.0718 3220 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:36:15.0718 3220 kbdhid - ok
21:36:15.0750 3220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:36:15.0750 3220 kmixer - ok
21:36:15.0828 3220 [ 747667467B3C02DF529810A2403E637A ] ks2avs C:\WINDOWS\system32\Drivers\ks2avs.sys
21:36:15.0859 3220 ks2avs - ok
21:36:15.0921 3220 [ 1EDCFEB73949FA77C323DE98F37A4F23 ] ks2usb_svc C:\WINDOWS\system32\Drivers\ks2usb.sys
21:36:15.0937 3220 ks2usb_svc - ok
21:36:15.0968 3220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:36:15.0984 3220 KSecDD - ok
21:36:16.0031 3220 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:36:16.0062 3220 lanmanserver - ok
21:36:16.0093 3220 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:36:16.0125 3220 lanmanworkstation - ok
21:36:16.0125 3220 lbrtfdc - ok
21:36:16.0562 3220 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:36:16.0718 3220 LiveUpdate - ok
21:36:16.0781 3220 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:36:16.0796 3220 LmHosts - ok
21:36:16.0843 3220 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:36:16.0859 3220 MBAMProtector - ok
21:36:16.0937 3220 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:36:16.0984 3220 MBAMScheduler - ok
21:36:17.0031 3220 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:36:17.0093 3220 MBAMService - ok
21:36:17.0281 3220 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:36:17.0312 3220 MDM - ok
21:36:17.0343 3220 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:36:17.0359 3220 Messenger - ok
21:36:17.0562 3220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:36:17.0562 3220 mnmdd - ok
21:36:17.0625 3220 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:36:17.0640 3220 mnmsrvc - ok
21:36:17.0687 3220 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:36:17.0703 3220 Modem - ok
21:36:17.0750 3220 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:36:17.0750 3220 Mouclass - ok
21:36:17.0812 3220 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:36:17.0828 3220 mouhid - ok
21:36:17.0843 3220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:36:17.0859 3220 MountMgr - ok
21:36:17.0921 3220 [ 83EFF7B976AE24F1A496CA94A8A19919 ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
21:36:17.0937 3220 MPE - ok
21:36:17.0937 3220 mraid35x - ok
21:36:17.0968 3220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:36:17.0984 3220 MRxDAV - ok
21:36:18.0031 3220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:36:18.0062 3220 MRxSmb - ok
21:36:18.0078 3220 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:36:18.0078 3220 MSDTC - ok
21:36:18.0109 3220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:36:18.0109 3220 Msfs - ok
21:36:18.0125 3220 MSIServer - ok
21:36:18.0156 3220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:36:18.0171 3220 MSKSSRV - ok
21:36:18.0187 3220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:36:18.0187 3220 MSPCLOCK - ok
21:36:18.0234 3220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:36:18.0234 3220 MSPQM - ok
21:36:18.0265 3220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:36:18.0265 3220 mssmbios - ok
21:36:18.0296 3220 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:36:18.0296 3220 MSTEE - ok
21:36:18.0328 3220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:36:18.0343 3220 Mup - ok
21:36:18.0375 3220 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:36:18.0375 3220 NABTSFEC - ok
21:36:18.0515 3220 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:36:18.0546 3220 napagent - ok
21:36:18.0656 3220 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120914.002\naveng.sys
21:36:18.0671 3220 NAVENG - ok
21:36:18.0765 3220 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120914.002\navex15.sys
21:36:18.0781 3220 NAVEX15 - ok
21:36:18.0828 3220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:36:18.0843 3220 NDIS - ok
21:36:18.0875 3220 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:36:18.0890 3220 NdisIP - ok
21:36:18.0937 3220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:36:18.0953 3220 NdisTapi - ok
21:36:18.0968 3220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:36:18.0984 3220 Ndisuio - ok
21:36:19.0000 3220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:36:19.0015 3220 NdisWan - ok
21:36:19.0046 3220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:36:19.0062 3220 NDProxy - ok
21:36:19.0078 3220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:36:19.0093 3220 NetBIOS - ok
21:36:19.0109 3220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:36:19.0125 3220 NetBT - ok
21:36:19.0187 3220 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:36:19.0203 3220 NetDDE - ok
21:36:19.0218 3220 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:36:19.0234 3220 NetDDEdsdm - ok
21:36:19.0281 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:36:19.0281 3220 Netlogon - ok
21:36:19.0312 3220 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:36:19.0312 3220 Netman - ok
21:36:19.0359 3220 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:36:19.0500 3220 NetTcpPortSharing - ok
21:36:19.0828 3220 [ 1C2C6A695BAC97D9D7F6D93FE7A83CAA ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
21:36:20.0046 3220 NIHardwareService - ok
21:36:20.0078 3220 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:36:20.0093 3220 Nla - ok
21:36:20.0140 3220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:36:20.0156 3220 Npfs - ok
21:36:20.0203 3220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:36:20.0250 3220 Ntfs - ok
21:36:20.0265 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:36:20.0265 3220 NtLmSsp - ok
21:36:20.0328 3220 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:36:20.0359 3220 NtmsSvc - ok
21:36:20.0390 3220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:36:20.0406 3220 Null - ok
21:36:20.0453 3220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:36:20.0453 3220 NwlnkFlt - ok
21:36:20.0500 3220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:36:20.0500 3220 NwlnkFwd - ok
21:36:20.0531 3220 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:36:20.0531 3220 Parport - ok
21:36:20.0546 3220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:36:20.0562 3220 PartMgr - ok
21:36:20.0625 3220 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:36:20.0625 3220 ParVdm - ok
21:36:20.0640 3220 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:36:20.0656 3220 PCI - ok
21:36:20.0656 3220 PCIDump - ok
21:36:20.0718 3220 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
21:36:20.0734 3220 PCIIde - ok
21:36:20.0765 3220 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:36:20.0796 3220 Pcmcia - ok
21:36:20.0796 3220 PDCOMP - ok
21:36:20.0812 3220 PDFRAME - ok
21:36:20.0812 3220 PDRELI - ok
21:36:20.0828 3220 PDRFRAME - ok
21:36:20.0828 3220 perc2 - ok
21:36:20.0843 3220 perc2hib - ok
21:36:20.0890 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:36:20.0890 3220 PlugPlay - ok
21:36:20.0906 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:36:20.0906 3220 PolicyAgent - ok
21:36:20.0968 3220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:36:20.0984 3220 PptpMiniport - ok
21:36:21.0000 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:36:21.0000 3220 ProtectedStorage - ok
21:36:21.0015 3220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:36:21.0015 3220 PSched - ok
21:36:21.0031 3220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:36:21.0046 3220 Ptilink - ok
21:36:21.0062 3220 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:36:21.0078 3220 PxHelp20 - ok
21:36:21.0093 3220 ql1080 - ok
21:36:21.0093 3220 Ql10wnt - ok
21:36:21.0109 3220 ql12160 - ok
21:36:21.0109 3220 ql1240 - ok
21:36:21.0125 3220 ql1280 - ok
21:36:21.0140 3220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:36:21.0140 3220 RasAcd - ok
21:36:21.0171 3220 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:36:21.0187 3220 RasAuto - ok
21:36:21.0218 3220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:36:21.0218 3220 Rasl2tp - ok
21:36:21.0281 3220 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:36:21.0296 3220 RasMan - ok
21:36:21.0312 3220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:36:21.0328 3220 RasPppoe - ok
21:36:21.0328 3220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:36:21.0343 3220 Raspti - ok
21:36:21.0484 3220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:36:21.0531 3220 Rdbss - ok
21:36:21.0562 3220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:36:21.0578 3220 RDPCDD - ok
21:36:21.0593 3220 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:36:21.0609 3220 rdpdr - ok
21:36:21.0656 3220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:36:21.0687 3220 RDPWD - ok
21:36:21.0718 3220 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:36:21.0750 3220 RDSessMgr - ok
21:36:21.0765 3220 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:36:21.0781 3220 redbook - ok
21:36:21.0828 3220 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:36:21.0843 3220 RemoteAccess - ok
21:36:21.0859 3220 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:36:21.0890 3220 RemoteRegistry - ok
21:36:21.0921 3220 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:36:21.0937 3220 RpcLocator - ok
21:36:21.0984 3220 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:36:21.0984 3220 RpcSs - ok
21:36:22.0062 3220 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:36:22.0078 3220 RSVP - ok
21:36:22.0093 3220 RTLWUSB - ok
21:36:22.0109 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:36:22.0109 3220 SamSs - ok
21:36:22.0156 3220 [ 5387EAE86FB5F6B72052F5273BDD3E86 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
21:36:22.0156 3220 SavRoam - ok
21:36:22.0203 3220 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
21:36:22.0234 3220 SAVRT - ok
21:36:22.0234 3220 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
21:36:22.0250 3220 SAVRTPEL - ok
21:36:22.0312 3220 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:36:22.0328 3220 SCardSvr - ok
21:36:22.0375 3220 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:36:22.0484 3220 Schedule - ok
21:36:22.0718 3220 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:36:22.0765 3220 SeaPort - ok
21:36:22.0796 3220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:36:22.0812 3220 Secdrv - ok
21:36:22.0828 3220 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:36:22.0828 3220 seclogon - ok
21:36:22.0859 3220 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:36:22.0875 3220 SENS - ok
21:36:22.0906 3220 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:36:22.0921 3220 serenum - ok
21:36:22.0937 3220 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:36:22.0953 3220 Serial - ok
21:36:22.0968 3220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:36:22.0984 3220 Sfloppy - ok
21:36:23.0046 3220 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:36:23.0078 3220 SharedAccess - ok
21:36:23.0109 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:36:23.0109 3220 ShellHWDetection - ok
21:36:23.0125 3220 Simbad - ok
21:36:23.0156 3220 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:36:23.0171 3220 SLIP - ok
21:36:23.0250 3220 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:36:23.0265 3220 smwdm - ok
21:36:23.0328 3220 [ A16722715D3206AB7E1A6463CE0B747E ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
21:36:23.0359 3220 SNDSrvc - ok
21:36:23.0359 3220 Sparrow - ok
21:36:23.0437 3220 [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:36:23.0468 3220 SPBBCDrv - ok
21:36:23.0546 3220 [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
21:36:23.0625 3220 SPBBCSvc - ok
21:36:23.0687 3220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:36:23.0703 3220 splitter - ok
21:36:23.0734 3220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:36:23.0750 3220 Spooler - ok
21:36:23.0781 3220 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:36:23.0781 3220 sr - ok
21:36:23.0843 3220 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:36:23.0875 3220 srservice - ok
21:36:23.0921 3220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:36:23.0937 3220 Srv - ok
21:36:23.0984 3220 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:36:24.0000 3220 SSDPSRV - ok
21:36:24.0031 3220 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:36:24.0062 3220 stisvc - ok
21:36:24.0078 3220 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:36:24.0078 3220 streamip - ok
21:36:24.0109 3220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:36:24.0109 3220 swenum - ok
21:36:24.0140 3220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:36:24.0171 3220 swmidi - ok
21:36:24.0171 3220 SwPrv - ok
21:36:24.0312 3220 [ 0023CC5610B9C48CF68571DEE4C686FC ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
21:36:24.0328 3220 Symantec AntiVirus - ok
21:36:24.0328 3220 symc810 - ok
21:36:24.0343 3220 symc8xx - ok
21:36:24.0375 3220 [ 49B20B430A4F219173F823536944474A ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:36:24.0578 3220 SymEvent - ok
21:36:24.0593 3220 [ 626F733BE7F951116C5C0804B068666C ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:36:24.0593 3220 SYMREDRV - ok
21:36:24.0671 3220 [ CB7CC4DDBE09E224D4CD876760BA982C ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:36:24.0687 3220 SYMTDI - ok
21:36:24.0703 3220 sym_hi - ok
21:36:24.0718 3220 sym_u3 - ok
21:36:24.0734 3220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:36:24.0734 3220 sysaudio - ok
21:36:24.0812 3220 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:36:24.0828 3220 SysmonLog - ok
21:36:24.0859 3220 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:36:24.0890 3220 TapiSrv - ok
21:36:24.0953 3220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:36:24.0984 3220 Tcpip - ok
21:36:25.0015 3220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:36:25.0031 3220 TDPIPE - ok
21:36:25.0078 3220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:36:25.0093 3220 TDTCP - ok
21:36:25.0140 3220 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:36:25.0140 3220 TermDD - ok
21:36:25.0187 3220 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:36:25.0218 3220 TermService - ok
21:36:25.0250 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:36:25.0250 3220 Themes - ok
21:36:25.0312 3220 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:36:25.0343 3220 TlntSvr - ok
21:36:25.0343 3220 TosIde - ok
21:36:25.0375 3220 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:36:25.0468 3220 TrkWks - ok
21:36:25.0500 3220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:36:25.0578 3220 Udfs - ok
21:36:25.0578 3220 ultra - ok
21:36:25.0640 3220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:36:25.0656 3220 Update - ok
21:36:25.0734 3220 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:36:25.0750 3220 upnphost - ok
21:36:25.0781 3220 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:36:25.0796 3220 UPS - ok
21:36:25.0796 3220 USB28xxBGA - ok
21:36:25.0859 3220 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:36:25.0859 3220 usbaudio - ok
21:36:25.0921 3220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:36:25.0937 3220 usbccgp - ok
21:36:25.0953 3220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:36:25.0953 3220 usbehci - ok
21:36:26.0000 3220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:36:26.0015 3220 usbhub - ok
21:36:26.0046 3220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:36:26.0062 3220 usbprint - ok
21:36:26.0109 3220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:36:26.0125 3220 usbscan - ok
21:36:26.0125 3220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:36:26.0156 3220 USBSTOR - ok
21:36:26.0187 3220 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:36:26.0203 3220 usbuhci - ok
21:36:26.0218 3220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:36:26.0218 3220 VgaSave - ok
21:36:26.0234 3220 ViaIde - ok
21:36:26.0265 3220 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:36:26.0265 3220 VolSnap - ok
21:36:26.0296 3220 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:36:26.0343 3220 VSS - ok
21:36:26.0375 3220 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:36:26.0562 3220 W32Time - ok
21:36:26.0625 3220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:36:26.0640 3220 Wanarp - ok
21:36:26.0703 3220 [ 49B50BE4C6E61DC378057A09130E0629 ] WDCS_WNDA3200 C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
21:36:26.0734 3220 WDCS_WNDA3200 - ok
21:36:26.0828 3220 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:36:26.0875 3220 Wdf01000 - ok
21:36:26.0890 3220 WDICA - ok
21:36:26.0953 3220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:36:26.0968 3220 wdmaud - ok
21:36:27.0031 3220 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:36:27.0046 3220 WebClient - ok
21:36:27.0140 3220 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:36:27.0171 3220 winmgmt - ok
21:36:27.0234 3220 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:36:27.0234 3220 WmdmPmSN - ok
21:36:27.0312 3220 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:36:27.0343 3220 Wmi - ok
21:36:27.0375 3220 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:36:27.0390 3220 WmiApSrv - ok
21:36:27.0734 3220 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:36:27.0796 3220 WMPNetworkSvc - ok
21:36:27.0812 3220 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:36:27.0828 3220 WpdUsb - ok
21:36:27.0875 3220 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:36:27.0890 3220 wscsvc - ok
21:36:27.0921 3220 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:36:27.0921 3220 WSTCODEC - ok
21:36:27.0953 3220 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:36:27.0968 3220 wuauserv - ok
21:36:28.0015 3220 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:36:28.0031 3220 WudfPf - ok
21:36:28.0046 3220 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:36:28.0062 3220 WudfRd - ok
21:36:28.0078 3220 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:36:28.0093 3220 WudfSvc - ok
21:36:28.0156 3220 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:36:28.0203 3220 WZCSVC - ok
21:36:28.0218 3220 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:36:28.0234 3220 xmlprov - ok
21:36:28.0281 3220 [ 00AE175B903D45ED4A62384D3315DC2A ] ZDPSp50 C:\WINDOWS\system32\Drivers\ZDPSp50.sys
21:36:28.0296 3220 ZDPSp50 - ok
21:36:28.0312 3220 ================ Scan global ===============================
21:36:28.0375 3220 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:36:28.0671 3220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:36:28.0750 3220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:36:28.0796 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:36:28.0796 3220 [Global] - ok
21:36:28.0796 3220 ================ Scan MBR ==================================
21:36:28.0828 3220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:36:29.0062 3220 \Device\Harddisk0\DR0 - ok
21:36:29.0062 3220 ================ Scan VBR ==================================
21:36:29.0062 3220 [ 3ABE52E047E7D658203C603176B4B69B ] \Device\Harddisk0\DR0\Partition1
21:36:29.0078 3220 \Device\Harddisk0\DR0\Partition1 - ok
21:36:29.0078 3220 ============================================================
21:36:29.0078 3220 Scan finished
21:36:29.0078 3220 ============================================================
21:36:29.0109 3104 Detected object count: 0
21:36:29.0109 3104 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 21:39:24
-----------------------------
21:39:24.890 OS Version: Windows 5.1.2600 Service Pack 3
21:39:24.890 Number of processors: 2 586 0x209
21:39:24.890 ComputerName: IVPC166 UserName: Paul
21:39:26.156 Initialize success
21:50:28.640 AVAST engine defs: 12092300
21:57:02.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:57:02.125 Disk 0 Vendor: FUJITSU_MHT2060AH 006C Size: 57231MB BusType: 3
21:57:02.140 Disk 0 MBR read successfully
21:57:02.140 Disk 0 MBR scan
21:57:02.187 Disk 0 Windows XP default MBR code
21:57:02.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
21:57:02.203 Disk 0 scanning sectors +117194175
21:57:02.328 Disk 0 scanning C:\WINDOWS\system32\drivers
21:57:35.250 Service scanning
21:58:14.500 Modules scanning
21:58:25.984 Disk 0 trace - called modules:
21:58:26.000 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:58:26.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a60dab8]
21:58:26.000 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5c7b00]
21:58:27.671 AVAST engine scan C:\WINDOWS
21:58:41.250 AVAST engine scan C:\WINDOWS\system32
22:04:55.375 AVAST engine scan C:\WINDOWS\system32\drivers
22:05:20.984 AVAST engine scan C:\Documents and Settings\Paul
22:20:34.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul\My Documents\Downloads\MBR.dat"
22:20:34.515 The log file has been saved successfully to "C:\Documents and Settings\Paul\My Documents\Downloads\aswMBR.txt"

I have already done most of these in my other post, but i will bare with you :-)

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 23 September 2012 - 08:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 26 September 2012 - 12:51 PM

ComboFix 12-09-26.02 - Paul 26/09/2012 18:22:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1223 [GMT 1:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Paul\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\documents and settings\Paul\My Documents\~WRL0735.tmp
c:\documents and settings\Paul\WINDOWS
c:\windows\system32\pthreadVC.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-23 16:59 . 2012-09-23 16:59 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Skillbrains
2012-09-16 13:41 . 2012-09-16 13:41 -------- d-----w- c:\documents and settings\Paul\Application Data\Malwarebytes
2012-09-16 13:40 . 2012-09-16 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-16 13:40 . 2012-09-16 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-16 13:40 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 07:44 . 2012-09-16 07:44 -------- d-----w- c:\program files\ESET
2012-09-02 18:23 . 2012-09-02 18:23 -------- d-----w- c:\program files\Enigma Software Group
2012-09-02 18:22 . 2012-09-03 17:31 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-19 14:39 . 2012-08-19 10:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-19 14:39 . 2011-11-10 12:07 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-09-15 12:09 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2006-02-28 12:00 1866112 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="c:\documents and settings\Paul\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe" [2012-02-02 220160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3200 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNDA3200 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
2002-04-17 14:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 09:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-06 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-16 18:34 116648 ----atw- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 09:32 77824 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 09:36 114688 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 09:35 94208 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 15:41 222128 ----a-w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot]
2012-02-02 21:14 220160 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpkrCnfg]
2003-01-08 10:23 49152 ----a-w- c:\windows\system32\DSndUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-29 17:57 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16/09/2012 14:40 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/09/2012 14:40 676936]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [21/07/2011 09:58 4170752]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [20/09/2011 12:42 167936]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [20/09/2011 12:42 1759584]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/08/2012 10:58 106656]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [20/09/2011 12:42 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/09/2012 14:40 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:41 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/08/2012 11:52 250056]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:41 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [20/09/2011 12:42 360529]
S3 ks2avs;Kontrol S2 WDM Audio;c:\windows\system32\drivers\ks2avs.sys [19/08/2012 12:02 346192]
S3 ks2usb_svc;Traktor Kontrol S2;c:\windows\system32\drivers\ks2usb.sys [19/08/2012 12:02 78416]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [14/03/2007 19:48 116416]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 14:39]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:41]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 11:41]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1336601894-839522115-1004Core.job
- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-16 18:34]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1336601894-839522115-1004UA.job
- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-16 18:34]
.
2012-08-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1336601894-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-08-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1336601894-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-09-26 c:\windows\Tasks\update-S-1-5-21-1275210071-1336601894-839522115-1004.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-11-05 22:09]
.
2012-09-17 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-11-05 22:09]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Native Instruments Traktor Kontrol S2 - c:\documents and settings\All Users\Application Data\{8EEC5C53-4702-45AE-81C9-65382C84BAAE}\Traktor Kontrol S2 Setup PC.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-26 18:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-1336601894-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EB499C6B-17E9-50CC-AE784525E8AC56BA}\{8364303F-14D2-EDB9-EF60B5C62A5A1F49}\{622ABE87-D953-3C3E-A5507D8B27591D99}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\documents and settings\Paul\Local Settings\Application Data\Skillbrains\lightshot\3.0.0.0\LightShot.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
.
**************************************************************************
.
Completion time: 2012-09-26 18:43:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-26 17:43
.
Pre-Run: 10,207,232,000 bytes free
Post-Run: 10,233,417,728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6FD968E0CC0821442C3FFF7C7C16BC80

I had no problems as such although i was prompted to install windows recovery console by this software.

#11 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 26 September 2012 - 12:53 PM

Just rebooted and i still have this hijacker! This thing is well annoying. I don't feel confident logging onto anything with this computer which is really stopping me from doing my work from home.

Although thanks for the help on this hopefully we can find a solution.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 26 September 2012 - 03:16 PM

Hello Ectomorph

I want you to uninstall chrome and if asked about user data or settings then remove those also


restart the computer and then reinstall chrome and check it out for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 28 September 2012 - 11:23 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 30 September 2012 - 02:22 PM

Sorry for the wait. I am going through all my accounts making note of my passwords whenever i get free time (I have a lot and have also just come back from holiday). When I have finished I will let you know the outcomes.

Thanks for the patience!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:00 PM

Posted 30 September 2012 - 02:45 PM

No Problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users