Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.gen and trojan.zeroaccess


  • Please log in to reply
20 replies to this topic

#1 vtones

vtones

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 September 2012 - 07:20 PM

Have trojan.gen and trojan.zeroaccess on xp pro machine. Also killed my internet connectivity. Cant get rid of it. Cant fix internet. Is this a hijack backdoor virus that will require a reformat?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:29 PM

Posted 29 September 2012 - 10:11 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 03 October 2012 - 12:13 PM

What do i need to do to fix the internet? It has disabled my line connection and wireless. I cannot get to the internet to download the software.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:29 PM

Posted 03 October 2012 - 01:42 PM

Boot into safemode with networking and let me know if you can access

#5 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2012 - 09:01 PM

Finally fixed internet connection to at least work in safe mode.

TDSSkiller log:

21:43:15.0218 3360 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:43:15.0484 3360 ============================================================
21:43:15.0484 3360 Current date / time: 2012/10/04 21:43:15.0484
21:43:15.0484 3360 SystemInfo:
21:43:15.0484 3360
21:43:15.0484 3360 OS Version: 5.1.2600 ServicePack: 3.0
21:43:15.0484 3360 Product type: Workstation
21:43:15.0484 3360 ComputerName: MDM02
21:43:15.0484 3360 UserName: mdm
21:43:15.0484 3360 Windows directory: C:\WINDOWS
21:43:15.0484 3360 System windows directory: C:\WINDOWS
21:43:15.0484 3360 Processor architecture: Intel x86
21:43:15.0484 3360 Number of processors: 2
21:43:15.0484 3360 Page size: 0x1000
21:43:15.0484 3360 Boot type: Safe boot with network
21:43:15.0484 3360 ============================================================
21:43:17.0171 3360 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:43:17.0171 3360 Drive \Device\Harddisk1\DR2 - Size: 0x200CE0000 (8.01 Gb), SectorSize: 0x200, Cylinders: 0x415, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:43:17.0218 3360 Drive \Device\Harddisk2\DR3 - Size: 0x3BA200000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:43:17.0218 3360 ============================================================
21:43:17.0218 3360 \Device\Harddisk0\DR0:
21:43:17.0218 3360 MBR partitions:
21:43:17.0218 3360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
21:43:17.0218 3360 \Device\Harddisk1\DR2:
21:43:17.0218 3360 MBR partitions:
21:43:17.0218 3360 \Device\Harddisk2\DR3:
21:43:17.0218 3360 MBR partitions:
21:43:17.0218 3360 \Device\Harddisk2\DR3\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1DD0800
21:43:17.0218 3360 ============================================================
21:43:17.0250 3360 C: <-> \Device\Harddisk0\DR0\Partition1
21:43:17.0250 3360 ============================================================
21:43:17.0250 3360 Initialize success
21:43:17.0250 3360 ============================================================
21:43:33.0890 2396 ============================================================
21:43:33.0890 2396 Scan started
21:43:33.0890 2396 Mode: Manual; TDLFS;
21:43:33.0890 2396 ============================================================
21:43:35.0750 2396 ================ Scan system memory ========================
21:43:36.0968 2396 System memory - ok
21:43:36.0968 2396 ================ Scan services =============================
21:43:37.0250 2396 [ 17067069B9A7865028C1F2E6971D0CCC ] aawservice C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
21:43:37.0265 2396 aawservice - ok
21:43:37.0359 2396 Abiosdsk - ok
21:43:37.0390 2396 abp480n5 - ok
21:43:37.0453 2396 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:43:37.0453 2396 ACPI - ok
21:43:37.0500 2396 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:43:37.0500 2396 ACPIEC - ok
21:43:37.0546 2396 [ C6F1BBA566DD2EEF2D8FB9D25E8EB9A4 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:43:37.0546 2396 ADIHdAudAddService - ok
21:43:37.0578 2396 adpu160m - ok
21:43:37.0625 2396 [ C984DE22ED71414ABC42C1E03D412E33 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
21:43:37.0625 2396 AEAudioService - ok
21:43:37.0687 2396 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:43:37.0687 2396 aec - ok
21:43:37.0750 2396 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:43:37.0750 2396 AFD - ok
21:43:37.0765 2396 Aha154x - ok
21:43:37.0812 2396 aic78u2 - ok
21:43:37.0843 2396 aic78xx - ok
21:43:37.0890 2396 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:43:37.0890 2396 Alerter - ok
21:43:37.0937 2396 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:43:37.0937 2396 ALG - ok
21:43:37.0953 2396 AliIde - ok
21:43:37.0984 2396 amsint - ok
21:43:38.0171 2396 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:43:38.0171 2396 Apple Mobile Device - ok
21:43:38.0218 2396 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:43:38.0234 2396 AppMgmt - ok
21:43:38.0250 2396 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:43:38.0265 2396 Arp1394 - ok
21:43:38.0281 2396 asc - ok
21:43:38.0328 2396 asc3350p - ok
21:43:38.0359 2396 asc3550 - ok
21:43:38.0531 2396 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:43:38.0546 2396 aspnet_state - ok
21:43:38.0593 2396 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:43:38.0593 2396 AsyncMac - ok
21:43:38.0656 2396 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:43:38.0656 2396 atapi - ok
21:43:38.0687 2396 Atdisk - ok
21:43:38.0734 2396 [ 870D480C911A7EE9A98B3CB190D95D22 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:43:38.0750 2396 Ati HotKey Poller - ok
21:43:38.0953 2396 [ 7554246A1F39CEFD6C42B80016BDCCA8 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:43:39.0046 2396 ati2mtag - ok
21:43:39.0109 2396 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:43:39.0125 2396 Atmarpc - ok
21:43:39.0156 2396 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:43:39.0156 2396 AudioSrv - ok
21:43:39.0203 2396 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:43:39.0203 2396 audstub - ok
21:43:39.0296 2396 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
21:43:39.0296 2396 Autodesk Licensing Service - ok
21:43:39.0359 2396 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:43:39.0359 2396 b57w2k - ok
21:43:39.0437 2396 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:43:39.0437 2396 Beep - ok
21:43:39.0531 2396 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:43:39.0531 2396 Bonjour Service - ok
21:43:39.0593 2396 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
21:43:39.0593 2396 Browser - ok
21:43:39.0609 2396 catchme - ok
21:43:39.0687 2396 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:43:39.0687 2396 cbidf2k - ok
21:43:39.0734 2396 [ 63BEDDDE9E5C3B2ACD303DF1843B097A ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:43:39.0750 2396 ccEvtMgr - ok
21:43:39.0765 2396 [ 63BEDDDE9E5C3B2ACD303DF1843B097A ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:43:39.0765 2396 ccSetMgr - ok
21:43:39.0796 2396 cd20xrnt - ok
21:43:39.0859 2396 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:43:39.0859 2396 Cdaudio - ok
21:43:39.0890 2396 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:43:39.0890 2396 Cdfs - ok
21:43:39.0937 2396 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:43:39.0937 2396 Cdrom - ok
21:43:39.0953 2396 Changer - ok
21:43:40.0031 2396 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:43:40.0031 2396 CiSvc - ok
21:43:40.0046 2396 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:43:40.0062 2396 ClipSrv - ok
21:43:40.0109 2396 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:43:40.0234 2396 clr_optimization_v2.0.50727_32 - ok
21:43:40.0265 2396 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:43:40.0265 2396 CmBatt - ok
21:43:40.0296 2396 CmdIde - ok
21:43:40.0328 2396 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:43:40.0328 2396 Compbatt - ok
21:43:40.0359 2396 COMSysApp - ok
21:43:40.0437 2396 Cpqarray - ok
21:43:40.0515 2396 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:43:40.0531 2396 CryptSvc - ok
21:43:40.0546 2396 dac2w2k - ok
21:43:40.0578 2396 dac960nt - ok
21:43:40.0671 2396 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:43:40.0750 2396 DcomLaunch - ok
21:43:40.0828 2396 [ 6824007C0ECEC46EDD64D7A9D86EBA84 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
21:43:40.0828 2396 DeviceMonitorService - ok
21:43:40.0859 2396 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:43:40.0875 2396 Dhcp - ok
21:43:40.0906 2396 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:43:40.0906 2396 Disk - ok
21:43:40.0937 2396 dmadmin - ok
21:43:41.0062 2396 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:43:41.0093 2396 dmboot - ok
21:43:41.0109 2396 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:43:41.0125 2396 dmio - ok
21:43:41.0171 2396 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:43:41.0171 2396 dmload - ok
21:43:41.0218 2396 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:43:41.0218 2396 dmserver - ok
21:43:41.0375 2396 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:43:41.0375 2396 DMusic - ok
21:43:41.0421 2396 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:43:41.0421 2396 Dnscache - ok
21:43:41.0546 2396 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:43:41.0546 2396 Dot3svc - ok
21:43:41.0562 2396 dpti2o - ok
21:43:41.0609 2396 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:43:41.0609 2396 drmkaud - ok
21:43:41.0656 2396 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:43:41.0656 2396 EapHost - ok
21:43:41.0765 2396 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:43:41.0765 2396 eeCtrl - ok
21:43:41.0843 2396 [ CD64CE62BE47DF0E9A459FD9002221FE ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
21:43:41.0890 2396 EpsonBidirectionalService - ok
21:43:41.0937 2396 [ 12CDB5DC7774298223099D6E41ED5CE7 ] EPSONStatusAgent2 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
21:43:41.0937 2396 EPSONStatusAgent2 - ok
21:43:41.0984 2396 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:43:41.0984 2396 EraserUtilRebootDrv - ok
21:43:42.0062 2396 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:43:42.0078 2396 ERSvc - ok
21:43:42.0125 2396 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:43:42.0156 2396 Eventlog - ok
21:43:42.0234 2396 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:43:42.0234 2396 EventSystem - ok
21:43:42.0312 2396 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:43:42.0312 2396 Fastfat - ok
21:43:42.0359 2396 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:43:42.0375 2396 FastUserSwitchingCompatibility - ok
21:43:42.0406 2396 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:43:42.0406 2396 Fdc - ok
21:43:42.0437 2396 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:43:42.0437 2396 Fips - ok
21:43:42.0500 2396 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:43:42.0515 2396 FLEXnet Licensing Service - ok
21:43:42.0562 2396 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:43:42.0562 2396 Flpydisk - ok
21:43:42.0609 2396 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:43:42.0609 2396 FltMgr - ok
21:43:42.0687 2396 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:43:42.0687 2396 FontCache3.0.0.0 - ok
21:43:42.0734 2396 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:43:42.0734 2396 Fs_Rec - ok
21:43:42.0765 2396 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:43:42.0765 2396 Ftdisk - ok
21:43:42.0828 2396 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:43:42.0828 2396 GEARAspiWDM - ok
21:43:42.0875 2396 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:43:42.0875 2396 Gpc - ok
21:43:42.0921 2396 [ CA835331825599B938E37525796D3549 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
21:43:42.0921 2396 GTIPCI21 - ok
21:43:43.0093 2396 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:43:43.0109 2396 gusvc - ok
21:43:43.0171 2396 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:43:43.0171 2396 HDAudBus - ok
21:43:43.0328 2396 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:43:43.0328 2396 helpsvc - ok
21:43:43.0406 2396 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:43:43.0406 2396 HidServ - ok
21:43:43.0437 2396 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:43:43.0437 2396 HidUsb - ok
21:43:43.0484 2396 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:43:43.0500 2396 hkmsvc - ok
21:43:43.0515 2396 hpn - ok
21:43:43.0578 2396 [ D8D9DED6DCC4E3AEE633E6BA462B75C4 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:43:43.0593 2396 HSFHWAZL - ok
21:43:43.0656 2396 [ 2DF42CF7300B14B15953218A2B32217C ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:43:43.0671 2396 HSF_DPV - ok
21:43:43.0734 2396 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:43:43.0734 2396 HTTP - ok
21:43:43.0796 2396 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:43:43.0796 2396 HTTPFilter - ok
21:43:43.0828 2396 i2omgmt - ok
21:43:43.0859 2396 i2omp - ok
21:43:43.0921 2396 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:43:43.0921 2396 i8042prt - ok
21:43:44.0093 2396 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:43:44.0093 2396 IDriverT - ok
21:43:44.0203 2396 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:43:44.0218 2396 idsvc - ok
21:43:44.0265 2396 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:43:44.0265 2396 Imapi - ok
21:43:44.0296 2396 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:43:44.0312 2396 ImapiService - ok
21:43:44.0343 2396 ini910u - ok
21:43:44.0421 2396 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:43:44.0437 2396 IntelIde - ok
21:43:44.0468 2396 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:43:44.0468 2396 intelppm - ok
21:43:44.0500 2396 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:43:44.0500 2396 Ip6Fw - ok
21:43:44.0546 2396 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:43:44.0546 2396 IpFilterDriver - ok
21:43:44.0578 2396 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:43:44.0578 2396 IpInIp - ok
21:43:44.0625 2396 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:43:44.0625 2396 IpNat - ok
21:43:44.0718 2396 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:43:44.0734 2396 iPod Service - ok
21:43:44.0796 2396 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:43:44.0843 2396 IPSec - ok
21:43:44.0906 2396 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:43:44.0921 2396 IRENUM - ok
21:43:45.0000 2396 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:43:45.0000 2396 isapnp - ok
21:43:45.0218 2396 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:43:45.0234 2396 JavaQuickStarterService - ok
21:43:45.0281 2396 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:43:45.0296 2396 Kbdclass - ok
21:43:45.0343 2396 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:43:45.0343 2396 kbdhid - ok
21:43:45.0390 2396 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:43:45.0390 2396 kmixer - ok
21:43:45.0437 2396 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:43:45.0437 2396 KSecDD - ok
21:43:45.0484 2396 [ 5A11400EA1F0A106FE7EDB28C270F7B8 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:43:45.0484 2396 L8042Kbd - ok
21:43:45.0531 2396 [ 20C919B52897B72EBCB2AD2FC29D8EF0 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
21:43:45.0531 2396 L8042mou - ok
21:43:45.0578 2396 [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:43:45.0578 2396 LanmanServer - ok
21:43:45.0625 2396 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:43:45.0625 2396 lanmanworkstation - ok
21:43:45.0640 2396 lbrtfdc - ok
21:43:45.0718 2396 [ 31B582394DA3290DFF300F10952E9A4D ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
21:43:45.0718 2396 LHidKe - ok
21:43:45.0968 2396 [ 64C6BF10972885B3260DDA2CA328430D ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:43:45.0984 2396 LiveUpdate - ok
21:43:46.0062 2396 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:43:46.0062 2396 LmHosts - ok
21:43:46.0093 2396 [ 90A794D0A0BF3531C4BA1C0510449629 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
21:43:46.0093 2396 LMouKE - ok
21:43:46.0187 2396 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:43:46.0187 2396 MDM - ok
21:43:46.0218 2396 [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:43:46.0218 2396 mdmxsdk - ok
21:43:46.0265 2396 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:43:46.0265 2396 Messenger - ok
21:43:46.0312 2396 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:43:46.0312 2396 mnmdd - ok
21:43:46.0343 2396 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:43:46.0359 2396 mnmsrvc - ok
21:43:46.0406 2396 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:43:46.0406 2396 Modem - ok
21:43:46.0468 2396 [ 290750346F5937B02F62594B8EB03215 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
21:43:46.0468 2396 MotoHelper - ok
21:43:46.0515 2396 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:43:46.0515 2396 Mouclass - ok
21:43:46.0546 2396 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:43:46.0546 2396 mouhid - ok
21:43:46.0593 2396 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:43:46.0593 2396 MountMgr - ok
21:43:46.0609 2396 mraid35x - ok
21:43:46.0656 2396 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:43:46.0656 2396 MRxDAV - ok
21:43:46.0734 2396 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:43:46.0750 2396 MRxSmb - ok
21:43:46.0796 2396 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:43:46.0796 2396 MSDTC - ok
21:43:46.0859 2396 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:43:46.0859 2396 Msfs - ok
21:43:46.0875 2396 MSIServer - ok
21:43:46.0921 2396 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:43:46.0921 2396 MSKSSRV - ok
21:43:46.0984 2396 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:43:46.0984 2396 MSPCLOCK - ok
21:43:47.0015 2396 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:43:47.0031 2396 MSPQM - ok
21:43:47.0062 2396 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:43:47.0062 2396 mssmbios - ok
21:43:47.0093 2396 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:43:47.0093 2396 Mup - ok
21:43:47.0156 2396 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:43:47.0171 2396 napagent - ok
21:43:47.0265 2396 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120922.008\NAVENG.SYS
21:43:47.0265 2396 NAVENG - ok
21:43:47.0406 2396 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120922.008\NAVEX15.SYS
21:43:47.0421 2396 NAVEX15 - ok
21:43:47.0484 2396 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:43:47.0484 2396 NDIS - ok
21:43:47.0531 2396 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:43:47.0531 2396 NdisTapi - ok
21:43:47.0578 2396 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:43:47.0578 2396 Ndisuio - ok
21:43:47.0625 2396 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:43:47.0625 2396 NdisWan - ok
21:43:47.0656 2396 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:43:47.0656 2396 NDProxy - ok
21:43:47.0687 2396 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:43:47.0687 2396 NetBIOS - ok
21:43:47.0734 2396 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:43:47.0734 2396 NetBT - ok
21:43:47.0781 2396 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:43:47.0796 2396 NetDDE - ok
21:43:47.0812 2396 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:43:47.0812 2396 NetDDEdsdm - ok
21:43:47.0875 2396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:43:47.0875 2396 Netlogon - ok
21:43:47.0906 2396 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:43:47.0921 2396 Netman - ok
21:43:48.0000 2396 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:43:48.0000 2396 NetTcpPortSharing - ok
21:43:48.0125 2396 [ 71371ED9086A3D65F43967C89634E9A9 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:43:48.0156 2396 NETw3x32 - ok
21:43:48.0203 2396 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:43:48.0203 2396 NIC1394 - ok
21:43:48.0265 2396 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
21:43:48.0265 2396 Nla - ok
21:43:48.0343 2396 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
21:43:48.0343 2396 NMSAccess - ok
21:43:48.0375 2396 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:43:48.0375 2396 Npfs - ok
21:43:48.0421 2396 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:43:48.0437 2396 Ntfs - ok
21:43:48.0453 2396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:43:48.0453 2396 NtLmSsp - ok
21:43:48.0531 2396 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:43:48.0531 2396 NtmsSvc - ok
21:43:48.0578 2396 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:43:48.0578 2396 Null - ok
21:43:48.0609 2396 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:43:48.0609 2396 NwlnkFlt - ok
21:43:48.0656 2396 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:43:48.0656 2396 NwlnkFwd - ok
21:43:48.0687 2396 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:43:48.0687 2396 ohci1394 - ok
21:43:48.0750 2396 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:43:48.0750 2396 ose - ok
21:43:48.0828 2396 [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
21:43:48.0828 2396 PalmUSBD - ok
21:43:48.0875 2396 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:43:48.0875 2396 Parport - ok
21:43:48.0921 2396 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:43:48.0921 2396 PartMgr - ok
21:43:49.0015 2396 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:43:49.0015 2396 ParVdm - ok
21:43:49.0062 2396 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:43:49.0062 2396 PCI - ok
21:43:49.0078 2396 PCIDump - ok
21:43:49.0125 2396 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:43:49.0125 2396 PCIIde - ok
21:43:49.0187 2396 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:43:49.0187 2396 Pcmcia - ok
21:43:49.0203 2396 PDCOMP - ok
21:43:49.0234 2396 PDFRAME - ok
21:43:49.0281 2396 PDRELI - ok
21:43:49.0312 2396 PDRFRAME - ok
21:43:49.0343 2396 perc2 - ok
21:43:49.0390 2396 perc2hib - ok
21:43:49.0515 2396 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:43:49.0515 2396 PlugPlay - ok
21:43:49.0546 2396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:43:49.0562 2396 PolicyAgent - ok
21:43:49.0593 2396 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:43:49.0593 2396 PptpMiniport - ok
21:43:49.0625 2396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:43:49.0625 2396 ProtectedStorage - ok
21:43:49.0687 2396 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:43:49.0687 2396 PSched - ok
21:43:49.0718 2396 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:43:49.0718 2396 Ptilink - ok
21:43:49.0750 2396 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:43:49.0750 2396 PxHelp20 - ok
21:43:49.0781 2396 ql1080 - ok
21:43:49.0812 2396 Ql10wnt - ok
21:43:49.0843 2396 ql12160 - ok
21:43:49.0875 2396 ql1240 - ok
21:43:49.0921 2396 ql1280 - ok
21:43:49.0984 2396 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:43:49.0984 2396 RasAcd - ok
21:43:50.0015 2396 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:43:50.0031 2396 RasAuto - ok
21:43:50.0062 2396 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:43:50.0078 2396 Rasl2tp - ok
21:43:50.0156 2396 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:43:50.0156 2396 RasMan - ok
21:43:50.0218 2396 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:43:50.0250 2396 RasPppoe - ok
21:43:50.0328 2396 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:43:50.0328 2396 Raspti - ok
21:43:50.0375 2396 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:43:50.0375 2396 Rdbss - ok
21:43:50.0406 2396 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:43:50.0406 2396 RDPCDD - ok
21:43:50.0531 2396 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:43:50.0531 2396 rdpdr - ok
21:43:50.0718 2396 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:43:50.0781 2396 RDPWD - ok
21:43:50.0875 2396 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:43:50.0890 2396 RDSessMgr - ok
21:43:50.0921 2396 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:43:50.0921 2396 redbook - ok
21:43:51.0000 2396 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:43:51.0125 2396 RemoteAccess - ok
21:43:51.0234 2396 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:43:51.0359 2396 RemoteRegistry - ok
21:43:51.0484 2396 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:43:51.0484 2396 RpcLocator - ok
21:43:51.0562 2396 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:43:51.0562 2396 RpcSs - ok
21:43:51.0625 2396 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:43:51.0625 2396 RSVP - ok
21:43:51.0671 2396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:43:51.0671 2396 SamSs - ok
21:43:51.0703 2396 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:43:51.0718 2396 SCardSvr - ok
21:43:51.0890 2396 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:43:51.0906 2396 Schedule - ok
21:43:52.0000 2396 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:43:52.0000 2396 sdbus - ok
21:43:52.0109 2396 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:43:52.0109 2396 SeaPort - ok
21:43:52.0140 2396 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:43:52.0203 2396 Secdrv - ok
21:43:52.0406 2396 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:43:52.0437 2396 seclogon - ok
21:43:52.0468 2396 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:43:52.0500 2396 SENS - ok
21:43:52.0562 2396 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:43:52.0578 2396 Serenum - ok
21:43:52.0609 2396 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:43:52.0609 2396 Serial - ok
21:43:52.0937 2396 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:43:52.0937 2396 Sfloppy - ok
21:43:53.0046 2396 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:43:53.0046 2396 ShellHWDetection - ok
21:43:53.0062 2396 Simbad - ok
21:43:53.0468 2396 [ 2B945648040D8E57D58F68F9E42F5250 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
21:43:53.0562 2396 SmcService - ok
21:43:53.0671 2396 [ 98B316CCD3315375F9387B24E444C3AE ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
21:43:53.0718 2396 SNAC - ok
21:43:53.0765 2396 Sparrow - ok
21:43:53.0875 2396 [ CB5A4E90451D80D415F0A6DBB86D1D9F ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:43:53.0890 2396 SPBBCDrv - ok
21:43:53.0937 2396 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:43:54.0000 2396 splitter - ok
21:43:54.0078 2396 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:43:54.0109 2396 Spooler - ok
21:43:54.0156 2396 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:43:54.0171 2396 sr - ok
21:43:54.0218 2396 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:43:54.0218 2396 srservice - ok
21:43:54.0390 2396 [ 655773F2F1A3730C6CF20280A49F4EE1 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
21:43:54.0421 2396 SRTSP - ok
21:43:54.0453 2396 [ 2A0AAF370D4C6574A34AE2F4A0709CAE ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
21:43:54.0453 2396 SRTSPL - ok
21:43:54.0500 2396 [ 3104BDCEACE2D5710776DD05E6A286C1 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
21:43:54.0500 2396 SRTSPX - ok
21:43:54.0562 2396 [ DA852E3E0BF1CEA75D756F9866241E57 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:43:54.0578 2396 Srv - ok
21:43:54.0625 2396 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:43:54.0640 2396 SSDPSRV - ok
21:43:54.0687 2396 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
21:43:54.0687 2396 StarOpen - ok
21:43:54.0734 2396 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:43:54.0734 2396 stisvc - ok
21:43:54.0765 2396 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:43:54.0765 2396 swenum - ok
21:43:54.0812 2396 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:43:54.0812 2396 swmidi - ok
21:43:54.0828 2396 SwPrv - ok
21:43:54.0984 2396 [ 965AA2B1385F4AAB2EA67FE0737ACF66 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
21:43:55.0000 2396 Symantec AntiVirus - ok
21:43:55.0015 2396 symc810 - ok
21:43:55.0062 2396 symc8xx - ok
21:43:55.0125 2396 [ 4517BD567D4EAB459194FECCFA654A51 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:43:55.0125 2396 SymEvent - ok
21:43:55.0171 2396 [ 829830A3CA1C5E329D68E26C9CD2DE8D ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:43:55.0187 2396 SYMREDRV - ok
21:43:55.0250 2396 [ B1AA9704124B494C34E8D372E6654196 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:43:55.0250 2396 SYMTDI - ok
21:43:55.0265 2396 sym_hi - ok
21:43:55.0312 2396 sym_u3 - ok
21:43:55.0359 2396 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:43:55.0359 2396 sysaudio - ok
21:43:55.0406 2396 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:43:55.0406 2396 SysmonLog - ok
21:43:55.0468 2396 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:43:55.0468 2396 TapiSrv - ok
21:43:55.0515 2396 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:43:55.0531 2396 Tcpip - ok
21:43:55.0562 2396 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:43:55.0562 2396 TDPIPE - ok
21:43:55.0609 2396 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:43:55.0609 2396 TDTCP - ok
21:43:55.0640 2396 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:43:55.0640 2396 TermDD - ok
21:43:55.0734 2396 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:43:55.0750 2396 TermService - ok
21:43:55.0796 2396 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:43:55.0796 2396 Themes - ok
21:43:55.0859 2396 [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
21:43:55.0859 2396 tifm21 - ok
21:43:55.0890 2396 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:43:55.0921 2396 TlntSvr - ok
21:43:55.0937 2396 TosIde - ok
21:43:56.0000 2396 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:43:56.0000 2396 TrkWks - ok
21:43:56.0046 2396 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:43:56.0062 2396 Udfs - ok
21:43:56.0078 2396 UIUSys - ok
21:43:56.0109 2396 ultra - ok
21:43:56.0187 2396 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:43:56.0203 2396 Update - ok
21:43:56.0250 2396 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:43:56.0265 2396 upnphost - ok
21:43:56.0312 2396 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:43:56.0312 2396 UPS - ok
21:43:56.0375 2396 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:43:56.0375 2396 usbccgp - ok
21:43:56.0421 2396 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:43:56.0421 2396 usbehci - ok
21:43:56.0453 2396 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:43:56.0453 2396 usbhub - ok
21:43:56.0500 2396 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:43:56.0500 2396 usbprint - ok
21:43:56.0546 2396 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:43:56.0546 2396 usbscan - ok
21:43:56.0593 2396 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:43:56.0593 2396 USBSTOR - ok
21:43:56.0625 2396 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:43:56.0625 2396 usbuhci - ok
21:43:56.0671 2396 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:43:56.0671 2396 VgaSave - ok
21:43:56.0703 2396 ViaIde - ok
21:43:56.0750 2396 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:43:56.0765 2396 VolSnap - ok
21:43:56.0781 2396 vsdatant - ok
21:43:56.0843 2396 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:43:56.0843 2396 VSS - ok
21:43:56.0906 2396 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:43:56.0906 2396 W32Time - ok
21:43:56.0968 2396 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:43:56.0968 2396 Wanarp - ok
21:43:57.0000 2396 WDICA - ok
21:43:57.0046 2396 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:43:57.0046 2396 wdmaud - ok
21:43:57.0093 2396 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:43:57.0093 2396 WebClient - ok
21:43:57.0203 2396 [ 86723EA860346FBE5490835344CAD939 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:43:57.0218 2396 winachsf - ok
21:43:57.0328 2396 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:43:57.0328 2396 winmgmt - ok
21:43:57.0437 2396 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:43:57.0437 2396 WmdmPmSN - ok
21:43:57.0500 2396 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:43:57.0515 2396 Wmi - ok
21:43:57.0562 2396 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:43:57.0562 2396 WmiAcpi - ok
21:43:57.0609 2396 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:43:57.0609 2396 WmiApSrv - ok
21:43:57.0718 2396 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:43:57.0734 2396 WMPNetworkSvc - ok
21:43:57.0796 2396 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:43:57.0796 2396 WS2IFSL - ok
21:43:57.0843 2396 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:43:57.0843 2396 WudfPf - ok
21:43:57.0875 2396 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:43:57.0875 2396 WudfRd - ok
21:43:57.0937 2396 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:43:58.0000 2396 WudfSvc - ok
21:43:58.0062 2396 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:43:58.0078 2396 WZCSVC - ok
21:43:58.0125 2396 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:43:58.0125 2396 xmlprov - ok
21:43:58.0187 2396 ================ Scan global ===============================
21:43:58.0234 2396 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:43:58.0265 2396 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
21:43:58.0296 2396 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
21:43:58.0328 2396 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:43:58.0343 2396 [Global] - ok
21:43:58.0343 2396 ================ Scan MBR ==================================
21:43:58.0375 2396 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:43:58.0609 2396 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:43:58.0609 2396 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:43:58.0640 2396 [ F1DECB1EE4A9C00EC8F602265444D1AC ] \Device\Harddisk1\DR2
21:44:01.0625 2396 \Device\Harddisk1\DR2 - ok
21:44:01.0656 2396 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR3
21:44:01.0812 2396 \Device\Harddisk2\DR3 - ok
21:44:01.0812 2396 ================ Scan VBR ==================================
21:44:01.0906 2396 [ ED13CA34FF25822019E053E37DB08B34 ] \Device\Harddisk0\DR0\Partition1
21:44:01.0921 2396 \Device\Harddisk0\DR0\Partition1 - ok
21:44:01.0953 2396 [ 5838F51DFCB500550F0A9E1369A26E04 ] \Device\Harddisk2\DR3\Partition1
21:44:01.0953 2396 \Device\Harddisk2\DR3\Partition1 - ok
21:44:01.0968 2396 ============================================================
21:44:01.0968 2396 Scan finished
21:44:01.0968 2396 ============================================================
21:44:02.0031 1232 Detected object count: 1
21:44:02.0031 1232 Actual detected object count: 1
21:44:31.0609 1232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:44:31.0609 1232 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#6 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2012 - 09:16 PM

Not sure the ASWMBR finished scannign even in safe mode. It appeared to lock up. Here is the log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 21:49:03
-----------------------------
21:49:03.625 OS Version: Windows 5.1.2600 Service Pack 3
21:49:03.625 Number of processors: 2 586 0xE08
21:49:03.625 ComputerName: MDM02 UserName: mdm
21:49:05.578 Initialize success
21:55:56.531 AVAST engine defs: 12100500
21:56:05.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:56:05.843 Disk 0 Vendor: HTS541010G9SA00 MBZOC60P Size: 95396MB BusType: 3
21:56:05.890 Disk 0 MBR read successfully
21:56:05.906 Disk 0 MBR scan
21:56:05.953 Disk 0 Windows XP default MBR code
21:56:05.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95385 MB offset 63
21:56:06.015 Disk 0 scanning sectors +195350400
21:56:06.125 Disk 0 scanning C:\WINDOWS\system32\drivers
21:56:14.781 Service scanning
21:56:34.328 Modules scanning
21:56:39.984 Disk 0 trace - called modules:
21:56:40.062 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
21:56:40.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae115c0]
21:56:40.109 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000097[0x8ad63490]
21:56:40.312 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad1a940]
21:56:42.234 AVAST engine scan C:\WINDOWS
21:56:53.968 AVAST engine scan C:\WINDOWS\system32
21:59:42.421 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:01:48.390 AVAST engine scan C:\WINDOWS\system32\drivers
22:02:12.578 AVAST engine scan C:\Documents and Settings\mdm
22:11:26.015 AVAST engine scan C:\Documents and Settings\All Users
22:13:12.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mdm\Desktop\MBR.dat"
22:13:12.468 The log file has been saved successfully to "C:\Documents and Settings\mdm\Desktop\aswMBR.txt"

#7 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2012 - 10:18 PM

ESET scanner log:

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0UKZBUYL\kittyflix_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NKA1IPAW\cse[2].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NKA1IPAW\cse[3].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T34QVLUP\37938-15[1].js HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T34QVLUP\37938-15[2].js HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T34QVLUP\37938-15[3].js HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T34QVLUP\cse[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
Operating memory multiple threats

#8 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2012 - 10:29 PM

All of the above scans I had to run in safe mode. Not sure the ASWMBR finished scanning, it appeared to lock up. Would it be safe to copy my docuemnt, picture, and song files to an external hard drive wheil I still have this virus or should I wait until this is resolved?

What should I do next? Thank you!

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:29 PM

Posted 05 October 2012 - 05:13 AM

Lets remove the infections first.

Reboot to normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#10 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 October 2012 - 06:52 PM

I ran the malwarebytes and can now only boot in safe mode. Log is below:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.05.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
mdm :: MDM02 [administrator]

10/5/2012 9:51:31 AM
mbam-log-2012-10-05 (09-51-31).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324772
Time elapsed: 55 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5577 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$e42cdc57616ac478887b95dd4884c360\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\RECYCLER\S-1-5-18\$e42cdc57616ac478887b95dd4884c360\n (Trojan.0Access) -> Delete on reboot.
C:\RECYCLER\S-1-5-18\$e42cdc57616ac478887b95dd4884c360\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$e42cdc57616ac478887b95dd4884c360\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$e42cdc57616ac478887b95dd4884c360\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$e42cdc57616ac478887b95dd4884c360\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$e42cdc57616ac478887b95dd4884c360\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A11D64A7-D852-4899-AD28-B74D76AD45B3}\RP639\A0032205.ini (Trojan.0access) -> Quarantined and deleted successfully.

(end)

#11 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 October 2012 - 06:58 PM

Mini Toolbox log (from Safe Mode):

MiniToolBox by Farbar Version: 23-07-2012
Ran by mdm (administrator) on 05-10-2012 at 19:52:50
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [MDM02]. Some commands may not be available.
The specified module could not be found.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : MDM02

Primary Dns Suffix . . . . . . . : Msquaredngineering.local

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Msquaredngineering.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-16-D4-06-D1-1D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.25.54

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.25.1

DHCP Server . . . . . . . . . . . : 192.168.25.1

DNS Servers . . . . . . . . . . . : 192.168.25.1

Lease Obtained. . . . . . . . . . : Friday, October 05, 2012 7:45:56 PM

Lease Expires . . . . . . . . . . : Saturday, October 06, 2012 7:45:56 PM

Server: UnKnown
Address: 192.168.25.1

Name: google.com
Addresses: 74.125.227.105, 74.125.227.110, 74.125.227.96, 74.125.227.97
74.125.227.98, 74.125.227.99, 74.125.227.100, 74.125.227.101, 74.125.227.102
74.125.227.103, 74.125.227.104



Pinging google.com [74.125.227.97] with 32 bytes of data:



Reply from 74.125.227.97: bytes=32 time=52ms TTL=48

Reply from 74.125.227.97: bytes=32 time=50ms TTL=48



Ping statistics for 74.125.227.97:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 52ms, Average = 51ms

Server: UnKnown
Address: 192.168.25.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=702ms TTL=53

Reply from 72.30.38.140: bytes=32 time=1318ms TTL=53



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 702ms, Maximum = 1318ms, Average = 1010ms

Server: UnKnown
Address: 192.168.25.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 d4 06 d1 1d ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.25.1 192.168.25.54 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.25.0 255.255.255.0 192.168.25.54 192.168.25.54 20
192.168.25.54 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.25.255 255.255.255.255 192.168.25.54 192.168.25.54 20
224.0.0.0 240.0.0.0 192.168.25.54 192.168.25.54 20
255.255.255.255 255.255.255.255 192.168.25.54 192.168.25.54 1
Default Gateway: 192.168.25.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/05/2012 07:46:26 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/05/2012 07:46:15 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/05/2012 07:46:10 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/05/2012 06:31:48 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (10/05/2012 05:00:04 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (10/05/2012 02:29:23 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/05/2012 02:29:23 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/05/2012 10:47:21 AM) (Source: Symantec AntiVirus) (User: )
Description: TruScan has generated an error: code 14: description: CAL Failure

Error: (10/05/2012 09:45:15 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/05/2012 09:45:03 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.


System errors:
=============
Error: (10/05/2012 07:46:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/05/2012 07:46:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (10/05/2012 07:46:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (10/05/2012 07:46:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (10/05/2012 07:46:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (10/05/2012 07:46:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (10/05/2012 07:46:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (10/05/2012 07:46:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (10/05/2012 07:46:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (10/05/2012 07:46:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}


Microsoft Office Sessions:
=========================
Error: (10/05/2012 07:46:26 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: The specified domain either does not exist or could not be contacted.

Error: (10/05/2012 07:46:15 PM) (Source: WinMgmt)(User: )
Description:

Error: (10/05/2012 07:46:10 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: The specified domain either does not exist or could not be contacted.

Error: (10/05/2012 06:31:48 PM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (10/05/2012 05:00:04 PM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (10/05/2012 02:29:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/05/2012 02:29:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/05/2012 10:47:21 AM) (Source: Symantec AntiVirus)(User: )
Description: TruScan has generated an error: code 14: description: CAL Failure

Error: (10/05/2012 09:45:15 AM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: The specified domain either does not exist or could not be contacted.

Error: (10/05/2012 09:45:03 AM) (Source: WinMgmt)(User: )
Description:


=========================== Installed Programs ============================

AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Ad-Aware (Version: 7.1.0.7)
Adobe Acrobat 8 Professional (Version: 8.2.0)
Adobe Acrobat 8.2.0 - CPSID_52074
Adobe Acrobat 8.2.0 Professional (Version: 8.2.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 Plugin (Version: 10.1.82.76)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.2 (Version: 9.2.0)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression
ATI Catalyst Control Center (Version: 2.008.0122.1518)
ATI Display Driver (Version: 8.453-080122a-060293C)
Autodesk Civil 3D - Civil Design Companion 2007 (Version: 17.0.266.0)
Autodesk DWF Viewer (Version: 6.5)
Autodesk Land Desktop 2007 (Version: 17.0.266.0)
AutoUpdate (Version: 1.1)
Bentley FlowMaster (Version: 08.01.066.00)
Bonjour (Version: 3.0.0.10)
Broadcom NetXtreme Ethernet Controller (Version: 8.22.12)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0122.1519.27310)
Catalyst Control Center Graphics Full Existing (Version: 2008.0122.1519.27310)
Catalyst Control Center Graphics Full New (Version: 2008.0122.1519.27310)
Catalyst Control Center Graphics Light (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Czech (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Danish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Dutch (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Finnish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization French (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization German (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Greek (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Hungarian (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Italian (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Japanese (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Korean (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Norwegian (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Polish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Portuguese (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Russian (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Spanish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Swedish (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Thai (Version: 2008.0122.1519.27310)
Catalyst Control Center Localization Turkish (Version: 2008.0122.1519.27310)
ccc-core-preinstall (Version: 2008.0122.1519.27310)
ccc-core-static (Version: 2008.0122.1519.27310)
ccc-utility (Version: 2008.0122.1519.27310)
CCC Help Chinese Standard (Version: 2008.0122.1518.27310)
CCC Help Chinese Traditional (Version: 2008.0122.1518.27310)
CCC Help Czech (Version: 2008.0122.1518.27310)
CCC Help Danish (Version: 2008.0122.1518.27310)
CCC Help Dutch (Version: 2008.0122.1518.27310)
CCC Help English (Version: 2008.0122.1518.27310)
CCC Help Finnish (Version: 2008.0122.1518.27310)
CCC Help French (Version: 2008.0122.1518.27310)
CCC Help German (Version: 2008.0122.1518.27310)
CCC Help Greek (Version: 2008.0122.1518.27310)
CCC Help Hungarian (Version: 2008.0122.1518.27310)
CCC Help Italian (Version: 2008.0122.1518.27310)
CCC Help Japanese (Version: 2008.0122.1518.27310)
CCC Help Korean (Version: 2008.0122.1518.27310)
CCC Help Norwegian (Version: 2008.0122.1518.27310)
CCC Help Polish (Version: 2008.0122.1518.27310)
CCC Help Portuguese (Version: 2008.0122.1518.27310)
CCC Help Russian (Version: 2008.0122.1518.27310)
CCC Help Spanish (Version: 2008.0122.1518.27310)
CCC Help Swedish (Version: 2008.0122.1518.27310)
CCC Help Thai (Version: 2008.0122.1518.27310)
CCC Help Turkish (Version: 2008.0122.1518.27310)
CCleaner (Version: 2.35)
CDBurnerXP (Version: 4.3.7.2423)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CopyTrans Suite Remove Only (Version: 2.36)
Core FTP LE 2.1
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
EPSON User's Guide
ESET Online Scanner v3
FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader® (Version: 2.0.3.874)
Google Updater (Version: 2.4.2432.1652)
H.264 Decoder (Version: 1.1.0)
HDAUDIO Soft Data Fax Modem with SmartCP
Hydraflow Hydrographs 2004 (Version: 8.00.0000)
Hydraflow Storm Sewers 2005 (Version: 11.00.0000)
InstallMgr (Version: 1.0.39.0)
iTunes (Version: 10.5.3.3)
Java 2 Runtime Environment, SE v1.4.2_19 (Version: 1.4.2_19)
Java™ 6 Update 22 (Version: 6.0.220)
KIP Request 6 (Version: 6.200.005)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.61)
Logitech Desktop Messenger (Version: 2.01.02)
Logitech Harmony Remote Software (Version: 1.0.110307)
Logitech SetPoint (Version: 2.40)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MediaLife
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 1.1.53.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
MKV Splitter (Version: 1.0.1)
MotoCast (Version: 1.2.9)
MotoHelper 2.1.40 Driver 5.5.0 (Version: 2.1.40)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.7.0151.0)
Motorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0)
Mozilla Firefox (3.6.10) (Version: 3.6.10 (en-US))
MP4 Player (Version: )
MPlayer (remove only)
MSN Toolbar (Version: 1.0.39.0)
MSN Toolbar (Version: 3.0.1125.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.28)
NVIDIA Drivers
Palm (Version: 4.1.0420)
PCH Search & Win Toolbar
QuickTime (Version: 7.69.80.9)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
ScanToWeb
SoundMAX (Version: 5.10.01.4324)
Spybot - Search & Destroy (Version: 1.6.2)
Stewie Griffin Communicator
Symantec Endpoint Protection (Version: 11.0.1000.1375)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.20.0000)
TIPCI (Version: 1.20.0000)
TypingMaster Pro (Version: 7.00)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Valspar Signature Series Virtual Painter (Version: 2.5.0000)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.4 (Version: 1.1.4)
Walmart MP3 Music Downloads (Version: 1.6.4.4)
WD Diagnostics (Version: 1.09.0002)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11

========================= Memory info: ===================================

Percentage of memory in use: 12%
Total physical RAM: 3071.36 MB
Available physical RAM: 2698.53 MB
Total Pagefile: 4451.64 MB
Available Pagefile: 4213.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.04 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:93.15 GB) (Free:25.92 GB) NTFS
2 Drive d: (LDT2007_SWL_LDDT_CIV3D) (CDROM) (Total:1.64 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MDM02

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

Could not list Restore Points.

**** End of log ****

#12 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 October 2012 - 07:01 PM

FSS Log (From Safe Mode):

Farbar Service Scanner Version: 19-09-2012
Ran by mdm (administrator) on 05-10-2012 at 19:58:56
Running from "C:\Documents and Settings\mdm\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#13 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 October 2012 - 07:16 PM

Took several times of running adware cleaner before could reboot into normal mode but am now in normal mode.

This is the log from adware cleaner, but it is after running it four times and rebooting before I could a log to generate so not sure it shoes what all it did teh first several times. I am now working in normal mode with internet access for the first time in weeks!

# AdwCleaner v2.003 - Logfile created 10/05/2012 at 20:07:38
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mdm - MDM02
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\mdm\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v3.6.10 (en-US)

Profile name : default
File : C:\Documents and Settings\mdm\Application Data\Mozilla\Firefox\Profiles\5e4mlnp0.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1362 octets] - [05/10/2012 20:02:32]
AdwCleaner[S2].txt - [772 octets] - [05/10/2012 20:07:38]

########## EOF - C:\AdwCleaner[S2].txt - [831 octets] ##########

#14 vtones

vtones
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 October 2012 - 07:27 PM

JRT Log:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.6 (10.05.2012)
OS: Microsoft Windows XP x86
Ran by mdm on Fri 10/05/2012 at 20:26:01.17
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files:

Successfully deleted: [FILE] C:\eula.1028.txt
Successfully deleted: [FILE] C:\eula.1031.txt
Successfully deleted: [FILE] C:\eula.1033.txt
Successfully deleted: [FILE] C:\eula.1036.txt
Successfully deleted: [FILE] C:\eula.1040.txt
Successfully deleted: [FILE] C:\eula.1041.txt
Successfully deleted: [FILE] C:\eula.1042.txt
Successfully deleted: [FILE] C:\eula.2052.txt
Successfully deleted: [FILE] C:\install.res.1028.dll
Successfully deleted: [FILE] C:\install.res.1031.dll
Successfully deleted: [FILE] C:\install.res.1033.dll
Successfully deleted: [FILE] C:\install.res.1036.dll
Successfully deleted: [FILE] C:\install.res.1040.dll
Successfully deleted: [FILE] C:\install.res.1041.dll
Successfully deleted: [FILE] C:\install.res.1042.dll
Successfully deleted: [FILE] C:\install.res.2052.dll
Successfully deleted: [FILE] C:\install.res.3082.dll



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Fri 10/05/2012 at 20:26:05.32
End of Report

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:29 PM

Posted 05 October 2012 - 07:29 PM

Run malwarebytes and ESET scanner in normal mode and post the new logs


Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users