Jump to content

Rootkit.Boot.Pihar.c


M1918A1
 Share

Recommended Posts

attach.txtI was asked to post this here. Computer is running normal now after fix from TDSSKiller.

 

This is my original post from "User to user help"';

 

 

 

I suddenly had a problem with my computer freezing. When it does this, the hard drive LED light flashes the same pattern. Most programs will not work. Some will pop up but have the function keys greyed out or they will just not respond. Task manager will not pop up if the freeze has already occurred. If task manager is already up BEFORE the freeze, it shows every program that I attempt to start as a running process. Also, if I have MSN or Yahoo messenger running before the freeze, the windows showing incoming email will continue to work after the freeze. However, I can't retrieve the email because iexplore will not pop up on desktop even if it is showing as a running process in task manager.

I have run a virus scan, malware bytes, superantispyware and combofix with no results. I have run the windows check disk. Nothing. I downloaded and ran the drive checking software from Western Digital. Everything passed. Oddly enough, the WD drive check software will run a scan while the drive is frozen....and it still passes the function test.

 

I am running Win XP Pro, service pack 3

 

 

 

 

This is the KDSSKiller log;

 

13:16:47.0609 2880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3513:16:48.0921 2880 ============================================================13:16:48.0921 2880 Current date / time: 2013/01/27 13:16:48.092113:16:48.0921 2880 SystemInfo:13:16:48.0921 2880 13:16:48.0921 2880 OS Version: 5.1.2600 ServicePack: 3.013:16:48.0921 2880 Product type: Workstation13:16:48.0921 2880 ComputerName: USM1918A113:16:48.0921 2880 UserName: M1918A1

 

13:16:48.0921 2880 Windows directory: C:WINDOWS13:16:48.0921 2880 System windows directory: C:WINDOWS13:16:48.0921 2880 Processor architecture: Intel x8613:16:48.0921 2880 Number of processors: 113:16:48.0921 2880 Page size: 0x100013:16:48.0921 2880 Boot type: Normal boot13:16:48.0921 2880 ============================================================13:16:49.0312 2880 Drive DeviceHarddisk0DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005013:16:49.0312 2880 ============================================================13:16:49.0312 2880 DeviceHarddisk0DR0:13:16:49.0312 2880 MBR partitions:13:16:49.0312 2880 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC13:16:49.0312 2880 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x45A3419613:16:49.0312 2880 ============================================================13:16:49.0328 2880 C: <-> DeviceHarddisk0DR0Partition113:16:49.0359 2880 D: <-> DeviceHarddisk0DR0Partition213:16:49.0359 2880 ============================================================13:16:49.0359 2880 Initialize success13:16:49.0359 2880 ============================================================13:16:53.0828 3220 ============================================================13:16:53.0828 3220 Scan started13:16:53.0828 3220 Mode: Manual;13:16:53.0828 3220 ============================================================13:16:54.0031 3220 ================ Scan system memory ========================13:16:54.0031 3220 System memory - ok13:16:54.0031 3220 ================ Scan services =============================13:16:54.0078 3220 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE D:Program FilesSuperantispywareSASCORE.EXE13:16:54.0078 3220 !SASCORE - ok13:16:54.0156 3220 Abiosdsk - ok13:16:54.0171 3220 abp480n5 - ok13:16:54.0203 3220 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:WINDOWSsystem32DRIVERSACPI.sys13:16:54.0203 3220 ACPI - ok13:16:54.0218 3220 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:WINDOWSsystem32driversACPIEC.sys13:16:54.0218 3220 ACPIEC - ok13:16:54.0281 3220 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe13:16:54.0328 3220 AdobeFlashPlayerUpdateSvc - ok13:16:54.0328 3220 adpu160m - ok13:16:54.0359 3220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:WINDOWSsystem32driversaec.sys13:16:54.0359 3220 aec - ok13:16:54.0390 3220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:WINDOWSSystem32driversafd.sys13:16:54.0390 3220 AFD - ok13:16:54.0390 3220 Aha154x - ok13:16:54.0406 3220 aic78u2 - ok13:16:54.0406 3220 aic78xx - ok13:16:54.0484 3220 [ 92AE420BE14B0D97D14DAC4ABA22A702 ] ALCXWDM C:WINDOWSsystem32driversALCXWDM.SYS13:16:54.0500 3220 ALCXWDM - ok13:16:54.0531 3220 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:WINDOWSsystem32alrsvc.dll13:16:54.0531 3220 Alerter - ok13:16:54.0562 3220 [ 8C515081584A38AA007909CD02020B3D ] ALG C:WINDOWSSystem32alg.exe13:16:54.0562 3220 ALG - ok13:16:54.0562 3220 AliIde - ok13:16:54.0578 3220 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:WINDOWSsystem32DRIVERSAmdK8.sys13:16:54.0578 3220 AmdK8 - ok13:16:54.0593 3220 amsint - ok13:16:54.0609 3220 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:WINDOWSSystem32appmgmts.dll13:16:54.0625 3220 AppMgmt - ok13:16:54.0640 3220 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:WINDOWSsystem32DRIVERSarp1394.sys13:16:54.0640 3220 Arp1394 - ok13:16:54.0640 3220 asc - ok13:16:54.0656 3220 asc3350p - ok13:16:54.0656 3220 asc3550 - ok13:16:54.0718 3220 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe13:16:54.0750 3220 aspnet_state - ok13:16:54.0781 3220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:WINDOWSsystem32DRIVERSasyncmac.sys13:16:54.0781 3220 AsyncMac - ok13:16:54.0796 3220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:WINDOWSsystem32DRIVERSatapi.sys13:16:54.0796 3220 atapi - ok13:16:54.0796 3220 Atdisk - ok13:16:54.0812 3220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:WINDOWSsystem32DRIVERSatmarpc.sys13:16:54.0812 3220 Atmarpc - ok13:16:54.0843 3220 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:WINDOWSSystem32audiosrv.dll13:16:54.0843 3220 AudioSrv - ok13:16:54.0843 3220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:WINDOWSsystem32DRIVERSaudstub.sys13:16:54.0859 3220 audstub - ok13:16:54.0906 3220 [ B5D974C1FD078A68C7536C561B031D39 ] Automatic LiveUpdate Scheduler C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe13:16:54.0906 3220 Automatic LiveUpdate Scheduler - ok13:16:54.0937 3220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:WINDOWSsystem32driversBeep.sys13:16:54.0937 3220 Beep - ok13:16:54.0968 3220 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:WINDOWSsystem32qmgr.dll13:16:54.0984 3220 BITS - ok13:16:55.0000 3220 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:WINDOWSSystem32browser.dll13:16:55.0000 3220 Browser - ok13:16:55.0031 3220 catchme - ok13:16:55.0062 3220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:WINDOWSsystem32driverscbidf2k.sys13:16:55.0062 3220 cbidf2k - ok13:16:55.0078 3220 [ FE69C498B922CE835E2E2123FBD0A272 ] ccEvtMgr C:Program FilesCommon FilesSymantec SharedccSvcHst.exe13:16:55.0078 3220 ccEvtMgr - ok13:16:55.0093 3220 [ FE69C498B922CE835E2E2123FBD0A272 ] ccSetMgr C:Program FilesCommon FilesSymantec SharedccSvcHst.exe13:16:55.0093 3220 ccSetMgr - ok13:16:55.0093 3220 cd20xrnt - ok13:16:55.0125 3220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:WINDOWSsystem32driversCdaudio.sys13:16:55.0125 3220 Cdaudio - ok13:16:55.0156 3220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:WINDOWSsystem32driversCdfs.sys13:16:55.0156 3220 Cdfs - ok13:16:55.0187 3220 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:WINDOWSsystem32DRIVERScdrom.sys13:16:55.0187 3220 Cdrom - ok13:16:55.0187 3220 Changer - ok13:16:55.0203 3220 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:WINDOWSsystem32cisvc.exe13:16:55.0218 3220 CiSvc - ok13:16:55.0234 3220 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:WINDOWSsystem32clipsrv.exe13:16:55.0250 3220 ClipSrv - ok13:16:55.0265 3220 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe13:16:55.0328 3220 clr_optimization_v2.0.50727_32 - ok13:16:55.0328 3220 [ FE69C498B922CE835E2E2123FBD0A272 ] CLTNetCnService C:Program FilesCommon FilesSymantec SharedccSvcHst.exe13:16:55.0328 3220 CLTNetCnService - ok13:16:55.0343 3220 CmdIde - ok13:16:55.0343 3220 COMSysApp - ok13:16:55.0359 3220 Cpqarray - ok13:16:55.0390 3220 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:WINDOWSSystem32cryptsvc.dll13:16:55.0390 3220 CryptSvc - ok13:16:55.0406 3220 [ 23D6D320C0D236784EF0CCF7CBF6C1C0 ] ctac32k C:WINDOWSsystem32driversctac32k.sys13:16:55.0406 3220 ctac32k - ok13:16:55.0421 3220 [ 16693A385321CEAC8F24A53070EFC378 ] ctaud2k C:WINDOWSsystem32driversctaud2k.sys13:16:55.0437 3220 ctaud2k - ok13:16:55.0468 3220 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:WINDOWSsystem32DRIVERSctljystk.sys13:16:55.0468 3220 ctljystk - ok13:16:55.0484 3220 [ 53B99368D26AB1BE9C3842976DF5543C ] ctprxy2k C:WINDOWSsystem32driversctprxy2k.sys13:16:55.0484 3220 ctprxy2k - ok13:16:55.0484 3220 [ 73746E147E50249B790BC631891063B5 ] ctsfm2k C:WINDOWSsystem32driversctsfm2k.sys13:16:55.0484 3220 ctsfm2k - ok13:16:55.0500 3220 cxtcqfms - ok13:16:55.0500 3220 dac2w2k - ok13:16:55.0515 3220 dac960nt - ok13:16:55.0546 3220 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:WINDOWSsystem32rpcss.dll13:16:55.0546 3220 DcomLaunch - ok13:16:55.0562 3220 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:WINDOWSSystem32dhcpcsvc.dll13:16:55.0562 3220 Dhcp - ok13:16:55.0578 3220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:WINDOWSsystem32DRIVERSdisk.sys13:16:55.0578 3220 Disk - ok13:16:55.0640 3220 [ 7496908263A7C08DD8CCA9BADF053EE1 ] Diskeeper C:Program FilesDiskeeper CorporationDiskeeperDkService.exe13:16:55.0640 3220 Diskeeper - ok13:16:55.0656 3220 dmadmin - ok13:16:55.0687 3220 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:WINDOWSsystem32driversdmboot.sys13:16:55.0687 3220 dmboot - ok13:16:55.0703 3220 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:WINDOWSsystem32driversdmio.sys13:16:55.0703 3220 dmio - ok13:16:55.0718 3220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:WINDOWSsystem32driversdmload.sys13:16:55.0718 3220 dmload - ok13:16:55.0734 3220 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:WINDOWSSystem32dmserver.dll13:16:55.0734 3220 dmserver - ok13:16:55.0750 3220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:WINDOWSsystem32driversDMusic.sys13:16:55.0750 3220 DMusic - ok13:16:55.0781 3220 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:WINDOWSSystem32dnsrslvr.dll13:16:55.0781 3220 Dnscache - ok13:16:55.0796 3220 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:WINDOWSSystem32dot3svc.dll13:16:55.0812 3220 Dot3svc - ok13:16:55.0812 3220 dpti2o - ok13:16:55.0828 3220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:WINDOWSsystem32driversdrmkaud.sys13:16:55.0828 3220 drmkaud - ok13:16:55.0875 3220 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:WINDOWSSystem32eapsvc.dll13:16:55.0875 3220 EapHost - ok13:16:55.0921 3220 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys13:16:55.0921 3220 eeCtrl - ok13:16:55.0953 3220 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:WINDOWSsystem32driversemu10k1m.sys13:16:55.0953 3220 emu10k - ok13:16:55.0968 3220 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:WINDOWSsystem32driversctlfacem.sys13:16:55.0968 3220 emu10k1 - ok13:16:55.0984 3220 [ A75959F10B6B536982F872B55FC6CE27 ] emupia C:WINDOWSsystem32driversemupia2k.sys13:16:55.0984 3220 emupia - ok13:16:56.0015 3220 [ BDD170FECB0E496A914318009D85B819 ] ENTECH C:WINDOWSsystem32DRIVERSENTECH.SYS13:16:56.0015 3220 ENTECH - ok13:16:56.0031 3220 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys13:16:56.0031 3220 EraserUtilRebootDrv - ok13:16:56.0046 3220 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:WINDOWSSystem32ersvc.dll13:16:56.0046 3220 ERSvc - ok13:16:56.0062 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:WINDOWSsystem32services.exe13:16:56.0062 3220 Eventlog - ok13:16:56.0093 3220 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:WINDOWSSystem32es.dll13:16:56.0093 3220 EventSystem - ok13:16:56.0109 3220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:WINDOWSsystem32driversFastfat.sys13:16:56.0109 3220 Fastfat - ok13:16:56.0125 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:WINDOWSSystem32shsvcs.dll13:16:56.0140 3220 FastUserSwitchingCompatibility - ok13:16:56.0156 3220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:WINDOWSsystem32DRIVERSfdc.sys13:16:56.0156 3220 Fdc - ok13:16:56.0187 3220 [ D75A1D52DF38F68501A54658F7B862F7 ] FGUARD32 D:Program FilesFolder GuardFGUARD32.SYS13:16:56.0187 3220 FGUARD32 - ok13:16:56.0203 3220 [ 711E55000153B1F03B193087DEB82AEA ] FileDisk C:WINDOWSsystem32driversFileDisk.sys13:16:56.0203 3220 FileDisk - ok13:16:56.0234 3220 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:WINDOWSsystem32driversFips.sys13:16:56.0234 3220 Fips - ok13:16:56.0265 3220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:WINDOWSsystem32DRIVERSflpydisk.sys13:16:56.0265 3220 Flpydisk - ok13:16:56.0281 3220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:WINDOWSsystem32driversfltmgr.sys13:16:56.0281 3220 FltMgr - ok13:16:56.0312 3220 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe13:16:56.0312 3220 FontCache3.0.0.0 - ok13:16:56.0328 3220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:WINDOWSsystem32driversFs_Rec.sys13:16:56.0328 3220 Fs_Rec - ok13:16:56.0343 3220 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:WINDOWSsystem32DRIVERSftdisk.sys13:16:56.0343 3220 Ftdisk - ok13:16:56.0359 3220 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:WINDOWSsystem32DRIVERSgameenum.sys13:16:56.0359 3220 gameenum - ok13:16:56.0390 3220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:WINDOWSsystem32DRIVERSmsgpc.sys13:16:56.0390 3220 Gpc - ok13:16:56.0406 3220 [ BCB3281BFC4EEB8D82932669490013CD ] ha10kx2k C:WINDOWSsystem32driversha10kx2k.sys13:16:56.0406 3220 ha10kx2k - ok13:16:56.0468 3220 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:WINDOWSPCHealthHelpCtrBinariespchsvc.dll13:16:56.0468 3220 helpsvc - ok13:16:56.0484 3220 HidServ - ok13:16:56.0500 3220 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:WINDOWSSystem32kmsvc.dll13:16:56.0500 3220 hkmsvc - ok13:16:56.0515 3220 hpn - ok13:16:56.0531 3220 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:WINDOWSsystem32DRIVERSHPZid412.sys13:16:56.0531 3220 HPZid412 - ok13:16:56.0531 3220 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:WINDOWSsystem32DRIVERSHPZipr12.sys13:16:56.0531 3220 HPZipr12 - ok13:16:56.0531 3220 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:WINDOWSsystem32DRIVERSHPZius12.sys13:16:56.0546 3220 HPZius12 - ok13:16:56.0562 3220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:WINDOWSsystem32DriversHTTP.sys13:16:56.0562 3220 HTTP - ok13:16:56.0578 3220 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:WINDOWSSystem32w3ssl.dll13:16:56.0578 3220 HTTPFilter - ok13:16:56.0593 3220 i2omgmt - ok13:16:56.0593 3220 i2omp - ok13:16:56.0609 3220 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:WINDOWSsystem32DRIVERSi8042prt.sys13:16:56.0609 3220 i8042prt - ok13:16:56.0640 3220 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe13:16:56.0671 3220 idsvc - ok13:16:56.0687 3220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:WINDOWSsystem32DRIVERSimapi.sys13:16:56.0687 3220 Imapi - ok13:16:56.0718 3220 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:WINDOWSsystem32imapi.exe13:16:56.0718 3220 ImapiService - ok13:16:56.0718 3220 ini910u - ok13:16:56.0734 3220 IntelIde - ok13:16:56.0765 3220 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:WINDOWSsystem32driversip6fw.sys13:16:56.0765 3220 ip6fw - ok13:16:56.0781 3220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:WINDOWSsystem32DRIVERSipfltdrv.sys13:16:56.0781 3220 IpFilterDriver - ok13:16:56.0796 3220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:WINDOWSsystem32DRIVERSipinip.sys13:16:56.0796 3220 IpInIp - ok13:16:56.0812 3220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:WINDOWSsystem32DRIVERSipnat.sys13:16:56.0812 3220 IpNat - ok13:16:56.0828 3220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:WINDOWSsystem32DRIVERSipsec.sys13:16:56.0828 3220 IPSec - ok13:16:56.0828 3220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:WINDOWSsystem32DRIVERSirenum.sys13:16:56.0828 3220 IRENUM - ok13:16:56.0843 3220 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:WINDOWSsystem32DRIVERSisapnp.sys13:16:56.0843 3220 isapnp - ok13:16:56.0875 3220 [ 31E4D7875FF05D9F81C2ABDF48F51B11 ] ISPwdSvc C:Program FilesNorton AntivirusisPwdSvc.exe13:16:56.0890 3220 ISPwdSvc - ok13:16:56.0921 3220 JavaQuickStarterService - ok13:16:56.0921 3220 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:WINDOWSsystem32DRIVERSkbdclass.sys13:16:56.0921 3220 Kbdclass - ok13:16:56.0937 3220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:WINDOWSsystem32driverskmixer.sys13:16:56.0937 3220 kmixer - ok13:16:56.0953 3220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:WINDOWSsystem32driversKSecDD.sys13:16:56.0953 3220 KSecDD - ok13:16:56.0984 3220 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:WINDOWSSystem32srvsvc.dll13:16:56.0984 3220 lanmanserver - ok13:16:57.0000 3220 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:WINDOWSSystem32wkssvc.dll13:16:57.0015 3220 lanmanworkstation - ok13:16:57.0015 3220 lbrtfdc - ok13:16:57.0078 3220 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE13:16:57.0109 3220 LiveUpdate - ok13:16:57.0125 3220 [ FE69C498B922CE835E2E2123FBD0A272 ] LiveUpdate Notice Ex C:Program FilesCommon FilesSymantec SharedccSvcHst.exe13:16:57.0125 3220 LiveUpdate Notice Ex - ok13:16:57.0171 3220 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe13:16:57.0171 3220 LiveUpdate Notice Service - ok13:16:57.0203 3220 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:WINDOWSSystem32lmhsvc.dll13:16:57.0203 3220 LmHosts - ok13:16:57.0234 3220 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:Program FilesCommon FilesMotiveMcciCMService.exe13:16:57.0234 3220 McciCMService - ok13:16:57.0250 3220 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:WINDOWSSystem32msgsvc.dll13:16:57.0265 3220 Messenger - ok13:16:57.0312 3220 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe13:16:57.0328 3220 Microsoft Office Groove Audit Service - ok13:16:57.0343 3220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:WINDOWSsystem32driversmnmdd.sys13:16:57.0343 3220 mnmdd - ok13:16:57.0375 3220 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:WINDOWSSystem32mnmsrvc.exe13:16:57.0375 3220 mnmsrvc - ok13:16:57.0406 3220 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:WINDOWSsystem32driversModem.sys13:16:57.0406 3220 Modem - ok13:16:57.0421 3220 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:WINDOWSsystem32DRIVERSmouclass.sys13:16:57.0421 3220 Mouclass - ok13:16:57.0437 3220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:WINDOWSsystem32driversMountMgr.sys13:16:57.0437 3220 MountMgr - ok13:16:57.0453 3220 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe13:16:57.0468 3220 MozillaMaintenance - ok13:16:57.0484 3220 mraid35x - ok13:16:57.0500 3220 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:PROGRA~1COMMON~1MotiveMREMP50.SYS13:16:57.0500 3220 MREMP50 - ok13:16:57.0500 3220 MREMPR5 - ok13:16:57.0515 3220 MRENDIS5 - ok13:16:57.0515 3220 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:PROGRA~1COMMON~1MotiveMRESP50.SYS13:16:57.0515 3220 MRESP50 - ok13:16:57.0531 3220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:WINDOWSsystem32DRIVERSmrxdav.sys13:16:57.0531 3220 MRxDAV - ok13:16:57.0546 3220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:WINDOWSsystem32DRIVERSmrxsmb.sys13:16:57.0546 3220 MRxSmb - ok13:16:57.0562 3220 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:WINDOWSSystem32msdtc.exe13:16:57.0562 3220 MSDTC - ok13:16:57.0593 3220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:WINDOWSsystem32driversMsfs.sys13:16:57.0593 3220 Msfs - ok13:16:57.0593 3220 MSIServer - ok13:16:57.0609 3220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:WINDOWSsystem32driversMSKSSRV.sys13:16:57.0609 3220 MSKSSRV - ok13:16:57.0625 3220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:WINDOWSsystem32driversMSPCLOCK.sys13:16:57.0625 3220 MSPCLOCK - ok13:16:57.0640 3220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:WINDOWSsystem32driversMSPQM.sys13:16:57.0640 3220 MSPQM - ok13:16:57.0656 3220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:WINDOWSsystem32DRIVERSmssmbios.sys13:16:57.0656 3220 mssmbios - ok13:16:57.0671 3220 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:WINDOWSsystem32driversmsmpu401.sys13:16:57.0671 3220 ms_mpu401 - ok13:16:57.0687 3220 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:WINDOWSsystem32DRIVERSASACPI.sys13:16:57.0687 3220 MTsensor - ok13:16:57.0703 3220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:WINDOWSsystem32driversMup.sys13:16:57.0703 3220 Mup - ok13:16:57.0718 3220 [ 0102140028FAD045756796E1C685D695 ] napagent C:WINDOWSSystem32qagentrt.dll13:16:57.0750 3220 napagent - ok13:16:57.0812 3220 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120130126.007NAVENG.SYS13:16:57.0812 3220 NAVENG - ok13:16:57.0843 3220 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120130126.007NAVEX15.SYS13:16:57.0843 3220 NAVEX15 - ok13:16:57.0859 3220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:WINDOWSsystem32driversNDIS.sys13:16:57.0859 3220 NDIS - ok13:16:57.0859 3220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:WINDOWSsystem32DRIVERSndistapi.sys13:16:57.0875 3220 NdisTapi - ok13:16:57.0875 3220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:WINDOWSsystem32DRIVERSndisuio.sys13:16:57.0875 3220 Ndisuio - ok13:16:57.0890 3220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:WINDOWSsystem32DRIVERSndiswan.sys13:16:57.0890 3220 NdisWan - ok13:16:57.0906 3220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:WINDOWSsystem32driversNDProxy.sys13:16:57.0921 3220 NDProxy - ok13:16:57.0937 3220 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:WINDOWSsystem32HPZinw12.dll13:16:57.0937 3220 Net Driver HPZ12 - ok13:16:57.0937 3220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:WINDOWSsystem32DRIVERSnetbios.sys13:16:57.0953 3220 NetBIOS - ok13:16:57.0968 3220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:WINDOWSsystem32DRIVERSnetbt.sys13:16:57.0968 3220 NetBT - ok13:16:57.0984 3220 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:WINDOWSsystem32netdde.exe13:16:58.0015 3220 NetDDE - ok13:16:58.0015 3220 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:WINDOWSsystem32netdde.exe13:16:58.0015 3220 NetDDEdsdm - ok13:16:58.0031 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:WINDOWSsystem32lsass.exe13:16:58.0031 3220 Netlogon - ok13:16:58.0062 3220 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:WINDOWSSystem32netman.dll13:16:58.0062 3220 Netman - ok13:16:58.0078 3220 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe13:16:58.0093 3220 NetTcpPortSharing - ok13:16:58.0109 3220 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:WINDOWSsystem32DRIVERSnic1394.sys13:16:58.0109 3220 NIC1394 - ok13:16:58.0125 3220 [ 943337D786A56729263071623BBB9DE5 ] Nla C:WINDOWSSystem32mswsock.dll13:16:58.0125 3220 Nla - ok13:16:58.0140 3220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:WINDOWSsystem32driversNpfs.sys13:16:58.0140 3220 Npfs - ok13:16:58.0140 3220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:WINDOWSsystem32driversNtfs.sys13:16:58.0156 3220 Ntfs - ok13:16:58.0171 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:WINDOWSSystem32lsass.exe13:16:58.0171 3220 NtLmSsp - ok13:16:58.0203 3220 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:WINDOWSsystem32ntmssvc.dll13:16:58.0218 3220 NtmsSvc - ok13:16:58.0234 3220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:WINDOWSsystem32driversNull.sys13:16:58.0234 3220 Null - ok13:16:58.0406 3220 [ 625F0E2467F6800E1D939CF22F2F6C99 ] nv C:WINDOWSsystem32DRIVERSnv4_mini.sys13:16:58.0468 3220 nv - ok13:16:58.0484 3220 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:WINDOWSsystem32DRIVERSnvata.sys13:16:58.0484 3220 nvata - ok13:16:58.0500 3220 [ 2F4CA0052A50D122B9F0A2EFA52DFA67 ] NVENETFD C:WINDOWSsystem32DRIVERSNVENETFD.sys13:16:58.0500 3220 NVENETFD - ok13:16:58.0515 3220 [ EA98BFE4931BD13D747D647C1859796E ] nvgts C:WINDOWSsystem32DRIVERSnvgts.sys13:16:58.0515 3220 nvgts - ok13:16:58.0531 3220 [ 197779DDE275445AB253667832120EA7 ] nvnetbus C:WINDOWSsystem32DRIVERSnvnetbus.sys13:16:58.0531 3220 nvnetbus - ok13:16:58.0546 3220 [ E666A28CC51F04C7D972EF8AD4234BBA ] NVSvc C:WINDOWSsystem32nvsvc32.exe13:16:58.0546 3220 NVSvc - ok13:16:58.0593 3220 [ E7973587C80CC49DAD8E88AD45D2A1CC ] nvUpdatusService C:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe13:16:58.0609 3220 nvUpdatusService - ok13:16:58.0625 3220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:WINDOWSsystem32DRIVERSnwlnkflt.sys13:16:58.0640 3220 NwlnkFlt - ok13:16:58.0640 3220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:WINDOWSsystem32DRIVERSnwlnkfwd.sys13:16:58.0656 3220 NwlnkFwd - ok13:16:58.0703 3220 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE13:16:58.0734 3220 odserv - ok13:16:58.0750 3220 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:WINDOWSsystem32DRIVERSohci1394.sys13:16:58.0750 3220 ohci1394 - ok13:16:58.0765 3220 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE13:16:58.0812 3220 ose - ok13:16:58.0843 3220 [ 64DE7FDE0AAC66F721ADDD1E0394E664 ] ossrv C:WINDOWSsystem32driversctoss2k.sys13:16:58.0843 3220 ossrv - ok13:16:58.0875 3220 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:WINDOWSsystem32driversParport.sys13:16:58.0875 3220 Parport - ok13:16:58.0890 3220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:WINDOWSsystem32driversPartMgr.sys13:16:58.0890 3220 PartMgr - ok13:16:58.0921 3220 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:WINDOWSsystem32driversParVdm.sys13:16:58.0921 3220 ParVdm - ok13:16:58.0937 3220 [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot C:WINDOWSsystem32driverspavboot.sys13:16:58.0937 3220 pavboot - ok13:16:58.0953 3220 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:WINDOWSsystem32DRIVERSpci.sys13:16:58.0953 3220 PCI - ok13:16:58.0953 3220 PCIDump - ok13:16:58.0968 3220 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:WINDOWSsystem32DRIVERSpciide.sys13:16:58.0968 3220 PCIIde - ok13:16:58.0984 3220 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:WINDOWSsystem32driversPcmcia.sys13:16:58.0984 3220 Pcmcia - ok13:16:58.0984 3220 PDCOMP - ok13:16:59.0000 3220 PDFRAME - ok13:16:59.0000 3220 PDRELI - ok13:16:59.0015 3220 PDRFRAME - ok13:16:59.0015 3220 perc2 - ok13:16:59.0015 3220 perc2hib - ok13:16:59.0046 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:WINDOWSsystem32services.exe13:16:59.0046 3220 PlugPlay - ok13:16:59.0062 3220 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:WINDOWSsystem32HPZipm12.dll13:16:59.0062 3220 Pml Driver HPZ12 - ok13:16:59.0093 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:WINDOWSsystem32lsass.exe13:16:59.0093 3220 PolicyAgent - ok13:16:59.0109 3220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:WINDOWSsystem32DRIVERSraspptp.sys13:16:59.0109 3220 PptpMiniport - ok13:16:59.0109 3220 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:WINDOWSsystem32DRIVERSprocessr.sys13:16:59.0125 3220 Processor - ok13:16:59.0125 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:WINDOWSsystem32lsass.exe13:16:59.0125 3220 ProtectedStorage - ok13:16:59.0140 3220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:WINDOWSsystem32DRIVERSpsched.sys13:16:59.0140 3220 PSched - ok13:16:59.0156 3220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:WINDOWSsystem32DRIVERSptilink.sys13:16:59.0156 3220 Ptilink - ok13:16:59.0171 3220 ql1080 - ok13:16:59.0171 3220 Ql10wnt - ok13:16:59.0171 3220 ql12160 - ok13:16:59.0187 3220 ql1240 - ok13:16:59.0187 3220 ql1280 - ok13:16:59.0203 3220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:WINDOWSsystem32DRIVERSrasacd.sys13:16:59.0203 3220 RasAcd - ok13:16:59.0234 3220 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:WINDOWSSystem32rasauto.dll13:16:59.0234 3220 RasAuto - ok13:16:59.0265 3220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:WINDOWSsystem32DRIVERSrasl2tp.sys13:16:59.0265 3220 Rasl2tp - ok13:16:59.0281 3220 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:WINDOWSSystem32rasmans.dll13:16:59.0281 3220 RasMan - ok13:16:59.0281 3220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:WINDOWSsystem32DRIVERSraspppoe.sys13:16:59.0281 3220 RasPppoe - ok13:16:59.0296 3220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:WINDOWSsystem32DRIVERSraspti.sys13:16:59.0296 3220 Raspti - ok13:16:59.0312 3220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:WINDOWSsystem32DRIVERSrdbss.sys13:16:59.0312 3220 Rdbss - ok13:16:59.0328 3220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:WINDOWSsystem32DRIVERSRDPCDD.sys13:16:59.0328 3220 RDPCDD - ok13:16:59.0328 3220 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:WINDOWSsystem32DRIVERSrdpdr.sys13:16:59.0343 3220 rdpdr - ok13:16:59.0359 3220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:WINDOWSsystem32driversRDPWD.sys13:16:59.0359 3220 RDPWD - ok13:16:59.0375 3220 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:WINDOWSsystem32sessmgr.exe13:16:59.0406 3220 RDSessMgr - ok13:16:59.0421 3220 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:WINDOWSsystem32DRIVERSredbook.sys13:16:59.0421 3220 redbook - ok13:16:59.0437 3220 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:WINDOWSSystem32mprdim.dll13:16:59.0453 3220 RemoteAccess - ok13:16:59.0468 3220 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:WINDOWSsystem32regsvc.dll13:16:59.0468 3220 RemoteRegistry - ok13:16:59.0484 3220 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:WINDOWSSystem32locator.exe13:16:59.0484 3220 RpcLocator - ok13:16:59.0515 3220 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:WINDOWSSystem32rpcss.dll13:16:59.0515 3220 RpcSs - ok13:16:59.0546 3220 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:WINDOWSSystem32rsvp.exe13:16:59.0562 3220 RSVP - ok13:16:59.0562 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:WINDOWSsystem32lsass.exe13:16:59.0562 3220 SamSs - ok13:16:59.0593 3220 [ 39763504067962108505BFF25F024345 ] SASDIFSV D:Program FilesSuperantispywareSASDIFSV.SYS13:16:59.0593 3220 SASDIFSV - ok13:16:59.0609 3220 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL D:Program FilesSuperantispywareSASKUTIL.SYS13:16:59.0609 3220 SASKUTIL - ok13:16:59.0625 3220 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:WINDOWSSystem32SCardSvr.exe13:16:59.0640 3220 SCardSvr - ok13:16:59.0656 3220 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:WINDOWSsystem32schedsvc.dll13:16:59.0656 3220 Schedule - ok13:16:59.0671 3220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:WINDOWSsystem32DRIVERSsecdrv.sys13:16:59.0671 3220 Secdrv - ok13:16:59.0687 3220 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:WINDOWSSystem32seclogon.dll13:16:59.0687 3220 seclogon - ok13:16:59.0703 3220 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:WINDOWSsystem32sens.dll13:16:59.0703 3220 SENS - ok13:16:59.0718 3220 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:WINDOWSsystem32DRIVERSserenum.sys13:16:59.0718 3220 serenum - ok13:16:59.0734 3220 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:WINDOWSsystem32DRIVERSserial.sys13:16:59.0734 3220 Serial - ok13:16:59.0765 3220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:WINDOWSsystem32driversSfloppy.sys13:16:59.0765 3220 Sfloppy - ok13:16:59.0796 3220 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:WINDOWSsystem32driverssfmanm.sys13:16:59.0796 3220 sfman - ok13:16:59.0828 3220 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:WINDOWSSystem32ipnathlp.dll13:16:59.0828 3220 SharedAccess - ok13:16:59.0843 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:WINDOWSSystem32shsvcs.dll13:16:59.0843 3220 ShellHWDetection - ok13:16:59.0875 3220 [ 227E56633D6423E1F7D869618AC8404F ] Si3132r5 C:WINDOWSsystem32DRIVERSSi3132r5.sys13:16:59.0875 3220 Si3132r5 - ok13:16:59.0875 3220 [ DBDEE2A96F2F616726817373516CB0BD ] SiFilter C:WINDOWSsystem32DRIVERSSiWinAcc.sys13:16:59.0875 3220 SiFilter - ok13:16:59.0890 3220 Simbad - ok13:16:59.0890 3220 [ 3E6B438E5CB674A1382B2955AA98F637 ] SiRemFil C:WINDOWSsystem32DRIVERSSiRemFil.sys13:16:59.0890 3220 SiRemFil - ok13:16:59.0906 3220 Sparrow - ok13:16:59.0953 3220 [ CDEA9A0A0E547FEF4C44CCAE35A9B09C ] SPBBCDrv C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys13:16:59.0953 3220 SPBBCDrv - ok13:16:59.0968 3220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:WINDOWSsystem32driverssplitter.sys13:16:59.0968 3220 splitter - ok13:17:00.0000 3220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:WINDOWSsystem32spoolsv.exe13:17:00.0000 3220 Spooler - ok13:17:00.0000 3220 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:WINDOWSsystem32DRIVERSsr.sys13:17:00.0000 3220 sr - ok13:17:00.0015 3220 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:WINDOWSsystem32srsvc.dll13:17:00.0031 3220 srservice - ok13:17:00.0031 3220 [ 655773F2F1A3730C6CF20280A49F4EE1 ] SRTSP C:WINDOWSsystem32DriversSRTSP.SYS13:17:00.0046 3220 SRTSP - ok13:17:00.0062 3220 [ 2A0AAF370D4C6574A34AE2F4A0709CAE ] SRTSPL C:WINDOWSsystem32DriversSRTSPL.SYS13:17:00.0078 3220 SRTSPL - ok13:17:00.0078 3220 [ 3104BDCEACE2D5710776DD05E6A286C1 ] SRTSPX C:WINDOWSsystem32DriversSRTSPX.SYS13:17:00.0078 3220 SRTSPX - ok13:17:00.0093 3220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:WINDOWSsystem32DRIVERSsrv.sys13:17:00.0093 3220 Srv - ok13:17:00.0109 3220 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:WINDOWSSystem32ssdpsrv.dll13:17:00.0109 3220 SSDPSRV - ok13:17:00.0125 3220 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:WINDOWSsystem32wiaservc.dll13:17:00.0125 3220 stisvc - ok13:17:00.0140 3220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:WINDOWSsystem32DRIVERSswenum.sys13:17:00.0140 3220 swenum - ok13:17:00.0140 3220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:WINDOWSsystem32driversswmidi.sys13:17:00.0140 3220 swmidi - ok13:17:00.0156 3220 SwPrv - ok13:17:00.0203 3220 [ FA2F6A8849219B16460BF44F9D1F3AA7 ] Symantec Core LC C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe13:17:00.0250 3220 Symantec Core LC - ok13:17:00.0265 3220 [ EFF5C2A0A06BCBFC5CF931C00CF6146D ] SymAppCore C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe13:17:00.0265 3220 SymAppCore - ok13:17:00.0265 3220 symc810 - ok13:17:00.0281 3220 symc8xx - ok13:17:00.0281 3220 [ 51B57CDA977170AC608D839DBFA1D3EE ] SYMDNS C:WINDOWSSystem32DriversSYMDNS.SYS13:17:00.0281 3220 SYMDNS - ok13:17:00.0312 3220 [ 06B95820DF51502099A8A15C93E87986 ] SymEvent C:WINDOWSsystem32DriversSYMEVENT.SYS13:17:00.0312 3220 SymEvent - ok13:17:00.0312 3220 [ A131D8360B01044517AA44529E2137D6 ] SYMFW C:WINDOWSSystem32DriversSYMFW.SYS13:17:00.0328 3220 SYMFW - ok13:17:00.0328 3220 [ 2B77868F02DAE02103380B824431B798 ] SYMIDS C:WINDOWSSystem32DriversSYMIDS.SYS13:17:00.0328 3220 SYMIDS - ok13:17:00.0390 3220 [ 2133D1F879B280121B0E6A7D34B24A02 ] SYMIDSCO C:PROGRA~1COMMON~1SYMANT~1SymcDataIDS-DI~120130124.001SymIDSCo.sys13:17:00.0390 3220 SYMIDSCO - ok13:17:00.0406 3220 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:WINDOWSsystem32driverssymlcbrd.sys13:17:00.0406 3220 symlcbrd - ok13:17:00.0421 3220 [ 799282F4A913CA51197C9CDD34D403D6 ] SYMNDIS C:WINDOWSSystem32DriversSYMNDIS.SYS13:17:00.0421 3220 SYMNDIS - ok13:17:00.0421 3220 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:WINDOWSSystem32DriversSYMREDRV.SYS13:17:00.0421 3220 SYMREDRV - ok13:17:00.0453 3220 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:WINDOWSSystem32DriversSYMTDI.SYS13:17:00.0453 3220 SYMTDI - ok13:17:00.0453 3220 sym_hi - ok13:17:00.0453 3220 sym_u3 - ok13:17:00.0468 3220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:WINDOWSsystem32driverssysaudio.sys13:17:00.0468 3220 sysaudio - ok13:17:00.0484 3220 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:WINDOWSsystem32smlogsvc.exe13:17:00.0500 3220 SysmonLog - ok13:17:00.0515 3220 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:WINDOWSSystem32tapisrv.dll13:17:00.0515 3220 TapiSrv - ok13:17:00.0546 3220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:WINDOWSsystem32DRIVERStcpip.sys13:17:00.0546 3220 Tcpip - ok13:17:00.0578 3220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:WINDOWSsystem32driversTDPIPE.sys13:17:00.0578 3220 TDPIPE - ok13:17:00.0578 3220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:WINDOWSsystem32driversTDTCP.sys13:17:00.0578 3220 TDTCP - ok13:17:00.0593 3220 [ 88155247177638048422893737429D9E ] TermDD C:WINDOWSsystem32DRIVERStermdd.sys13:17:00.0593 3220 TermDD - ok13:17:00.0609 3220 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:WINDOWSSystem32termsrv.dll13:17:00.0625 3220 TermService - ok13:17:00.0640 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:WINDOWSSystem32shsvcs.dll13:17:00.0640 3220 Themes - ok13:17:00.0671 3220 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:WINDOWSSystem32tlntsvr.exe13:17:00.0687 3220 TlntSvr - ok13:17:00.0687 3220 TosIde - ok13:17:00.0703 3220 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:WINDOWSsystem32trkwks.dll13:17:00.0703 3220 TrkWks - ok13:17:00.0718 3220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:WINDOWSsystem32driversUdfs.sys13:17:00.0718 3220 Udfs - ok13:17:00.0734 3220 ultra - ok13:17:00.0765 3220 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:WINDOWSsystem32wdfmgr.exe13:17:00.0765 3220 UMWdf - ok13:17:00.0765 3220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:WINDOWSsystem32DRIVERSupdate.sys13:17:00.0765 3220 Update - ok13:17:00.0812 3220 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:WINDOWSSystem32upnphost.dll13:17:00.0812 3220 upnphost - ok13:17:00.0828 3220 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:WINDOWSSystem32ups.exe13:17:00.0843 3220 UPS - ok13:17:00.0859 3220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:WINDOWSsystem32DRIVERSusbccgp.sys13:17:00.0859 3220 usbccgp - ok13:17:00.0875 3220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:WINDOWSsystem32DRIVERSusbehci.sys13:17:00.0875 3220 usbehci - ok13:17:00.0890 3220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:WINDOWSsystem32DRIVERSusbhub.sys13:17:00.0890 3220 usbhub - ok13:17:00.0890 3220 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:WINDOWSsystem32DRIVERSusbohci.sys13:17:00.0890 3220 usbohci - ok13:17:00.0906 3220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:WINDOWSsystem32DRIVERSusbprint.sys13:17:00.0906 3220 usbprint - ok13:17:00.0921 3220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:WINDOWSsystem32DRIVERSusbscan.sys13:17:00.0921 3220 usbscan - ok13:17:00.0937 3220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:WINDOWSsystem32DRIVERSUSBSTOR.SYS13:17:00.0937 3220 USBSTOR - ok13:17:00.0937 3220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:WINDOWSSystem32driversvga.sys13:17:00.0937 3220 VgaSave - ok13:17:00.0953 3220 ViaIde - ok13:17:00.0953 3220 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:WINDOWSsystem32driversVolSnap.sys13:17:00.0968 3220 VolSnap - ok13:17:00.0984 3220 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:WINDOWSSystem32vssvc.exe13:17:01.0000 3220 VSS - ok13:17:01.0015 3220 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:WINDOWSsystem32w32time.dll13:17:01.0031 3220 W32Time - ok13:17:01.0031 3220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:WINDOWSsystem32DRIVERSwanarp.sys13:17:01.0046 3220 Wanarp - ok13:17:01.0046 3220 WDICA - ok13:17:01.0062 3220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:WINDOWSsystem32driverswdmaud.sys13:17:01.0062 3220 wdmaud - ok13:17:01.0078 3220 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:WINDOWSSystem32webclnt.dll13:17:01.0078 3220 WebClient - ok13:17:01.0125 3220 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:WINDOWSsystem32wbemWMIsvc.dll13:17:01.0125 3220 winmgmt - ok13:17:01.0156 3220 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:WINDOWSsystem32MsPMSNSv.dll13:17:01.0156 3220 WmdmPmSN - ok13:17:01.0187 3220 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:WINDOWSSystem32advapi32.dll13:17:01.0187 3220 Wmi - ok13:17:01.0218 3220 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:WINDOWSSystem32wbemwmiapsrv.exe13:17:01.0234 3220 WmiApSrv - ok13:17:01.0234 3220 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:WINDOWSSystem32driversws2ifsl.sys13:17:01.0234 3220 WS2IFSL - ok13:17:01.0250 3220 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:WINDOWSsystem32wscsvc.dll13:17:01.0265 3220 wscsvc - ok13:17:01.0281 3220 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:WINDOWSsystem32wuauserv.dll13:17:01.0296 3220 wuauserv - ok13:17:01.0312 3220 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:WINDOWSSystem32wzcsvc.dll13:17:01.0343 3220 WZCSVC - ok13:17:01.0375 3220 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:WINDOWSSystem32xmlprov.dll13:17:01.0390 3220 xmlprov - ok13:17:01.0421 3220 [ 87F126D0F8DC176B282924DF0417075E ] yukonwxp C:WINDOWSsystem32DRIVERSyk51x86.sys13:17:01.0421 3220 yukonwxp - ok13:17:01.0437 3220 ================ Scan global ===============================13:17:01.0453 3220 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:WINDOWSsystem32basesrv.dll13:17:01.0484 3220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:WINDOWSsystem32winsrv.dll13:17:01.0500 3220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:WINDOWSsystem32winsrv.dll13:17:01.0515 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:WINDOWSsystem32services.exe13:17:01.0515 3220 [Global] - ok13:17:01.0515 3220 ================ Scan MBR ==================================13:17:01.0515 3220 [ 8F558EB6672622401DA993E1E865C861 ] DeviceHarddisk0DR013:17:01.0515 3220 Suspicious mbr (Forged): DeviceHarddisk0DR013:17:01.0546 3220 DeviceHarddisk0DR0 ( Rootkit.Boot.Pihar.c ) - infected13:17:01.0546 3220 DeviceHarddisk0DR0 - detected Rootkit.Boot.Pihar.c (0)13:17:01.0546 3220 ================ Scan VBR ==================================13:17:01.0546 3220 [ BE239BF6670DF7E7D8E08B7A8746062A ] DeviceHarddisk0DR0Partition113:17:01.0546 3220 DeviceHarddisk0DR0Partition1 - ok13:17:01.0578 3220 [ 3730A60D232AE494BE0F99A83109F2FD ] DeviceHarddisk0DR0Partition213:17:01.0578 3220 DeviceHarddisk0DR0Partition2 - ok13:17:01.0578 3220 ============================================================13:17:01.0578 3220 Scan finished13:17:01.0578 3220 ============================================================13:17:01.0593 3088 Detected object count: 113:17:01.0593 3088 Actual detected object count: 113:17:09.0500 3088 DeviceHarddisk0DR0# - copied to quarantine13:17:09.0500 3088 DeviceHarddisk0DR0 - copied to quarantine13:17:09.0546 3088 DeviceHarddisk0DR0TDLFSldrm - copied to quarantine13:17:09.0546 3088 DeviceHarddisk0DR0TDLFScmd.dll - copied to quarantine13:17:09.0656 3088 DeviceHarddisk0DR0TDLFScmd64.dll - copied to quarantine13:17:09.0718 3088 DeviceHarddisk0DR0TDLFSdrv32 - copied to quarantine13:17:09.0734 3088 DeviceHarddisk0DR0TDLFSdrv64 - copied to quarantine13:17:09.0750 3088 DeviceHarddisk0DR0TDLFSservers.dat - copied to quarantine13:17:09.0750 3088 DeviceHarddisk0DR0TDLFSconfig.ini - copied to quarantine13:17:09.0750 3088 DeviceHarddisk0DR0TDLFSldr16 - copied to quarantine13:17:09.0765 3088 DeviceHarddisk0DR0TDLFSldr32 - copied to quarantine13:17:09.0765 3088 DeviceHarddisk0DR0TDLFSldr64 - copied to quarantine13:17:09.0781 3088 DeviceHarddisk0DR0TDLFSs - copied to quarantine13:17:09.0781 3088 DeviceHarddisk0DR0TDLFSu - copied to quarantine13:17:09.0796 3088 DeviceHarddisk0DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot13:17:09.0796 3088 DeviceHarddisk0DR0 - ok13:17:15.0359 3088 DeviceHarddisk0DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure13:17:37.0359 2288 Deinitialize success

 

 

This is my DDS log;

 

13:16:47.0609 2880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3513:16:48.0921 2880 ======================

Edited by M1918A1
Link to comment
Share on other sites

Hi M1918A1,

Welcome to the pit!

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • [*]I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. [*]The fixes are specific to
your problem and should only be used for the issues on this machine. [*]Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. [*]It's often worth reading through these instructions and printing them for ease of reference. [*]If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. [*]Please reply to this thread. Do not start a new topic.

 

 

 

I don't see your DDS.txt... but for now let's run a different tool:

 

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link -->
http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

 

 

Link to comment
Share on other sites

Hi Tomk

 

Here is the DDS log...I appently messed it up in the original post

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by M1918A1 at 10:13:10 on 2013-01-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1342 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ================
.
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe
C:WINDOWSsystem32spoolsv.exe
D:Program FilesSuperantispywareSASCORE.EXE
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesDiskeeper CorporationDiskeeperDkService.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
D:Program FilesFolder GuardFGKey.exe
C:WINDOWSsystem32RunDLL32.exe
C:PROGRA~1Yahoo!MESSEN~1YahooMessenger.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:PROGRA~1Yahoo!MESSEN~1YahooMessenger.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:WINDOWSsystem32svchost.exe -k DcomLaunch
C:WINDOWSsystem32svchost.exe -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSSystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSSystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k netsvcs
C:WINDOWSSystem32svchost.exe -k HPZ12
C:WINDOWSSystem32svchost.exe -k HPZ12
C:WINDOWSSystem32svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:program filesspybot - search & destroySDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesoraclejavafx 2.1 runtimebinssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesoraclejavafx 2.1 runtimebinjp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Messenger (Yahoo!)] "c:progra~1yahoo!messen~1YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
mRun: [ccApp] "c:program filescommon filessymantec sharedccApp.exe"
mRun: [FG_Monitor] d:program filesfolder guardFGKey.exe /Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:program filesnvidia corporationnviewnwiz.exe /installquiet
StartupFolder: c:documents and settingsm1918a1start menuprogramsstartupctfmon.lnk.disabled
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-WindowsSystem: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Google Search - c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:program filesgoogleGoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - d:progra~2micros~1office12EXCEL.EXE/3000
IE: Similar Pages - c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:program filesmicrosoft officeoffice12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:program filesspybot - search & destroySDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353085875127
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
TCP: NameServer = 166.102.165.13 207.91.5.20 192.168.254.254
TCP: Interfaces{7A5A4F4A-C4A4-4253-A8DC-55F34F3610DD} : DHCPNameServer = 166.102.165.13 207.91.5.20 192.168.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:program filesmicrosoft officeoffice12GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:program filessuperantispywareSASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:documents and settingsm1918a1application datamozillafirefoxprofilesy57ek6fj.default
FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll
FF - plugin: c:program filescommon filesmotivenpMotive.dll
FF - plugin: c:program filesoraclejavafx 2.1 runtimebinplugin2npjp2.dll
FF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_146.dll
FF - plugin: c:windowssystem32npDeployJava1.dll
FF - plugin: c:windowssystem32npptools.dll
FF - plugin: d:program filesvideolanvlcnpvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2013-1-25 28552]
R1 SASDIFSV;SASDIFSV;d:program filessuperantispywaresasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:program filessuperantispywareSASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:program filessuperantispywareSASCORE.EXE [2011-8-11 116608]
R2 ccEvtMgr;Symantec Event Manager;c:program filescommon filessymantec sharedccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:program filescommon filessymantec sharedccSvcHst.exe [2007-1-10 108648]
R2 FGUARD32;FGUARD32;d:program filesfolder guardFGUARD32.SYS [2012-5-19 54480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filescommon filessymantec sharedeengineEraserUtilRebootDrv.sys [2013-1-24 106656]
R3 NAVENG;NAVENG;c:progra~1common~1symant~1virusd~120130126.007NAVENG.SYS [2013-1-26 93296]
R3 NAVEX15;NAVEX15;c:progra~1common~1symant~1virusd~120130126.007NAVEX15.SYS [2013-1-26 1603824]
R3 Symantec Core LC;Symantec Core LC;c:program filescommon filessymantec sharedccpd-lcsymlcsvc.exe [2012-5-19 1251720]
S0 cxtcqfms;cxtcqfms;c:windowssystem32driversituwhrti.sys --> c:windowssystem32driversituwhrti.sys [?]
.
=============== File Associations ===============
.
FileExt: .txt: GetDiz.Document="d:program filesgetdizGetDiz.exe" "%1"
FileExt: .ini: GetDiz.Document="d:program filesgetdizGetDiz.exe" "%1"
.
=============== Created Last 30 ================
.
2013-01-27 03:21:23 889784 ----a-w- c:windowssystem32nvdispgenco32.dll
2013-01-27 03:21:23 6066176 ----a-w- c:windowssystem32nvopencl.dll
2013-01-26 00:53:08 28552 ----a-w- c:windowssystem32driverspavboot.sys
2013-01-26 00:53:02 -------- d-----w- c:program filesPanda Security
2013-01-26 00:51:31 -------- d-----w- c:documents and settingsm1918a1application dataQuickScan
2013-01-26 00:39:12 -------- d-----w- C:TDSSKiller_Quarantine
2013-01-24 09:08:00 10344 ----a-w- c:windowssystem32driverssymlcbrd.sys
2013-01-24 09:03:13 -------- d-----w- c:program filesWestern Digital Corporation
2013-01-23 19:00:44 -------- d-----w- c:program filesOcean Systems
.
==================== Find3M ====================
.
2013-01-27 03:21:55 1074560 ----a-w- c:windowssystem32nvdrsdb0.bin
2013-01-27 03:21:55 1 ----a-w- c:windowssystem32nvdrssel.bin
2013-01-27 03:21:52 1074560 ----a-w- c:windowssystem32nvdrsdb1.bin
2013-01-09 01:34:46 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-01-09 01:34:46 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2012-12-29 10:31:25 7716864 ----a-w- c:windowssystem32nvcuda.dll
2012-12-29 10:31:25 4154752 ----a-w- c:windowssystem32nv4_disp.dll
2012-12-29 10:31:25 2725304 ----a-w- c:windowssystem32nvcuvid.dll
2012-12-29 10:31:25 2448384 ----a-w- c:windowssystem32nvapi.dll
2012-12-29 10:31:25 1985976 ----a-w- c:windowssystem32nvcuvenc.dll
2012-12-29 10:31:25 19570688 ----a-w- c:windowssystem32nvoglnt.dll
2012-12-29 10:31:25 17551360 ----a-w- c:windowssystem32nvcompiler.dll
2012-12-29 10:31:25 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys
2012-12-29 10:31:25 1017272 ----a-w- c:windowssystem32nvdispco32.dll
2012-12-29 08:07:06 54272 ----a-w- c:windowssystem32nvwddi.dll
2012-12-29 08:07:02 157112 ----a-w- c:windowssystem32nvsvc32.exe
2012-12-29 08:07:02 15635896 ----a-w- c:windowssystem32nvcpl.dll
2012-12-29 08:07:02 108984 ----a-w- c:windowssystem32nvmctray.dll
2012-12-29 08:07:01 144312 ----a-w- c:windowssystem32nvcolor.exe
2012-12-16 12:23:59 290560 ----a-w- c:windowssystem32atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:windowssystem32win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:windowssystem32msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:windowssystem32dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:windowssystem32wininet.dll
2012-11-01 12:17:54 43520 ------w- c:windowssystem32licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:windowssystem32inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:windowssystem32html.iec
.
============= FINISH: 10:13:25.70 ===============

Link to comment
Share on other sites

Here is the Combofix log

 

 

 

 

ComboFix 13-01-28.03 - M1918A1 01/28/2013 22:35:48.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1548 [GMT -5:00]
Running from: c:documents and settingsM1918A1DesktopComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:autorun.inf
C:nomb.pif
D:Autorun.inf
D:pgbkik.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------Legacy_AMSINT32
-------Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-27 03:22 . 2013-01-27 03:22 -------- d-----w- c:program filesAGEIA Technologies
2013-01-27 03:21 . 2012-12-29 10:31 889784 ----a-w- c:windowssystem32nvdispgenco32.dll
2013-01-27 03:21 . 2012-12-29 10:31 6066176 ----a-w- c:windowssystem32nvopencl.dll
2013-01-26 00:53 . 2009-06-30 15:37 28552 ----a-w- c:windowssystem32driverspavboot.sys
2013-01-26 00:53 . 2013-01-26 00:53 -------- d-----w- c:program filesPanda Security
2013-01-26 00:51 . 2013-01-26 00:51 -------- d-----w- c:documents and settingsM1918A1Application DataQuickScan
2013-01-26 00:39 . 2013-01-27 18:17 -------- d-----w- C:TDSSKiller_Quarantine
2013-01-24 09:08 . 2013-01-24 09:08 10344 ----a-w- c:windowssystem32driverssymlcbrd.sys
2013-01-24 09:03 . 2013-01-24 09:03 -------- d-----w- c:program filesWestern Digital Corporation
2013-01-23 19:00 . 2013-01-24 19:08 -------- d-----w- c:program filesOcean Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 01:34 . 2012-05-19 16:02 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-01-09 01:34 . 2012-05-19 16:02 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2012-12-29 10:31 . 2012-05-19 16:46 1985976 ----a-w- c:windowssystem32nvcuvenc.dll
2012-12-29 10:31 . 2012-05-19 16:46 17551360 ----a-w- c:windowssystem32nvcompiler.dll
2012-12-29 10:31 . 2012-05-19 16:46 1017272 ----a-w- c:windowssystem32nvdispco32.dll
2012-12-29 10:31 . 2009-02-09 17:18 7716864 ----a-w- c:windowssystem32nvcuda.dll
2012-12-29 10:31 . 2009-02-09 17:18 4154752 ----a-w- c:windowssystem32nv4_disp.dll
2012-12-29 10:31 . 2009-02-09 17:18 2725304 ----a-w- c:windowssystem32nvcuvid.dll
2012-12-29 10:31 . 2009-02-09 17:18 2448384 ----a-w- c:windowssystem32nvapi.dll
2012-12-29 10:31 . 2009-02-09 17:18 19570688 ----a-w- c:windowssystem32nvoglnt.dll
2012-12-29 10:31 . 2009-02-09 17:18 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys
2012-12-29 08:07 . 2009-02-09 17:18 54272 ----a-w- c:windowssystem32nvwddi.dll
2012-12-29 08:07 . 2009-02-09 17:18 157112 ----a-w- c:windowssystem32nvsvc32.exe
2012-12-29 08:07 . 2009-02-09 17:18 15635896 ----a-w- c:windowssystem32nvcpl.dll
2012-12-29 08:07 . 2009-02-09 17:18 108984 ----a-w- c:windowssystem32nvmctray.dll
2012-12-29 08:07 . 2009-02-09 17:18 144312 ----a-w- c:windowssystem32nvcolor.exe
2012-12-16 12:23 . 2001-08-23 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2012-12-14 21:49 . 2012-09-24 14:24 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-11-13 01:25 . 2002-08-29 07:14 1866368 ----a-w- c:windowssystem32win32k.sys
2012-11-06 02:01 . 2012-05-19 15:43 1371648 ----a-w- c:windowssystem32msxml6.dll
2012-11-02 02:02 . 2012-05-19 15:23 375296 ----a-w- c:windowssystem32dpnet.dll
2012-11-01 12:17 . 2002-08-29 08:41 1469440 ------w- c:windowssystem32inetcpl.cpl
2012-11-01 12:17 . 2002-08-29 08:41 916992 ----a-w- c:windowssystem32wininet.dll
2012-11-01 12:17 . 2002-08-29 08:41 43520 ------w- c:windowssystem32licmgr10.dll
2012-11-01 00:35 . 2012-05-19 15:32 385024 ------w- c:windowssystem32html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2013-01-29 6673752]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ccApp"="c:program filesCommon FilesSymantec SharedccApp.exe" [2007-01-10 115816]
"FG_Monitor"="d:program filesFolder GuardFGKey.exe" [2009-01-31 132424]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2012-12-29 15635896]
"NvMediaCenter"="NvMCTray.dll" [2012-12-29 108984]
"nwiz"="c:program filesNVIDIA Corporationnviewnwiz.exe" [2012-12-29 1982312]
.
c:documents and settingsM1918A1Start MenuProgramsStartup
ctfmon.lnk.disabled [2012-9-24 1066]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:program filesSuperantispywareSASSEH.DLL" [2011-07-19 113024]
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"MSMSGS"="c:program filesMessengermsmsgs.exe" /background
"Microsoft Help"=rundll32.exe "c:documents and settingsM1918A1Local SettingsApplication DataVid-SaverMicrosoft Helpxnbiqwby.dll",RunServiceW
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe"
"NvCplDaemon"=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe"
"Symantec PIF AlertEng"="c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
"nwiz"=c:program filesNVIDIA Corporationnviewnwiz.exe /installquiet
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesWindows LiveMessengermsnmsgr.exe"=
"d:Program FilesuTorrentutorrent.exe"=
"c:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe"=
.
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [1/25/2013 7:53 PM 28552]
R1 SASDIFSV;SASDIFSV;d:program filesSuperantispywaresasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;d:program filesSuperantispywareSASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 FGUARD32;FGUARD32;d:program filesFolder GuardFGUARD32.SYS [5/19/2012 1:32 PM 54480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [1/24/2013 2:13 PM 106656]
S0 cxtcqfms;cxtcqfms;c:windowssystem32driversituwhrti.sys --> c:windowssystem32driversituwhrti.sys [?]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-29 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-05-19 01:34]
.
2013-01-29 c:windowsTasksNorton AntiVirus - Run Full System Scan - M1918A1.job
- c:program filesNorton AntivirusNavw32.exe [2007-01-14 09:09]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:program filesGoogleGoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:program filesGoogleGoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - d:progra~2MICROS~1Office12EXCEL.EXE/3000
IE: Similar Pages - c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:program filesGoogleGoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 166.102.165.13 207.91.5.20 192.168.254.254
FF - ProfilePath - c:documents and settingsM1918A1Application DataMozillaFirefoxProfilesy57ek6fj.default
.
.
------- File Associations -------
.
.txt=GetDiz.Document
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-28 22:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2832)
c:windowssystem32WININET.dll
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:windowssystem32RunDLL32.exe
d:program filesSuperantispywareSASCORE.EXE
c:program filesSymantecLiveUpdateALUSchedulerSvc.exe
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:program filesDiskeeper CorporationDiskeeperDkService.exe
c:program filesCommon FilesMotiveMcciCMService.exe
c:windowssystem32nvsvc32.exe
c:program filesNVIDIA CorporationNVIDIA Update Coredaemonu.exe
c:windowssystem32wdfmgr.exe
c:progra~1SymantecLIVEUP~1LUCOMS~1.EXE
c:program filesSymantecLiveUpdateAUPDATE.EXE
c:program filesSymantecLiveUpdateLuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2013-01-28 22:55:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-29 03:54
ComboFix2.txt 2013-01-23 20:47
ComboFix3.txt 2012-12-12 11:19
ComboFix4.txt 2012-12-03 21:38
ComboFix5.txt 2013-01-29 03:35
.
Pre-Run: 25,177,747,456 bytes free
Post-Run: 25,107,939,328 bytes free
.
- - End Of File - - 3714DC9F2827F0A619E6F4E5B28DC5ED

Link to comment
Share on other sites

Pihar is a rootkit/backdoor. I would be remiss not to warn you as follows:

 

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • [*]Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use. [*]Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account. [*]Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.

 

 

Also...

 

uTorrent
You have uTorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm


I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

COMBOFIX-Script

  • [*]Please open
Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::c:windowssystem32driversituwhrti.sysDriver::cxtcqfms
[*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Posted Image [*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. [*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. [*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

 

Link to comment
Share on other sites

Had to run combofix in safe mode. My antivirus wouldn't come up so that I could disable the autoprotect. Whatever is here has messed up the antivirus. Couldn't change my passwords because apparently the same type of thing is affecting my other computer too. The antivirus disappeared on it shortly after doing a full scan. Also, I had to re-download combofix and change its name to get it to run. Was hoping not to have to reformat, but I don't think I have a choice.

 

 

ComboFix 13-01-29.01 - M1918A1 01/29/2013 5:09.8.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1714 [GMT -5:00]
Running from: c:documents and settingsM1918A1Desktopmine.exe
Command switches used :: c:documents and settingsM1918A1DesktopCFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:autorun.inf
D:Autorun.inf
D:kgiv.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------Legacy_AMSINT32
-------Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 10:09 . 2013-01-29 10:09 103140 --sh--r- C:boscx.exe
2013-01-27 03:22 . 2013-01-27 03:22 -------- d-----w- c:program filesAGEIA Technologies
2013-01-27 03:21 . 2012-12-29 10:31 889784 ----a-w- c:windowssystem32nvdispgenco32.dll
2013-01-27 03:21 . 2012-12-29 10:31 6066176 ----a-w- c:windowssystem32nvopencl.dll
2013-01-26 00:53 . 2009-06-30 15:37 28552 ----a-w- c:windowssystem32driverspavboot.sys
2013-01-26 00:53 . 2013-01-26 00:53 -------- d-----w- c:program filesPanda Security
2013-01-26 00:51 . 2013-01-26 00:51 -------- d-----w- c:documents and settingsM1918A1Application DataQuickScan
2013-01-26 00:39 . 2013-01-27 18:17 -------- d-----w- C:TDSSKiller_Quarantine
2013-01-24 09:08 . 2013-01-24 09:08 10344 ----a-w- c:windowssystem32driverssymlcbrd.sys
2013-01-24 09:03 . 2013-01-24 09:03 -------- d-----w- c:program filesWestern Digital Corporation
2013-01-23 19:00 . 2013-01-24 19:08 -------- d-----w- c:program filesOcean Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 10:16 . 2001-08-23 12:00 33280 ----a-w- c:windowssystem32rundll32.exe
2013-01-09 01:34 . 2012-05-19 16:02 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-01-09 01:34 . 2012-05-19 16:02 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2012-12-29 10:31 . 2012-05-19 16:46 1985976 ----a-w- c:windowssystem32nvcuvenc.dll
2012-12-29 10:31 . 2012-05-19 16:46 17551360 ----a-w- c:windowssystem32nvcompiler.dll
2012-12-29 10:31 . 2012-05-19 16:46 1017272 ----a-w- c:windowssystem32nvdispco32.dll
2012-12-29 10:31 . 2009-02-09 17:18 7716864 ----a-w- c:windowssystem32nvcuda.dll
2012-12-29 10:31 . 2009-02-09 17:18 4154752 ----a-w- c:windowssystem32nv4_disp.dll
2012-12-29 10:31 . 2009-02-09 17:18 2725304 ----a-w- c:windowssystem32nvcuvid.dll
2012-12-29 10:31 . 2009-02-09 17:18 2448384 ----a-w- c:windowssystem32nvapi.dll
2012-12-29 10:31 . 2009-02-09 17:18 19570688 ----a-w- c:windowssystem32nvoglnt.dll
2012-12-29 10:31 . 2009-02-09 17:18 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys
2012-12-29 08:07 . 2009-02-09 17:18 54272 ----a-w- c:windowssystem32nvwddi.dll
2012-12-29 08:07 . 2009-02-09 17:18 157112 ----a-w- c:windowssystem32nvsvc32.exe
2012-12-29 08:07 . 2009-02-09 17:18 15635896 ----a-w- c:windowssystem32nvcpl.dll
2012-12-29 08:07 . 2009-02-09 17:18 108984 ----a-w- c:windowssystem32nvmctray.dll
2012-12-29 08:07 . 2009-02-09 17:18 144312 ----a-w- c:windowssystem32nvcolor.exe
2012-12-16 12:23 . 2001-08-23 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2012-12-14 21:49 . 2012-09-24 14:24 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-11-13 01:25 . 2002-08-29 07:14 1866368 ----a-w- c:windowssystem32win32k.sys
2012-11-06 02:01 . 2012-05-19 15:43 1371648 ----a-w- c:windowssystem32msxml6.dll
2012-11-02 02:02 . 2012-05-19 15:23 375296 ----a-w- c:windowssystem32dpnet.dll
2012-11-01 12:17 . 2002-08-29 08:41 1469440 ------w- c:windowssystem32inetcpl.cpl
2012-11-01 12:17 . 2002-08-29 08:41 916992 ----a-w- c:windowssystem32wininet.dll
2012-11-01 12:17 . 2002-08-29 08:41 43520 ------w- c:windowssystem32licmgr10.dll
2012-11-01 00:35 . 2012-05-19 15:32 385024 ------w- c:windowssystem32html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2013-01-29 6673752]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ccApp"="c:program filesCommon FilesSymantec SharedccApp.exe" [2007-01-10 115816]
"FG_Monitor"="d:program filesFolder GuardFGKey.exe" [2013-01-29 206152]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2012-12-29 15635896]
"NvMediaCenter"="NvMCTray.dll" [2012-12-29 108984]
"nwiz"="c:program filesNVIDIA Corporationnviewnwiz.exe" [2012-12-29 1982312]
.
c:documents and settingsM1918A1Start MenuProgramsStartup
ctfmon.lnk.disabled [2012-9-24 1066]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:program filesSuperantispywareSASSEH.DLL" [2011-07-19 113024]
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"MSMSGS"="c:program filesMessengermsmsgs.exe" /background
"Microsoft Help"=rundll32.exe "c:documents and settingsM1918A1Local SettingsApplication DataVid-SaverMicrosoft Helpxnbiqwby.dll",RunServiceW
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe"
"NvCplDaemon"=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe"
"Symantec PIF AlertEng"="c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
"nwiz"=c:program filesNVIDIA Corporationnviewnwiz.exe /installquiet
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesWindows LiveMessengermsnmsgr.exe"=
"d:Program FilesuTorrentutorrent.exe"=
"c:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe"=
.
S0 cxtcqfms;cxtcqfms;c:windowssystem32driversituwhrti.sys --> c:windowssystem32driversituwhrti.sys [?]
S0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [1/25/2013 7:53 PM 28552]
S1 SASDIFSV;SASDIFSV;d:program filesSuperantispywaresasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;d:program filesSuperantispywareSASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 !SASCORE;SAS Core Service;d:program filesSuperantispywareSASCORE.EXE [8/11/2011 6:38 PM 116608]
S2 FGUARD32;FGUARD32;d:program filesFolder GuardFGUARD32.SYS [5/19/2012 1:32 PM 54480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [1/24/2013 2:13 PM 106656]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-29 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-05-19 01:34]
.
2013-01-29 c:windowsTasksNorton AntiVirus - Run Full System Scan - M1918A1.job
- c:program filesNorton AntivirusNavw32.exe [2007-01-14 09:09]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:program filesGoogleGoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:program filesGoogleGoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - d:progra~2MICROS~1Office12EXCEL.EXE/3000
IE: Similar Pages - c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:program filesGoogleGoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 166.102.165.13 207.91.5.20 192.168.254.254
FF - ProfilePath - c:documents and settingsM1918A1Application DataMozillaFirefoxProfilesy57ek6fj.default
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-29 05:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:windowssystem32OLD3.tmp 33280 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2988)
c:windowssystem32WININET.dll
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:program filesSymantecLiveUpdateALUSchedulerSvc.exe
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:program filesDiskeeper CorporationDiskeeperDkService.exe
c:program filesCommon FilesMotiveMcciCMService.exe
c:windowssystem32nvsvc32.exe
c:program filesNVIDIA CorporationNVIDIA Update Coredaemonu.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32RunDLL32.exe
c:program filesSymantecLiveUpdateAUPDATE.EXE
c:progra~1SymantecLIVEUP~1LUCOMS~1.EXE
c:program filesSymantecLiveUpdateLuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2013-01-29 05:30:28 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-29 10:30
ComboFix2.txt 2013-01-29 03:55
ComboFix3.txt 2013-01-23 20:47
ComboFix4.txt 2012-12-12 11:19
ComboFix5.txt 2013-01-29 10:09
.
Pre-Run: 25,034,346,496 bytes free
Post-Run: 25,242,607,616 bytes free
.
- - End Of File - - BDF6258A6BECF5D6B9BA7156BFF8345E

Link to comment
Share on other sites

Well... that didn't work. The script got mangled by the forum software.

 

Let's try again:

 

COMBOFIX-Script

  • [*]Please open
Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

 

File::c:windowssystem32driversituwhrti.sysDriver::cxtcqfms
[*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Posted Image [*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. [*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. [*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Then I'd like you to run TDSSKiller again please.

Edited by Tomk_
Link to comment
Share on other sites

Went to Bleeping Computers and Combofix is not available at this time.....I will have to try later. The copy already on my computer won't work anymore. Maybe I messed up when I sent the last one in.....I didn't the report with notepad when i pasted it to the post........Here it is again, this time pasted from notepad

 

ComboFix 13-01-29.01 - M1918A1 01/29/2013 5:09.8.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1714 [GMT -5:00]
Running from: c:documents and settingsM1918A1Desktopmine.exe
Command switches used :: c:documents and settingsM1918A1DesktopCFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:autorun.inf
D:Autorun.inf
D:kgiv.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------Legacy_AMSINT32
-------Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 10:09 . 2013-01-29 10:09 103140 --sh--r- C:boscx.exe
2013-01-27 03:22 . 2013-01-27 03:22 -------- d-----w- c:program filesAGEIA Technologies
2013-01-27 03:21 . 2012-12-29 10:31 889784 ----a-w- c:windowssystem32nvdispgenco32.dll
2013-01-27 03:21 . 2012-12-29 10:31 6066176 ----a-w- c:windowssystem32nvopencl.dll
2013-01-26 00:53 . 2009-06-30 15:37 28552 ----a-w- c:windowssystem32driverspavboot.sys
2013-01-26 00:53 . 2013-01-26 00:53 -------- d-----w- c:program filesPanda Security
2013-01-26 00:51 . 2013-01-26 00:51 -------- d-----w- c:documents and settingsM1918A1Application DataQuickScan
2013-01-26 00:39 . 2013-01-27 18:17 -------- d-----w- C:TDSSKiller_Quarantine
2013-01-24 09:08 . 2013-01-24 09:08 10344 ----a-w- c:windowssystem32driverssymlcbrd.sys
2013-01-24 09:03 . 2013-01-24 09:03 -------- d-----w- c:program filesWestern Digital Corporation
2013-01-23 19:00 . 2013-01-24 19:08 -------- d-----w- c:program filesOcean Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 10:16 . 2001-08-23 12:00 33280 ----a-w- c:windowssystem32rundll32.exe
2013-01-09 01:34 . 2012-05-19 16:02 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-01-09 01:34 . 2012-05-19 16:02 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2012-12-29 10:31 . 2012-05-19 16:46 1985976 ----a-w- c:windowssystem32nvcuvenc.dll
2012-12-29 10:31 . 2012-05-19 16:46 17551360 ----a-w- c:windowssystem32nvcompiler.dll
2012-12-29 10:31 . 2012-05-19 16:46 1017272 ----a-w- c:windowssystem32nvdispco32.dll
2012-12-29 10:31 . 2009-02-09 17:18 7716864 ----a-w- c:windowssystem32nvcuda.dll
2012-12-29 10:31 . 2009-02-09 17:18 4154752 ----a-w- c:windowssystem32nv4_disp.dll
2012-12-29 10:31 . 2009-02-09 17:18 2725304 ----a-w- c:windowssystem32nvcuvid.dll
2012-12-29 10:31 . 2009-02-09 17:18 2448384 ----a-w- c:windowssystem32nvapi.dll
2012-12-29 10:31 . 2009-02-09 17:18 19570688 ----a-w- c:windowssystem32nvoglnt.dll
2012-12-29 10:31 . 2009-02-09 17:18 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys
2012-12-29 08:07 . 2009-02-09 17:18 54272 ----a-w- c:windowssystem32nvwddi.dll
2012-12-29 08:07 . 2009-02-09 17:18 157112 ----a-w- c:windowssystem32nvsvc32.exe
2012-12-29 08:07 . 2009-02-09 17:18 15635896 ----a-w- c:windowssystem32nvcpl.dll
2012-12-29 08:07 . 2009-02-09 17:18 108984 ----a-w- c:windowssystem32nvmctray.dll
2012-12-29 08:07 . 2009-02-09 17:18 144312 ----a-w- c:windowssystem32nvcolor.exe
2012-12-16 12:23 . 2001-08-23 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2012-12-14 21:49 . 2012-09-24 14:24 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-11-13 01:25 . 2002-08-29 07:14 1866368 ----a-w- c:windowssystem32win32k.sys
2012-11-06 02:01 . 2012-05-19 15:43 1371648 ----a-w- c:windowssystem32msxml6.dll
2012-11-02 02:02 . 2012-05-19 15:23 375296 ----a-w- c:windowssystem32dpnet.dll
2012-11-01 12:17 . 2002-08-29 08:41 1469440 ------w- c:windowssystem32inetcpl.cpl
2012-11-01 12:17 . 2002-08-29 08:41 916992 ----a-w- c:windowssystem32wininet.dll
2012-11-01 12:17 . 2002-08-29 08:41 43520 ------w- c:windowssystem32licmgr10.dll
2012-11-01 00:35 . 2012-05-19 15:32 385024 ------w- c:windowssystem32html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2013-01-29 6673752]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ccApp"="c:program filesCommon FilesSymantec SharedccApp.exe" [2007-01-10 115816]
"FG_Monitor"="d:program filesFolder GuardFGKey.exe" [2013-01-29 206152]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2012-12-29 15635896]
"NvMediaCenter"="NvMCTray.dll" [2012-12-29 108984]
"nwiz"="c:program filesNVIDIA Corporationnviewnwiz.exe" [2012-12-29 1982312]
.
c:documents and settingsM1918A1Start MenuProgramsStartup
ctfmon.lnk.disabled [2012-9-24 1066]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:program filesSuperantispywareSASSEH.DLL" [2011-07-19 113024]
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"MSMSGS"="c:program filesMessengermsmsgs.exe" /background
"Microsoft Help"=rundll32.exe "c:documents and settingsM1918A1Local SettingsApplication DataVid-SaverMicrosoft Helpxnbiqwby.dll",RunServiceW
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe"
"NvCplDaemon"=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe"
"Symantec PIF AlertEng"="c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
"nwiz"=c:program filesNVIDIA Corporationnviewnwiz.exe /installquiet
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesWindows LiveMessengermsnmsgr.exe"=
"d:Program FilesuTorrentutorrent.exe"=
"c:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe"=
.
S0 cxtcqfms;cxtcqfms;c:windowssystem32driversituwhrti.sys --> c:windowssystem32driversituwhrti.sys [?]
S0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [1/25/2013 7:53 PM 28552]
S1 SASDIFSV;SASDIFSV;d:program filesSuperantispywaresasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;d:program filesSuperantispywareSASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 !SASCORE;SAS Core Service;d:program filesSuperantispywareSASCORE.EXE [8/11/2011 6:38 PM 116608]
S2 FGUARD32;FGUARD32;d:program filesFolder GuardFGUARD32.SYS [5/19/2012 1:32 PM 54480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [1/24/2013 2:13 PM 106656]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-29 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-05-19 01:34]
.
2013-01-29 c:windowsTasksNorton AntiVirus - Run Full System Scan - M1918A1.job
- c:program filesNorton AntivirusNavw32.exe [2007-01-14 09:09]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:program filesGoogleGoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:program filesGoogleGoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - d:progra~2MICROS~1Office12EXCEL.EXE/3000
IE: Similar Pages - c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:program filesGoogleGoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 166.102.165.13 207.91.5.20 192.168.254.254
FF - ProfilePath - c:documents and settingsM1918A1Application DataMozillaFirefoxProfilesy57ek6fj.default
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-29 05:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:windowssystem32OLD3.tmp 33280 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2988)
c:windowssystem32WININET.dll
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:program filesSymantecLiveUpdateALUSchedulerSvc.exe
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:program filesDiskeeper CorporationDiskeeperDkService.exe
c:program filesCommon FilesMotiveMcciCMService.exe
c:windowssystem32nvsvc32.exe
c:program filesNVIDIA CorporationNVIDIA Update Coredaemonu.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32RunDLL32.exe
c:program filesSymantecLiveUpdateAUPDATE.EXE
c:progra~1SymantecLIVEUP~1LUCOMS~1.EXE
c:program filesSymantecLiveUpdateLuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2013-01-29 05:30:28 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-29 10:30
ComboFix2.txt 2013-01-29 03:55
ComboFix3.txt 2013-01-23 20:47
ComboFix4.txt 2012-12-12 11:19
ComboFix5.txt 2013-01-29 10:09
.
Pre-Run: 25,034,346,496 bytes free
Post-Run: 25,242,607,616 bytes free
.
- - End Of File - - BDF6258A6BECF5D6B9BA7156BFF8345E

Link to comment
Share on other sites

Nothing wrong with what you posted... it was in the script I gave you. The forum software removed all of the spaces and the returns.

 

The most current version of CF is "bad". The upload file was infected with sality so it has been pulled.

 

Go ahead and run TDSSkiller again.

Link to comment
Share on other sites

This is the latest KDSSKiller

 

15:21:36.0937 0572 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3515:21:37.0312 0572 ============================================================15:21:37.0312 0572 Current date / time: 2013/01/29 15:21:37.031215:21:37.0312 0572 SystemInfo:15:21:37.0312 0572 15:21:37.0312 0572 OS Version: 5.1.2600 ServicePack: 3.015:21:37.0312 0572 Product type: Workstation15:21:37.0312 0572 ComputerName: USM1918A115:21:37.0312 0572 UserName: M1918A115:21:37.0312 0572 Windows directory: C:WINDOWS15:21:37.0312 0572 System windows directory: C:WINDOWS15:21:37.0312 0572 Processor architecture: Intel x8615:21:37.0312 0572 Number of processors: 115:21:37.0312 0572 Page size: 0x100015:21:37.0312 0572 Boot type: Normal boot15:21:37.0312 0572 ============================================================15:21:37.0640 0572 Drive DeviceHarddisk0DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005015:21:37.0640 0572 ============================================================15:21:37.0640 0572 DeviceHarddisk0DR0:15:21:37.0640 0572 MBR partitions:15:21:37.0640 0572 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC15:21:37.0656 0572 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x45A3419615:21:37.0656 0572 ============================================================15:21:37.0687 0572 C: <-> DeviceHarddisk0DR0Partition115:21:37.0703 0572 D: <-> DeviceHarddisk0DR0Partition215:21:37.0703 0572 ============================================================15:21:37.0703 0572 Initialize success15:21:37.0703 0572 ============================================================15:21:38.0703 1852 ============================================================15:21:38.0703 1852 Scan started15:21:38.0703 1852 Mode: Manual;15:21:38.0703 1852 ============================================================15:21:40.0265 1852 ================ Scan system memory ========================15:21:40.0265 1852 System memory - ok15:21:40.0265 1852 ================ Scan services =============================15:21:40.0328 1852 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE D:Program FilesSuperantispywareSASCORE.EXE15:21:40.0328 1852 !SASCORE - ok15:21:40.0390 1852 Abiosdsk - ok15:21:40.0406 1852 abp480n5 - ok15:21:40.0437 1852 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:WINDOWSsystem32DRIVERSACPI.sys15:21:40.0437 1852 ACPI - ok15:21:40.0453 1852 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:WINDOWSsystem32driversACPIEC.sys15:21:40.0468 1852 ACPIEC - ok15:21:40.0515 1852 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe15:21:40.0515 1852 AdobeFlashPlayerUpdateSvc - ok15:21:40.0531 1852 adpu160m - ok15:21:40.0546 1852 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:WINDOWSsystem32driversaec.sys15:21:40.0546 1852 aec - ok15:21:40.0578 1852 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:WINDOWSSystem32driversafd.sys15:21:40.0593 1852 AFD - ok15:21:40.0593 1852 Aha154x - ok15:21:40.0609 1852 aic78u2 - ok15:21:40.0609 1852 aic78xx - ok15:21:40.0687 1852 [ 92AE420BE14B0D97D14DAC4ABA22A702 ] ALCXWDM C:WINDOWSsystem32driversALCXWDM.SYS15:21:40.0750 1852 ALCXWDM - ok15:21:40.0781 1852 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:WINDOWSsystem32alrsvc.dll15:21:40.0781 1852 Alerter - ok15:21:40.0796 1852 [ 8C515081584A38AA007909CD02020B3D ] ALG C:WINDOWSSystem32alg.exe15:21:40.0796 1852 ALG - ok15:21:40.0796 1852 AliIde - ok15:21:40.0812 1852 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:WINDOWSsystem32DRIVERSAmdK8.sys15:21:40.0828 1852 AmdK8 - ok15:21:40.0828 1852 amsint - ok15:21:40.0859 1852 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:WINDOWSSystem32appmgmts.dll15:21:40.0859 1852 AppMgmt - ok15:21:40.0875 1852 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:WINDOWSsystem32DRIVERSarp1394.sys15:21:40.0890 1852 Arp1394 - ok15:21:40.0890 1852 asc - ok15:21:40.0906 1852 asc3350p - ok15:21:40.0906 1852 asc3550 - ok15:21:40.0953 1852 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe15:21:41.0000 1852 aspnet_state - ok15:21:41.0015 1852 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:WINDOWSsystem32DRIVERSasyncmac.sys15:21:41.0015 1852 AsyncMac - ok15:21:41.0046 1852 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:WINDOWSsystem32DRIVERSatapi.sys15:21:41.0046 1852 atapi - ok15:21:41.0062 1852 Atdisk - ok15:21:41.0078 1852 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:WINDOWSsystem32DRIVERSatmarpc.sys15:21:41.0078 1852 Atmarpc - ok15:21:41.0093 1852 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:WINDOWSSystem32audiosrv.dll15:21:41.0093 1852 AudioSrv - ok15:21:41.0109 1852 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:WINDOWSsystem32DRIVERSaudstub.sys15:21:41.0109 1852 audstub - ok15:21:41.0187 1852 [ B5D974C1FD078A68C7536C561B031D39 ] Automatic LiveUpdate Scheduler C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe15:21:41.0187 1852 Automatic LiveUpdate Scheduler - ok15:21:41.0218 1852 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:WINDOWSsystem32driversBeep.sys15:21:41.0234 1852 Beep - ok15:21:41.0250 1852 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:WINDOWSsystem32qmgr.dll15:21:41.0265 1852 BITS - ok15:21:41.0281 1852 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:WINDOWSSystem32browser.dll15:21:41.0281 1852 Browser - ok15:21:41.0296 1852 catchme - ok15:21:41.0328 1852 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:WINDOWSsystem32driverscbidf2k.sys15:21:41.0328 1852 cbidf2k - ok15:21:41.0343 1852 [ FE69C498B922CE835E2E2123FBD0A272 ] ccEvtMgr C:Program FilesCommon FilesSymantec SharedccSvcHst.exe15:21:41.0359 1852 ccEvtMgr - ok15:21:41.0359 1852 [ FE69C498B922CE835E2E2123FBD0A272 ] ccSetMgr C:Program FilesCommon FilesSymantec SharedccSvcHst.exe15:21:41.0359 1852 ccSetMgr - ok15:21:41.0359 1852 cd20xrnt - ok15:21:41.0390 1852 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:WINDOWSsystem32driversCdaudio.sys15:21:41.0390 1852 Cdaudio - ok15:21:41.0406 1852 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:WINDOWSsystem32driversCdfs.sys15:21:41.0406 1852 Cdfs - ok15:21:41.0437 1852 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:WINDOWSsystem32DRIVERScdrom.sys15:21:41.0453 1852 Cdrom - ok15:21:41.0453 1852 Changer - ok15:21:41.0484 1852 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:WINDOWSsystem32cisvc.exe15:21:41.0484 1852 CiSvc - ok15:21:41.0500 1852 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:WINDOWSsystem32clipsrv.exe15:21:41.0515 1852 ClipSrv - ok15:21:41.0531 1852 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe15:21:41.0593 1852 clr_optimization_v2.0.50727_32 - ok15:21:41.0609 1852 [ FE69C498B922CE835E2E2123FBD0A272 ] CLTNetCnService C:Program FilesCommon FilesSymantec SharedccSvcHst.exe15:21:41.0609 1852 CLTNetCnService - ok15:21:41.0609 1852 CmdIde - ok15:21:41.0625 1852 COMSysApp - ok15:21:41.0640 1852 Cpqarray - ok15:21:41.0656 1852 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:WINDOWSSystem32cryptsvc.dll15:21:41.0656 1852 CryptSvc - ok15:21:41.0671 1852 [ 23D6D320C0D236784EF0CCF7CBF6C1C0 ] ctac32k C:WINDOWSsystem32driversctac32k.sys15:21:41.0687 1852 ctac32k - ok15:21:41.0703 1852 [ 16693A385321CEAC8F24A53070EFC378 ] ctaud2k C:WINDOWSsystem32driversctaud2k.sys15:21:41.0718 1852 ctaud2k - ok15:21:41.0734 1852 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:WINDOWSsystem32DRIVERSctljystk.sys15:21:41.0734 1852 ctljystk - ok15:21:41.0750 1852 [ 53B99368D26AB1BE9C3842976DF5543C ] ctprxy2k C:WINDOWSsystem32driversctprxy2k.sys15:21:41.0750 1852 ctprxy2k - ok15:21:41.0765 1852 [ 73746E147E50249B790BC631891063B5 ] ctsfm2k C:WINDOWSsystem32driversctsfm2k.sys15:21:41.0781 1852 ctsfm2k - ok15:21:41.0781 1852 cxtcqfms - ok15:21:41.0781 1852 dac2w2k - ok15:21:41.0796 1852 dac960nt - ok15:21:41.0828 1852 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:WINDOWSsystem32rpcss.dll15:21:41.0843 1852 DcomLaunch - ok15:21:41.0843 1852 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:WINDOWSSystem32dhcpcsvc.dll15:21:41.0843 1852 Dhcp - ok15:21:41.0859 1852 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:WINDOWSsystem32DRIVERSdisk.sys15:21:41.0859 1852 Disk - ok15:21:41.0906 1852 [ 7496908263A7C08DD8CCA9BADF053EE1 ] Diskeeper C:Program FilesDiskeeper CorporationDiskeeperDkService.exe15:21:41.0906 1852 Diskeeper - ok15:21:41.0921 1852 dmadmin - ok15:21:41.0953 1852 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:WINDOWSsystem32driversdmboot.sys15:21:41.0968 1852 dmboot - ok15:21:41.0984 1852 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:WINDOWSsystem32driversdmio.sys15:21:41.0984 1852 dmio - ok15:21:42.0000 1852 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:WINDOWSsystem32driversdmload.sys15:21:42.0000 1852 dmload - ok15:21:42.0015 1852 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:WINDOWSSystem32dmserver.dll15:21:42.0015 1852 dmserver - ok15:21:42.0031 1852 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:WINDOWSsystem32driversDMusic.sys15:21:42.0031 1852 DMusic - ok15:21:42.0062 1852 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:WINDOWSSystem32dnsrslvr.dll15:21:42.0062 1852 Dnscache - ok15:21:42.0093 1852 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:WINDOWSSystem32dot3svc.dll15:21:42.0093 1852 Dot3svc - ok15:21:42.0109 1852 dpti2o - ok15:21:42.0109 1852 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:WINDOWSsystem32driversdrmkaud.sys15:21:42.0109 1852 drmkaud - ok15:21:42.0140 1852 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:WINDOWSSystem32eapsvc.dll15:21:42.0140 1852 EapHost - ok15:21:42.0187 1852 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys15:21:42.0187 1852 eeCtrl - ok15:21:42.0218 1852 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:WINDOWSsystem32driversemu10k1m.sys15:21:42.0234 1852 emu10k - ok15:21:42.0250 1852 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:WINDOWSsystem32driversctlfacem.sys15:21:42.0250 1852 emu10k1 - ok15:21:42.0281 1852 [ A75959F10B6B536982F872B55FC6CE27 ] emupia C:WINDOWSsystem32driversemupia2k.sys15:21:42.0281 1852 emupia - ok15:21:42.0312 1852 [ BDD170FECB0E496A914318009D85B819 ] ENTECH C:WINDOWSsystem32DRIVERSENTECH.SYS15:21:42.0312 1852 ENTECH - ok15:21:42.0328 1852 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys15:21:42.0343 1852 EraserUtilRebootDrv - ok15:21:42.0359 1852 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:WINDOWSSystem32ersvc.dll15:21:42.0359 1852 ERSvc - ok15:21:42.0390 1852 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:WINDOWSsystem32services.exe15:21:42.0390 1852 Eventlog - ok15:21:42.0406 1852 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:WINDOWSSystem32es.dll15:21:42.0406 1852 EventSystem - ok15:21:42.0421 1852 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:WINDOWSsystem32driversFastfat.sys15:21:42.0421 1852 Fastfat - ok15:21:42.0453 1852 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:WINDOWSSystem32shsvcs.dll15:21:42.0453 1852 FastUserSwitchingCompatibility - ok15:21:42.0468 1852 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:WINDOWSsystem32DRIVERSfdc.sys15:21:42.0484 1852 Fdc - ok15:21:42.0515 1852 [ D75A1D52DF38F68501A54658F7B862F7 ] FGUARD32 D:Program FilesFolder GuardFGUARD32.SYS15:21:42.0515 1852 FGUARD32 - ok15:21:42.0531 1852 [ 711E55000153B1F03B193087DEB82AEA ] FileDisk C:WINDOWSsystem32driversFileDisk.sys15:21:42.0546 1852 FileDisk - ok15:21:42.0562 1852 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:WINDOWSsystem32driversFips.sys15:21:42.0562 1852 Fips - ok15:21:42.0593 1852 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:WINDOWSsystem32DRIVERSflpydisk.sys15:21:42.0593 1852 Flpydisk - ok15:21:42.0609 1852 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:WINDOWSsystem32driversfltmgr.sys15:21:42.0609 1852 FltMgr - ok15:21:42.0625 1852 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe15:21:42.0640 1852 FontCache3.0.0.0 - ok15:21:42.0656 1852 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:WINDOWSsystem32driversFs_Rec.sys15:21:42.0656 1852 Fs_Rec - ok15:21:42.0671 1852 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:WINDOWSsystem32DRIVERSftdisk.sys15:21:42.0671 1852 Ftdisk - ok15:21:42.0687 1852 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:WINDOWSsystem32DRIVERSgameenum.sys15:21:42.0687 1852 gameenum - ok15:21:42.0718 1852 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:WINDOWSsystem32DRIVERSmsgpc.sys15:21:42.0718 1852 Gpc - ok15:21:42.0734 1852 [ BCB3281BFC4EEB8D82932669490013CD ] ha10kx2k C:WINDOWSsystem32driversha10kx2k.sys15:21:42.0765 1852 ha10kx2k - ok15:21:42.0796 1852 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:WINDOWSPCHealthHelpCtrBinariespchsvc.dll15:21:42.0796 1852 helpsvc - ok15:21:42.0812 1852 HidServ - ok15:21:42.0828 1852 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:WINDOWSSystem32kmsvc.dll15:21:42.0828 1852 hkmsvc - ok15:21:42.0843 1852 hpn - ok15:21:42.0859 1852 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:WINDOWSsystem32DRIVERSHPZid412.sys15:21:42.0859 1852 HPZid412 - ok15:21:42.0875 1852 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:WINDOWSsystem32DRIVERSHPZipr12.sys15:21:42.0875 1852 HPZipr12 - ok15:21:42.0875 1852 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:WINDOWSsystem32DRIVERSHPZius12.sys15:21:42.0890 1852 HPZius12 - ok15:21:42.0906 1852 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:WINDOWSsystem32DriversHTTP.sys15:21:42.0921 1852 HTTP - ok15:21:42.0937 1852 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:WINDOWSSystem32w3ssl.dll15:21:42.0937 1852 HTTPFilter - ok15:21:42.0953 1852 i2omgmt - ok15:21:42.0953 1852 i2omp - ok15:21:42.0968 1852 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:WINDOWSsystem32DRIVERSi8042prt.sys15:21:42.0968 1852 i8042prt - ok15:21:43.0000 1852 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe15:21:43.0046 1852 idsvc - ok15:21:43.0062 1852 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:WINDOWSsystem32DRIVERSimapi.sys15:21:43.0062 1852 Imapi - ok15:21:43.0093 1852 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:WINDOWSsystem32imapi.exe15:21:43.0093 1852 ImapiService - ok15:21:43.0093 1852 ini910u - ok15:21:43.0109 1852 IntelIde - ok15:21:43.0125 1852 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:WINDOWSsystem32driversip6fw.sys15:21:43.0140 1852 ip6fw - ok15:21:43.0140 1852 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:WINDOWSsystem32DRIVERSipfltdrv.sys15:21:43.0156 1852 IpFilterDriver - ok15:21:43.0171 1852 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:WINDOWSsystem32DRIVERSipinip.sys15:21:43.0171 1852 IpInIp - ok15:21:43.0203 1852 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:WINDOWSsystem32DRIVERSipnat.sys15:21:43.0203 1852 IpNat - ok15:21:43.0203 1852 ipqxrl - ok15:21:43.0218 1852 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:WINDOWSsystem32DRIVERSipsec.sys15:21:43.0218 1852 IPSec - ok15:21:43.0218 1852 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:WINDOWSsystem32DRIVERSirenum.sys15:21:43.0234 1852 IRENUM - ok15:21:43.0250 1852 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:WINDOWSsystem32DRIVERSisapnp.sys15:21:43.0250 1852 isapnp - ok15:21:43.0296 1852 [ 31E4D7875FF05D9F81C2ABDF48F51B11 ] ISPwdSvc C:Program FilesNorton AntivirusisPwdSvc.exe15:21:43.0312 1852 ISPwdSvc - ok15:21:43.0328 1852 JavaQuickStarterService - ok15:21:43.0343 1852 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:WINDOWSsystem32DRIVERSkbdclass.sys15:21:43.0359 1852 Kbdclass - ok15:21:43.0359 1852 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:WINDOWSsystem32driverskmixer.sys15:21:43.0375 1852 kmixer - ok15:21:43.0375 1852 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:WINDOWSsystem32driversKSecDD.sys15:21:43.0375 1852 KSecDD - ok15:21:43.0406 1852 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:WINDOWSSystem32srvsvc.dll15:21:43.0406 1852 lanmanserver - ok15:21:43.0437 1852 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:WINDOWSSystem32wkssvc.dll15:21:43.0437 1852 lanmanworkstation - ok15:21:43.0437 1852 lbrtfdc - ok15:21:43.0515 1852 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE15:21:43.0531 1852 LiveUpdate - ok15:21:43.0546 1852 [ FE69C498B922CE835E2E2123FBD0A272 ] LiveUpdate Notice Ex C:Program FilesCommon FilesSymantec SharedccSvcHst.exe15:21:43.0546 1852 LiveUpdate Notice Ex - ok15:21:43.0593 1852 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe15:21:43.0625 1852 LiveUpdate Notice Service - ok15:21:43.0656 1852 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:WINDOWSSystem32lmhsvc.dll15:21:43.0656 1852 LmHosts - ok15:21:43.0687 1852 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:Program FilesCommon FilesMotiveMcciCMService.exe15:21:43.0687 1852 McciCMService - ok15:21:43.0718 1852 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:WINDOWSSystem32msgsvc.dll15:21:43.0718 1852 Messenger - ok15:21:43.0765 1852 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe15:21:43.0765 1852 Microsoft Office Groove Audit Service - ok15:21:43.0796 1852 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:WINDOWSsystem32driversmnmdd.sys15:21:43.0796 1852 mnmdd - ok15:21:43.0812 1852 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:WINDOWSSystem32mnmsrvc.exe15:21:43.0828 1852 mnmsrvc - ok15:21:43.0843 1852 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:WINDOWSsystem32driversModem.sys15:21:43.0843 1852 Modem - ok15:21:43.0859 1852 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:WINDOWSsystem32DRIVERSmouclass.sys15:21:43.0875 1852 Mouclass - ok15:21:43.0875 1852 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:WINDOWSsystem32driversMountMgr.sys15:21:43.0875 1852 MountMgr - ok15:21:43.0906 1852 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe15:21:43.0921 1852 MozillaMaintenance - ok15:21:43.0937 1852 mraid35x - ok15:21:43.0953 1852 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:PROGRA~1COMMON~1MotiveMREMP50.SYS15:21:43.0968 1852 MREMP50 - ok15:21:43.0968 1852 MREMPR5 - ok15:21:43.0968 1852 MRENDIS5 - ok15:21:43.0984 1852 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:PROGRA~1COMMON~1MotiveMRESP50.SYS15:21:44.0000 1852 MRESP50 - ok15:21:44.0000 1852 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:WINDOWSsystem32DRIVERSmrxdav.sys15:21:44.0000 1852 MRxDAV - ok15:21:44.0046 1852 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:WINDOWSsystem32DRIVERSmrxsmb.sys15:21:44.0046 1852 MRxSmb - ok15:21:44.0062 1852 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:WINDOWSSystem32msdtc.exe15:21:44.0062 1852 MSDTC - ok15:21:44.0078 1852 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:WINDOWSsystem32driversMsfs.sys15:21:44.0078 1852 Msfs - ok15:21:44.0093 1852 MSIServer - ok15:21:44.0109 1852 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:WINDOWSsystem32driversMSKSSRV.sys15:21:44.0109 1852 MSKSSRV - ok15:21:44.0125 1852 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:WINDOWSsystem32driversMSPCLOCK.sys15:21:44.0125 1852 MSPCLOCK - ok15:21:44.0140 1852 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:WINDOWSsystem32driversMSPQM.sys15:21:44.0140 1852 MSPQM - ok15:21:44.0171 1852 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:WINDOWSsystem32DRIVERSmssmbios.sys15:21:44.0171 1852 mssmbios - ok15:21:44.0187 1852 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:WINDOWSsystem32driversmsmpu401.sys15:21:44.0187 1852 ms_mpu401 - ok15:21:44.0218 1852 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:WINDOWSsystem32DRIVERSASACPI.sys15:21:44.0218 1852 MTsensor - ok15:21:44.0234 1852 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:WINDOWSsystem32driversMup.sys15:21:44.0234 1852 Mup - ok15:21:44.0265 1852 [ 0102140028FAD045756796E1C685D695 ] napagent C:WINDOWSSystem32qagentrt.dll15:21:44.0281 1852 napagent - ok15:21:44.0328 1852 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120130128.004NAVENG.SYS15:21:44.0328 1852 NAVENG - ok15:21:44.0375 1852 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120130128.004NAVEX15.SYS15:21:44.0406 1852 NAVEX15 - ok15:21:44.0406 1852 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:WINDOWSsystem32driversNDIS.sys15:21:44.0406 1852 NDIS - ok15:21:44.0437 1852 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:WINDOWSsystem32DRIVERSndistapi.sys15:21:44.0437 1852 NdisTapi - ok15:21:44.0468 1852 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:WINDOWSsystem32DRIVERSndisuio.sys15:21:44.0468 1852 Ndisuio - ok15:21:44.0468 1852 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:WINDOWSsystem32DRIVERSndiswan.sys15:21:44.0484 1852 NdisWan - ok15:21:44.0500 1852 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:WINDOWSsystem32driversNDProxy.sys15:21:44.0500 1852 NDProxy - ok15:21:44.0531 1852 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:WINDOWSsystem32HPZinw12.dll15:21:44.0531 1852 Net Driver HPZ12 - ok15:21:44.0546 1852 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:WINDOWSsystem32DRIVERSnetbios.sys15:21:44.0546 1852 NetBIOS - ok15:21:44.0562 1852 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:WINDOWSsystem32DRIVERSnetbt.sys15:21:44.0578 1852 NetBT - ok15:21:44.0609 1852 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:WINDOWSsystem32netdde.exe15:21:44.0625 1852 NetDDE - ok15:21:44.0625 1852 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:WINDOWSsystem32netdde.exe15:21:44.0640 1852 NetDDEdsdm - ok15:21:44.0640 1852 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:WINDOWSsystem32lsass.exe15:21:44.0656 1852 Netlogon - ok15:21:44.0671 1852 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:WINDOWSSystem32netman.dll15:21:44.0671 1852 Netman - ok15:21:44.0687 1852 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe15:21:44.0703 1852 NetTcpPortSharing - ok15:21:44.0718 1852 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:WINDOWSsystem32DRIVERSnic1394.sys15:21:44.0718 1852 NIC1394 - ok15:21:44.0734 1852 [ 943337D786A56729263071623BBB9DE5 ] Nla C:WINDOWSSystem32mswsock.dll15:21:44.0734 1852 Nla - ok15:21:44.0750 1852 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:WINDOWSsystem32driversNpfs.sys15:21:44.0750 1852 Npfs - ok15:21:44.0765 1852 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:WINDOWSsystem32driversNtfs.sys15:21:44.0765 1852 Ntfs - ok15:21:44.0765 1852 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:WINDOWSSystem32lsass.exe15:21:44.0781 1852 NtLmSsp - ok15:21:44.0812 1852 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:WINDOWSsystem32ntmssvc.dll15:21:44.0812 1852 NtmsSvc - ok15:21:44.0828 1852 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:WINDOWSsystem32driversNull.sys15:21:44.0828 1852 Null - ok15:21:45.0000 1852 [ 625F0E2467F6800E1D939CF22F2F6C99 ] nv C:WINDOWSsystem32DRIVERSnv4_mini.sys15:21:45.0234 1852 nv - ok15:21:45.0250 1852 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:WINDOWSsystem32DRIVERSnvata.sys15:21:45.0250 1852 nvata - ok15:21:45.0265 1852 [ 2F4CA0052A50D122B9F0A2EFA52DFA67 ] NVENETFD C:WINDOWSsystem32DRIVERSNVENETFD.sys15:21:45.0281 1852 NVENETFD - ok15:21:45.0296 1852 [ EA98BFE4931BD13D747D647C1859796E ] nvgts C:WINDOWSsystem32DRIVERSnvgts.sys15:21:45.0296 1852 nvgts - ok15:21:45.0312 1852 [ 197779DDE275445AB253667832120EA7 ] nvnetbus C:WINDOWSsystem32DRIVERSnvnetbus.sys15:21:45.0312 1852 nvnetbus - ok15:21:45.0343 1852 [ E666A28CC51F04C7D972EF8AD4234BBA ] NVSvc C:WINDOWSsystem32nvsvc32.exe15:21:45.0343 1852 NVSvc - ok15:21:45.0390 1852 [ E7973587C80CC49DAD8E88AD45D2A1CC ] nvUpdatusService C:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe15:21:45.0406 1852 nvUpdatusService - ok15:21:45.0437 1852 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:WINDOWSsystem32DRIVERSnwlnkflt.sys15:21:45.0437 1852 NwlnkFlt - ok15:21:45.0453 1852 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:WINDOWSsystem32DRIVERSnwlnkfwd.sys15:21:45.0453 1852 NwlnkFwd - ok15:21:45.0500 1852 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE15:21:45.0546 1852 odserv - ok15:21:45.0562 1852 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:WINDOWSsystem32DRIVERSohci1394.sys15:21:45.0562 1852 ohci1394 - ok15:21:45.0578 1852 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE15:21:45.0625 1852 ose - ok15:21:45.0656 1852 [ 64DE7FDE0AAC66F721ADDD1E0394E664 ] ossrv C:WINDOWSsystem32driversctoss2k.sys15:21:45.0671 1852 ossrv - ok15:21:45.0687 1852 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:WINDOWSsystem32driversParport.sys15:21:45.0687 1852 Parport - ok15:21:45.0703 1852 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:WINDOWSsystem32driversPartMgr.sys15:21:45.0703 1852 PartMgr - ok15:21:45.0718 1852 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:WINDOWSsystem32driversParVdm.sys15:21:45.0718 1852 ParVdm - ok15:21:45.0734 1852 [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot C:WINDOWSsystem32driverspavboot.sys15:21:45.0734 1852 pavboot - ok15:21:45.0734 1852 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:WINDOWSsystem32DRIVERSpci.sys15:21:45.0734 1852 PCI - ok15:21:45.0750 1852 PCIDump - ok15:21:45.0750 1852 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:WINDOWSsystem32DRIVERSpciide.sys15:21:45.0750 1852 PCIIde - ok15:21:45.0781 1852 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:WINDOWSsystem32driversPcmcia.sys15:21:45.0781 1852 Pcmcia - ok15:21:45.0796 1852 PDCOMP - ok15:21:45.0796 1852 PDFRAME - ok15:21:45.0796 1852 PDRELI - ok15:21:45.0812 1852 PDRFRAME - ok15:21:45.0812 1852 perc2 - ok15:21:45.0828 1852 perc2hib - ok15:21:45.0843 1852 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:WINDOWSsystem32services.exe15:21:45.0859 1852 PlugPlay - ok15:21:45.0859 1852 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:WINDOWSsystem32HPZipm12.dll15:21:45.0859 1852 Pml Driver HPZ12 - ok15:21:45.0875 1852 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:WINDOWSsystem32lsass.exe15:21:45.0875 1852 PolicyAgent - ok15:21:45.0890 1852 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:WINDOWSsystem32DRIVERSraspptp.sys15:21:45.0890 1852 PptpMiniport - ok15:21:45.0906 1852 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:WINDOWSsystem32DRIVERSprocessr.sys15:21:45.0921 1852 Processor - ok15:21:45.0921 1852 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:WINDOWSsystem32lsass.exe15:21:45.0921 1852 ProtectedStorage - ok15:21:45.0937 1852 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:WINDOWSsystem32DRIVERSpsched.sys15:21:45.0937 1852 PSched - ok15:21:45.0968 1852 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:WINDOWSsystem32DRIVERSptilink.sys15:21:45.0968 1852 Ptilink - ok15:21:45.0968 1852 ql1080 - ok15:21:45.0984 1852 Ql10wnt - ok15:21:45.0984 1852 ql12160 - ok15:21:46.0000 1852 ql1240 - ok15:21:46.0000 1852 ql1280 - ok15:21:46.0015 1852 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:WINDOWSsystem32DRIVERSrasacd.sys15:21:46.0015 1852 RasAcd - ok15:21:46.0046 1852 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:WINDOWSSystem32rasauto.dll15:21:46.0046 1852 RasAuto - ok15:21:46.0062 1852 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:WINDOWSsystem32DRIVERSrasl2tp.sys15:21:46.0078 1852 Rasl2tp - ok15:21:46.0093 1852 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:WINDOWSSystem32rasmans.dll15:21:46.0093 1852 RasMan - ok15:21:46.0093 1852 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:WINDOWSsystem32DRIVERSraspppoe.sys15:21:46.0109 1852 RasPppoe - ok15:21:46.0125 1852 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:WINDOWSsystem32DRIVERSraspti.sys15:21:46.0125 1852 Raspti - ok15:21:46.0125 1852 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:WINDOWSsystem32DRIVERSrdbss.sys15:21:46.0125 1852 Rdbss - ok15:21:46.0140 1852 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:WINDOWSsystem32DRIVERSRDPCDD.sys15:21:46.0140 1852 RDPCDD - ok15:21:46.0156 1852 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:WINDOWSsystem32DRIVERSrdpdr.sys15:21:46.0156 1852 rdpdr - ok15:21:46.0171 1852 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:WINDOWSsystem32driversRDPWD.sys15:21:46.0187 1852 RDPWD - ok15:21:46.0203 1852 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:WINDOWSsystem32sessmgr.exe15:21:46.0218 1852 RDSessMgr - ok15:21:46.0234 1852 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:WINDOWSsystem32DRIVERSredbook.sys15:21:46.0250 1852 redbook - ok15:21:46.0265 1852 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:WINDOWSSystem32mprdim.dll15:21:46.0281 1852 RemoteAccess - ok15:21:46.0296 1852 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:WINDOWSsystem32regsvc.dll15:21:46.0296 1852 RemoteRegistry - ok15:21:46.0312 1852 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:WINDOWSSystem32locator.exe15:21:46.0312 1852 RpcLocator - ok15:21:46.0343 1852 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:WINDOWSSystem32rpcss.dll15:21:46.0343 1852 RpcSs - ok15:21:46.0359 1852 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:WINDOWSSystem32rsvp.exe15:21:46.0390 1852 RSVP - ok15:21:46.0406 1852 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:WINDOWSsystem32lsass.exe15:21:46.0406 1852 SamSs - ok15:21:46.0437 1852 [ 39763504067962108505BFF25F024345 ] SASDIFSV D:Program FilesSuperantispywareSASDIFSV.SYS15:21:46.0437 1852 SASDIFSV - ok15:21:46.0453 1852 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL D:Program FilesSuperantispywareSASKUTIL.SYS15:21:46.0453 1852 SASKUTIL - ok15:21:46.0468 1852 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:WINDOWSSystem32SCardSvr.exe15:21:46.0484 1852 SCardSvr - ok15:21:46.0500 1852 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:WINDOWSsystem32schedsvc.dll15:21:46.0500 1852 Schedule - ok15:21:46.0515 1852 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:WINDOWSsystem32DRIVERSsecdrv.sys15:21:46.0531 1852 Secdrv - ok15:21:46.0531 1852 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:WINDOWSSystem32seclogon.dll15:21:46.0546 1852 seclogon - ok15:21:46.0562 1852 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:WINDOWSsystem32sens.dll15:21:46.0562 1852 SENS - ok15:21:46.0578 1852 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:WINDOWSsystem32DRIVERSserenum.sys15:21:46.0578 1852 serenum - ok15:21:46.0593 1852 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:WINDOWSsystem32DRIVERSserial.sys15:21:46.0609 1852 Serial - ok15:21:46.0625 1852 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:WINDOWSsystem32driversSfloppy.sys15:21:46.0625 1852 Sfloppy - ok15:21:46.0656 1852 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:WINDOWSsystem32driverssfmanm.sys15:21:46.0656 1852 sfman - ok15:21:46.0687 1852 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:WINDOWSSystem32ipnathlp.dll15:21:46.0687 1852 SharedAccess - ok15:21:46.0703 1852 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:WINDOWSSystem32shsvcs.dll15:21:46.0703 1852 ShellHWDetection - ok15:21:46.0734 1852 [ 227E56633D6423E1F7D869618AC8404F ] Si3132r5 C:WINDOWSsystem32DRIVERSSi3132r5.sys15:21:46.0734 1852 Si3132r5 - ok15:21:46.0734 1852 [ DBDEE2A96F2F616726817373516CB0BD ] SiFilter C:WINDOWSsystem32DRIVERSSiWinAcc.sys15:21:46.0734 1852 SiFilter - ok15:21:46.0750 1852 Simbad - ok15:21:46.0750 1852 [ 3E6B438E5CB674A1382B2955AA98F637 ] SiRemFil C:WINDOWSsystem32DRIVERSSiRemFil.sys15:21:46.0750 1852 SiRemFil - ok15:21:46.0765 1852 Sparrow - ok15:21:46.0796 1852 [ CDEA9A0A0E547FEF4C44CCAE35A9B09C ] SPBBCDrv C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys15:21:46.0812 1852 SPBBCDrv - ok15:21:46.0828 1852 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:WINDOWSsystem32driverssplitter.sys15:21:46.0828 1852 splitter - ok15:21:46.0859 1852 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:WINDOWSsystem32spoolsv.exe15:21:46.0859 1852 Spooler - ok15:21:46.0875 1852 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:WINDOWSsystem32DRIVERSsr.sys15:21:46.0875 1852 sr - ok15:21:46.0890 1852 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:WINDOWSsystem32srsvc.dll15:21:46.0890 1852 srservice - ok15:21:46.0906 1852 [ 655773F2F1A3730C6CF20280A49F4EE1 ] SRTSP C:WINDOWSsystem32DriversSRTSP.SYS15:21:46.0906 1852 SRTSP - ok15:21:46.0921 1852 [ 2A0AAF370D4C6574A34AE2F4A0709CAE ] SRTSPL C:WINDOWSsystem32DriversSRTSPL.SYS15:21:46.0937 1852 SRTSPL - ok15:21:46.0953 1852 [ 3104BDCEACE2D5710776DD05E6A286C1 ] SRTSPX C:WINDOWSsystem32DriversSRTSPX.SYS15:21:46.0953 1852 SRTSPX - ok15:21:46.0968 1852 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:WINDOWSsystem32DRIVERSsrv.sys15:21:46.0968 1852 Srv - ok15:21:46.0968 1852 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:WINDOWSSystem32ssdpsrv.dll15:21:46.0968 1852 SSDPSRV - ok15:21:47.0000 1852 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:WINDOWSsystem32wiaservc.dll15:21:47.0000 1852 stisvc - ok15:21:47.0015 1852 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:WINDOWSsystem32DRIVERSswenum.sys15:21:47.0015 1852 swenum - ok15:21:47.0015 1852 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:WINDOWSsystem32driversswmidi.sys15:21:47.0031 1852 swmidi - ok15:21:47.0031 1852 SwPrv - ok15:21:47.0093 1852 [ FA2F6A8849219B16460BF44F9D1F3AA7 ] Symantec Core LC C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe15:21:47.0109 1852 Symantec Core LC - ok15:21:47.0140 1852 [ EFF5C2A0A06BCBFC5CF931C00CF6146D ] SymAppCore C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe15:21:47.0156 1852 SymAppCore - ok15:21:47.0156 1852 symc810 - ok15:21:47.0156 1852 symc8xx - ok15:21:47.0203 1852 [ 51B57CDA977170AC608D839DBFA1D3EE ] SYMDNS C:WINDOWSSystem32DriversSYMDNS.SYS15:21:47.0218 1852 SYMDNS - ok15:21:47.0234 1852 [ 06B95820DF51502099A8A15C93E87986 ] SymEvent C:WINDOWSsystem32DriversSYMEVENT.SYS15:21:47.0250 1852 SymEvent - ok15:21:47.0265 1852 [ A131D8360B01044517AA44529E2137D6 ] SYMFW C:WINDOWSSystem32DriversSYMFW.SYS15:21:47.0281 1852 SYMFW - ok15:21:47.0296 1852 [ 2B77868F02DAE02103380B824431B798 ] SYMIDS C:WINDOWSSystem32DriversSYMIDS.SYS15:21:47.0296 1852 SYMIDS - ok15:21:47.0359 1852 [ 2133D1F879B280121B0E6A7D34B24A02 ] SYMIDSCO C:PROGRA~1COMMON~1SYMANT~1SymcDataIDS-DI~120130124.001SymIDSCo.sys15:21:47.0359 1852 SYMIDSCO - ok15:21:47.0390 1852 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:WINDOWSsystem32driverssymlcbrd.sys15:21:47.0390 1852 symlcbrd - ok15:21:47.0406 1852 [ 799282F4A913CA51197C9CDD34D403D6 ] SYMNDIS C:WINDOWSSystem32DriversSYMNDIS.SYS15:21:47.0421 1852 SYMNDIS - ok15:21:47.0437 1852 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:WINDOWSSystem32DriversSYMREDRV.SYS15:21:47.0453 1852 SYMREDRV - ok15:21:47.0484 1852 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:WINDOWSSystem32DriversSYMTDI.SYS15:21:47.0484 1852 SYMTDI - ok15:21:47.0484 1852 sym_hi - ok15:21:47.0500 1852 sym_u3 - ok15:21:47.0500 1852 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:WINDOWSsystem32driverssysaudio.sys15:21:47.0515 1852 sysaudio - ok15:21:47.0531 1852 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:WINDOWSsystem32smlogsvc.exe15:21:47.0546 1852 SysmonLog - ok15:21:47.0562 1852 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:WINDOWSSystem32tapisrv.dll15:21:47.0562 1852 TapiSrv - ok15:21:47.0593 1852 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:WINDOWSsystem32DRIVERStcpip.sys15:21:47.0609 1852 Tcpip - ok15:21:47.0625 1852 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:WINDOWSsystem32driversTDPIPE.sys15:21:47.0640 1852 TDPIPE - ok15:21:47.0656 1852 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:WINDOWSsystem32driversTDTCP.sys15:21:47.0656 1852 TDTCP - ok15:21:47.0671 1852 [ 88155247177638048422893737429D9E ] TermDD C:WINDOWSsystem32DRIVERStermdd.sys15:21:47.0671 1852 TermDD - ok15:21:47.0687 1852 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:WINDOWSSystem32termsrv.dll15:21:47.0687 1852 TermService - ok15:21:47.0703 1852 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:WINDOWSSystem32shsvcs.dll15:21:47.0703 1852 Themes - ok15:21:47.0734 1852 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:WINDOWSSystem32tlntsvr.exe15:21:47.0734 1852 TlntSvr - ok15:21:47.0734 1852 TosIde - ok15:21:47.0750 1852 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:WINDOWSsystem32trkwks.dll15:21:47.0750 1852 TrkWks - ok15:21:47.0765 1852 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:WINDOWSsystem32driversUdfs.sys15:21:47.0781 1852 Udfs - ok15:21:47.0781 1852 ultra - ok15:21:47.0812 1852 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:WINDOWSsystem32wdfmgr.exe15:21:47.0812 1852 UMWdf - ok15:21:47.0828 1852 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:WINDOWSsystem32DRIVERSupdate.sys15:21:47.0828 1852 Update - ok15:21:47.0843 1852 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:WINDOWSSystem32upnphost.dll15:21:47.0859 1852 upnphost - ok15:21:47.0875 1852 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:WINDOWSSystem32ups.exe15:21:47.0875 1852 UPS - ok15:21:47.0906 1852 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:WINDOWSsystem32DRIVERSusbccgp.sys15:21:47.0906 1852 usbccgp - ok15:21:47.0921 1852 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:WINDOWSsystem32DRIVERSusbehci.sys15:21:47.0921 1852 usbehci - ok15:21:47.0921 1852 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:WINDOWSsystem32DRIVERSusbhub.sys15:21:47.0937 1852 usbhub - ok15:21:47.0953 1852 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:WINDOWSsystem32DRIVERSusbohci.sys15:21:47.0953 1852 usbohci - ok15:21:47.0953 1852 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:WINDOWSsystem32DRIVERSusbprint.sys15:21:47.0953 1852 usbprint - ok15:21:47.0968 1852 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:WINDOWSsystem32DRIVERSusbscan.sys15:21:47.0984 1852 usbscan - ok15:21:48.0000 1852 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:WINDOWSsystem32DRIVERSUSBSTOR.SYS15:21:48.0000 1852 USBSTOR - ok15:21:48.0015 1852 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:WINDOWSSystem32driversvga.sys15:21:48.0015 1852 VgaSave - ok15:21:48.0031 1852 ViaIde - ok15:21:48.0046 1852 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:WINDOWSsystem32driversVolSnap.sys15:21:48.0046 1852 VolSnap - ok15:21:48.0046 1852 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:WINDOWSSystem32vssvc.exe15:21:48.0062 1852 VSS - ok15:21:48.0078 1852 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:WINDOWSsystem32w32time.dll15:21:48.0078 1852 W32Time - ok15:21:48.0093 1852 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:WINDOWSsystem32DRIVERSwanarp.sys15:21:48.0093 1852 Wanarp - ok15:21:48.0109 1852 WDICA - ok15:21:48.0125 1852 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:WINDOWSsystem32driverswdmaud.sys15:21:48.0125 1852 wdmaud - ok15:21:48.0140 1852 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:WINDOWSSystem32webclnt.dll15:21:48.0140 1852 WebClient - ok15:21:48.0187 1852 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:WINDOWSsystem32wbemWMIsvc.dll15:21:48.0187 1852 winmgmt - ok15:21:48.0203 1852 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:WINDOWSsystem32MsPMSNSv.dll15:21:48.0218 1852 WmdmPmSN - ok15:21:48.0250 1852 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:WINDOWSSystem32advapi32.dll15:21:48.0250 1852 Wmi - ok15:21:48.0281 1852 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:WINDOWSSystem32wbemwmiapsrv.exe15:21:48.0281 1852 WmiApSrv - ok15:21:48.0296 1852 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:WINDOWSSystem32driversws2ifsl.sys15:21:48.0312 1852 WS2IFSL - ok15:21:48.0328 1852 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:WINDOWSsystem32wscsvc.dll15:21:48.0328 1852 wscsvc - ok15:21:48.0343 1852 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:WINDOWSsystem32wuauserv.dll15:21:48.0343 1852 wuauserv - ok15:21:48.0359 1852 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:WINDOWSSystem32wzcsvc.dll15:21:48.0390 1852 WZCSVC - ok15:21:48.0421 1852 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:WINDOWSSystem32xmlprov.dll15:21:48.0421 1852 xmlprov - ok15:21:48.0453 1852 [ 87F126D0F8DC176B282924DF0417075E ] yukonwxp C:WINDOWSsystem32DRIVERSyk51x86.sys15:21:48.0468 1852 yukonwxp - ok15:21:48.0468 1852 ================ Scan global ===============================15:21:48.0515 1852 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:WINDOWSsystem32basesrv.dll15:21:48.0546 1852 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:WINDOWSsystem32winsrv.dll15:21:48.0546 1852 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:WINDOWSsystem32winsrv.dll15:21:48.0562 1852 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:WINDOWSsystem32services.exe15:21:48.0562 1852 [Global] - ok15:21:48.0578 1852 ================ Scan MBR ==================================15:21:48.0578 1852 [ 8F558EB6672622401DA993E1E865C861 ] DeviceHarddisk0DR015:21:48.0671 1852 DeviceHarddisk0DR0 - ok15:21:48.0671 1852 ================ Scan VBR ==================================15:21:48.0671 1852 [ BE239BF6670DF7E7D8E08B7A8746062A ] DeviceHarddisk0DR0Partition115:21:48.0671 1852 DeviceHarddisk0DR0Partition1 - ok15:21:48.0687 1852 [ 3730A60D232AE494BE0F99A83109F2FD ] DeviceHarddisk0DR0Partition215:21:48.0687 1852 DeviceHarddisk0DR0Partition2 - ok15:21:48.0687 1852 ============================================================15:21:48.0687 1852 Scan finished15:21:48.0687 1852 ============================================================15:21:48.0703 2160 Detected object count: 015:21:48.0703 2160 Actual detected object count: 0

Link to comment
Share on other sites

that looks good.

 

Let's get an online scan:

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • [*]Please go
here then click on: Posted Image

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

[*]Select the option YES, I accept the Terms of Use then click on: Posted Image [*]When prompted allow the Add-On/Active X to install. [*]Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. [*]Now click on Advanced Settings and select the following:

  • [*]
    • [*]
Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth Technology

[*]Now click on: Posted Image [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: Posted Image [*]Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt. [*]Copy and paste that log as a reply to this topic.


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

Link to comment
Share on other sites

Internet is back for now. Here is the malwarebytes log

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.01.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
M1918A1 :: USM1918A1 [administrator]

1/31/2013 10:53:35 PM
mbam-log-2013-01-31 (22-53-35).txt

Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297999
Time elapsed: 36 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLMSOFTWAREMicrosoftSecurity Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLMSOFTWAREMicrosoftSecurity Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLMSOFTWAREMicrosoftSecurity Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to comment
Share on other sites

Hmmm.... nothing blocking there.

 

Please try ESET online again.

 

If it still will not run... then please run this tool:

 

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.


Link to comment
Share on other sites

Still won't load the other one

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2013-02-01 08:37:03-----------------------------08:37:03.348 OS Version: Windows 5.1.2600 Service Pack 308:37:03.348 Number of processors: 1 586 0x270108:37:03.348 ComputerName: USM1918A1 UserName: M1918A108:37:04.551 Initialize success08:40:47.332 AVAST engine defs: 1302010008:42:36.504 Disk 0 (boot) DeviceHarddisk0DR0 -> Device0000008708:42:36.504 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 308:42:36.520 Disk 0 MBR read successfully08:42:36.520 Disk 0 MBR scan08:42:36.535 Disk 0 Windows XP default MBR code08:42:36.535 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 6308:42:36.535 Disk 0 Partition - 00 0F Extended LBA 570472 MB offset 8191543508:42:36.551 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 570472 MB offset 8191549808:42:36.551 Disk 0 scanning sectors +125024256008:42:36.613 Disk 0 scanning C:WINDOWSsystem32drivers08:42:47.863 Service scanning08:42:59.770 Modules scanning08:43:02.598 Disk 0 trace - called modules:08:43:02.598 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys08:43:02.598 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8a96cab8]08:43:02.598 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> Device00000088[0x8a99d218]08:43:02.598 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> Device00000087[0x8a92e030]08:43:02.895 AVAST engine scan C:WINDOWS08:43:08.910 AVAST engine scan C:WINDOWSsystem3208:45:09.160 AVAST engine scan C:WINDOWSsystem32drivers08:45:20.035 AVAST engine scan C:Documents and SettingsM1918A108:46:08.770 AVAST engine scan C:Documents and SettingsAll Users08:50:18.082 Scan finished successfully08:50:27.207 Disk 0 MBR has been saved successfully to "C:Documents and SettingsM1918A1DesktopMBR.dat"08:50:27.207 The log file has been saved successfully to "C:Documents and SettingsM1918A1DesktopaswMBR.txt"

 

MBR.zip

Link to comment
Share on other sites

Combofix log

 

 

ComboFix 13-02-01.04 - M1918A1 02/01/2013 15:38:23.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1356 [GMT -5:00]
Running from: c:documents and settingsM1918A1DesktopComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))
.
.
2013-01-29 13:49 . 2013-01-30 13:25 153104 ----a-w- c:windowssystem32driverstmcomm.sys
2013-01-27 03:22 . 2013-01-27 03:22 -------- d-----w- c:program filesAGEIA Technologies
2013-01-27 03:21 . 2012-12-29 10:31 889784 ----a-w- c:windowssystem32nvdispgenco32.dll
2013-01-27 03:21 . 2012-12-29 10:31 6066176 ----a-w- c:windowssystem32nvopencl.dll
2013-01-26 00:53 . 2009-06-30 15:37 28552 ----a-w- c:windowssystem32driverspavboot.sys
2013-01-26 00:53 . 2013-01-26 00:53 -------- d-----w- c:program filesPanda Security
2013-01-26 00:51 . 2013-01-26 00:51 -------- d-----w- c:documents and settingsM1918A1Application DataQuickScan
2013-01-26 00:39 . 2013-01-27 18:17 -------- d-----w- C:TDSSKiller_Quarantine
2013-01-24 09:08 . 2013-01-24 09:08 10344 ----a-w- c:windowssystem32driverssymlcbrd.sys
2013-01-24 09:03 . 2013-01-24 09:03 -------- d-----w- c:program filesWestern Digital Corporation
2013-01-23 19:00 . 2013-01-24 19:08 -------- d-----w- c:program filesOcean Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 14:03 . 2002-08-29 08:41 135680 ----a-w- c:windowssystem32taskmgr.exe
2013-01-29 14:03 . 2012-05-19 10:52 69120 ----a-w- c:windowsnotepad.exe
2013-01-29 14:03 . 2001-08-23 12:00 1414656 ----a-w- c:windowssystem32mmc.exe
2013-01-09 01:34 . 2012-05-19 16:02 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-01-09 01:34 . 2012-05-19 16:02 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2012-12-29 10:31 . 2012-05-19 16:46 1985976 ----a-w- c:windowssystem32nvcuvenc.dll
2012-12-29 10:31 . 2012-05-19 16:46 17551360 ----a-w- c:windowssystem32nvcompiler.dll
2012-12-29 10:31 . 2012-05-19 16:46 1017272 ----a-w- c:windowssystem32nvdispco32.dll
2012-12-29 10:31 . 2009-02-09 17:18 7716864 ----a-w- c:windowssystem32nvcuda.dll
2012-12-29 10:31 . 2009-02-09 17:18 4154752 ----a-w- c:windowssystem32nv4_disp.dll
2012-12-29 10:31 . 2009-02-09 17:18 2725304 ----a-w- c:windowssystem32nvcuvid.dll
2012-12-29 10:31 . 2009-02-09 17:18 2448384 ----a-w- c:windowssystem32nvapi.dll
2012-12-29 10:31 . 2009-02-09 17:18 19570688 ----a-w- c:windowssystem32nvoglnt.dll
2012-12-29 10:31 . 2009-02-09 17:18 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys
2012-12-29 08:07 . 2009-02-09 17:18 54272 ----a-w- c:windowssystem32nvwddi.dll
2012-12-29 08:07 . 2009-02-09 17:18 157112 ----a-w- c:windowssystem32nvsvc32.exe
2012-12-29 08:07 . 2009-02-09 17:18 15635896 ----a-w- c:windowssystem32nvcpl.dll
2012-12-29 08:07 . 2009-02-09 17:18 108984 ----a-w- c:windowssystem32nvmctray.dll
2012-12-29 08:07 . 2009-02-09 17:18 144312 ----a-w- c:windowssystem32nvcolor.exe
2012-12-16 12:23 . 2001-08-23 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2012-12-14 21:49 . 2012-09-24 14:24 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-11-13 01:25 . 2002-08-29 07:14 1866368 ----a-w- c:windowssystem32win32k.sys
2012-11-06 02:01 . 2012-05-19 15:43 1371648 ----a-w- c:windowssystem32msxml6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2013-01-29 6673752]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ccApp"="c:program filesCommon FilesSymantec SharedccApp.exe" [2007-01-10 115816]
"FG_Monitor"="d:program filesFolder GuardFGKey.exe" [2013-01-29 206152]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2012-12-29 15635896]
.
c:documents and settingsM1918A1Start MenuProgramsStartup
ctfmon.lnk.disabled [2012-9-24 1066]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:program filesSuperantispywareSASSEH.DLL" [2011-07-19 113024]
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"MSMSGS"="c:program filesMessengermsmsgs.exe" /background
"Microsoft Help"=rundll32.exe "c:documents and settingsM1918A1Local SettingsApplication DataVid-SaverMicrosoft Helpxnbiqwby.dll",RunServiceW
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe"
"NvCplDaemon"=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe"
"Symantec PIF AlertEng"="c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
"nwiz"=c:program filesNVIDIA Corporationnviewnwiz.exe /installquiet
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesWindows LiveMessengermsnmsgr.exe"=
"d:Program FilesuTorrentutorrent.exe"=
"c:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe"=
.
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [1/25/2013 7:53 PM 28552]
R1 SASDIFSV;SASDIFSV;d:program filesSuperantispywaresasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;d:program filesSuperantispywareSASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;d:program filesSuperantispywareSASCORE.EXE [8/11/2011 6:38 PM 116608]
R2 FGUARD32;FGUARD32;d:program filesFolder GuardFGUARD32.SYS [5/19/2012 1:32 PM 54480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [1/24/2013 2:13 PM 106656]
S0 cxtcqfms;cxtcqfms;c:windowssystem32driversituwhrti.sys --> c:windowssystem32driversituwhrti.sys [?]
S0 ipqxrl;ipqxrl;c:windowssystem32driversplwf.sys --> c:windowssystem32driversplwf.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 26635052
*NewlyCreated* - 61425257
*NewlyCreated* - ASWMBR
*Deregistered* - 26635052
*Deregistered* - 61425257
*Deregistered* - aswMBR
*Deregistered* - tmcomm
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-01 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-05-19 01:34]
.
2013-01-29 c:windowsTasksNorton AntiVirus - Run Full System Scan - M1918A1.job
- c:program filesNorton AntivirusNavw32.exe [2007-01-14 09:09]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:program filesGoogleGoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:program filesGoogleGoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - d:progra~2MICROS~1Office12EXCEL.EXE/3000
IE: Similar Pages - c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:program filesGoogleGoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 166.102.165.13 207.91.5.20 192.168.254.254
FF - ProfilePath - c:documents and settingsM1918A1Application DataMozillaFirefoxProfilesy57ek6fj.default
.
.
------- File Associations -------
.
.txt=GetDiz.Document
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-01 15:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2520)
c:windowssystem32WININET.dll
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
Completion time: 2013-02-01 15:42:48
ComboFix-quarantined-files.txt 2013-02-01 20:42
ComboFix2.txt 2013-01-29 10:30
ComboFix3.txt 2013-01-29 03:55
ComboFix4.txt 2013-01-23 20:47
ComboFix5.txt 2013-02-01 20:37
.
Pre-Run: 24,972,312,576 bytes free
Post-Run: 25,035,673,600 bytes free
.
- - End Of File - - DAB9A7AFE7390FBDDFD977C854003FDD

Link to comment
Share on other sites

OK... Let's try a script:

 

COMBOFIX-Script

  • [*]Please open
Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Folder::c:documents and settingsM1918A1Local SettingsApplication DataVid-SaverRegistry::[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]"Microsoft Help"= -Driver::cxtcqfmsipqxrl
[*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Posted Image [*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. [*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. [*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Link to comment
Share on other sites

ComboFix 13-02-01.04 - M1918A1 02/01/2013 23:30:56.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1373 [GMT -5:00]
Running from: c:documents and settingsM1918A1DesktopComboFix.exe
Command switches used :: c:documents and settingsM1918A1DesktopCFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------Service_cxtcqfms
-------Service_ipqxrl
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-01-29 13:49 . 2013-01-30 13:25 153104 ----a-w- c:windowssystem32driverstmcomm.sys
2013-01-27 03:22 . 2013-01-27 03:22 -------- d-----w- c:program filesAGEIA Technologies
2013-01-27 03:21 . 2012-12-29 10:31 889784 ----a-w- c:windowssystem32nvdispgenco32.dll
2013-01-27 03:21 . 2012-12-29 10:31 6066176 ----a-w- c:windowssystem32nvopencl.dll
2013-01-26 00:53 . 2009-06-30 15:37 28552 ----a-w- c:windowssystem32driverspavboot.sys
2013-01-26 00:53 . 2013-01-26 00:53 -------- d-----w- c:program filesPanda Security
2013-01-26 00:51 . 2013-01-26 00:51 -------- d-----w- c:documents and settingsM1918A1Application DataQuickScan
2013-01-26 00:39 . 2013-01-27 18:17 -------- d-----w- C:TDSSKiller_Quarantine
2013-01-24 09:08 . 2013-01-24 09:08 10344 ----a-w- c:windowssystem32driverssymlcbrd.sys
2013-01-24 09:03 . 2013-01-24 09:03 -------- d-----w- c:program filesWestern Digital Corporation
2013-01-23 19:00 . 2013-01-24 19:08 -------- d-----w- c:program filesOcean Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 14:03 . 2002-08-29 08:41 135680 ----a-w- c:windowssystem32taskmgr.exe
2013-01-29 14:03 . 2012-05-19 10:52 69120 ----a-w- c:windowsnotepad.exe
2013-01-29 14:03 . 2001-08-23 12:00 1414656 ----a-w- c:windowssystem32mmc.exe
2013-01-09 01:34 . 2012-05-19 16:02 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-01-09 01:34 . 2012-05-19 16:02 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2012-12-29 10:31 . 2012-05-19 16:46 1985976 ----a-w- c:windowssystem32nvcuvenc.dll
2012-12-29 10:31 . 2012-05-19 16:46 17551360 ----a-w- c:windowssystem32nvcompiler.dll
2012-12-29 10:31 . 2012-05-19 16:46 1017272 ----a-w- c:windowssystem32nvdispco32.dll
2012-12-29 10:31 . 2009-02-09 17:18 7716864 ----a-w- c:windowssystem32nvcuda.dll
2012-12-29 10:31 . 2009-02-09 17:18 4154752 ----a-w- c:windowssystem32nv4_disp.dll
2012-12-29 10:31 . 2009-02-09 17:18 2725304 ----a-w- c:windowssystem32nvcuvid.dll
2012-12-29 10:31 . 2009-02-09 17:18 2448384 ----a-w- c:windowssystem32nvapi.dll
2012-12-29 10:31 . 2009-02-09 17:18 19570688 ----a-w- c:windowssystem32nvoglnt.dll
2012-12-29 10:31 . 2009-02-09 17:18 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys
2012-12-29 08:07 . 2009-02-09 17:18 54272 ----a-w- c:windowssystem32nvwddi.dll
2012-12-29 08:07 . 2009-02-09 17:18 157112 ----a-w- c:windowssystem32nvsvc32.exe
2012-12-29 08:07 . 2009-02-09 17:18 15635896 ----a-w- c:windowssystem32nvcpl.dll
2012-12-29 08:07 . 2009-02-09 17:18 108984 ----a-w- c:windowssystem32nvmctray.dll
2012-12-29 08:07 . 2009-02-09 17:18 144312 ----a-w- c:windowssystem32nvcolor.exe
2012-12-16 12:23 . 2001-08-23 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2012-12-14 21:49 . 2012-09-24 14:24 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-11-13 01:25 . 2002-08-29 07:14 1866368 ----a-w- c:windowssystem32win32k.sys
2012-11-06 02:01 . 2012-05-19 15:43 1371648 ----a-w- c:windowssystem32msxml6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2013-01-29 6673752]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ccApp"="c:program filesCommon FilesSymantec SharedccApp.exe" [2007-01-10 115816]
"FG_Monitor"="d:program filesFolder GuardFGKey.exe" [2013-01-29 206152]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2012-12-29 15635896]
.
c:documents and settingsM1918A1Start MenuProgramsStartup
ctfmon.lnk.disabled [2012-9-24 1066]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:program filesSuperantispywareSASSEH.DLL" [2011-07-19 113024]
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"MSMSGS"="c:program filesMessengermsmsgs.exe" /background
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe"
"NvCplDaemon"=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe"
"Symantec PIF AlertEng"="c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
"nwiz"=c:program filesNVIDIA Corporationnviewnwiz.exe /installquiet
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesWindows LiveMessengermsnmsgr.exe"=
"d:Program FilesuTorrentutorrent.exe"=
"c:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe"=
.
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [1/25/2013 7:53 PM 28552]
R1 SASDIFSV;SASDIFSV;d:program filesSuperantispywaresasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;d:program filesSuperantispywareSASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;d:program filesSuperantispywareSASCORE.EXE [8/11/2011 6:38 PM 116608]
R2 FGUARD32;FGUARD32;d:program filesFolder GuardFGUARD32.SYS [5/19/2012 1:32 PM 54480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [1/24/2013 2:13 PM 106656]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-05-19 01:34]
.
2013-01-29 c:windowsTasksNorton AntiVirus - Run Full System Scan - M1918A1.job
- c:program filesNorton AntivirusNavw32.exe [2007-01-14 09:09]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:program filesGoogleGoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:program filesGoogleGoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - d:progra~2MICROS~1Office12EXCEL.EXE/3000
IE: Similar Pages - c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:program filesGoogleGoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 166.102.165.13 207.91.5.20 192.168.254.254
FF - ProfilePath - c:documents and settingsM1918A1Application DataMozillaFirefoxProfilesy57ek6fj.default
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-01 23:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(776)
c:windowssystem32WININET.dll
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:program filesSymantecLiveUpdateALUSchedulerSvc.exe
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:program filesDiskeeper CorporationDiskeeperDkService.exe
c:program filesCommon FilesMotiveMcciCMService.exe
c:windowssystem32nvsvc32.exe
c:program filesNVIDIA CorporationNVIDIA Update Coredaemonu.exe
c:windowssystem32wdfmgr.exe
c:?c:windowssystem32WBEMWMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-02-01 23:39:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-02 04:39
ComboFix2.txt 2013-02-01 20:42
ComboFix3.txt 2013-01-29 10:30
ComboFix4.txt 2013-01-29 03:55
ComboFix5.txt 2013-02-02 04:30
.
Pre-Run: 25,004,576,768 bytes free
Post-Run: 25,016,221,696 bytes free
.
- - End Of File - - 5ECA9942B685965A540FEC85AC642970

Link to comment
Share on other sites

Let's try one more tool.

Please download the Kaspersky Virus Removal Tool save to your Desktop.

[*]Double-click the setup file to install the utility.

[*]Click Next to continue.

[*]It will install by default to your desktop folder. Click Next.

[*]A box will open with a tab that says Automatic scan.

[*]Under Automatic scan make sure these are checked.

[*]System Memory

[*]Startup Objects

[*]Disk Boot Sectors

[*]My Computer

[*]Any other drives (except CD-ROM drives)

[*]Click on the Scan button.

[*]If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).

[*]After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.

[*]In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).

[*]If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.

[*]In the Scan window click the Reports button, name the report AVPT.txt and select Save to file.

[*]This tool should uninstall when you close it so please save the report log before closing.

[*]When done, close the Kaspersky Virus Removal Tool.

[*]You will be prompted if you want to uninstall the program. Click Yes.

[*]You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.

[*]Copy and paste only the first part of the report (Detected) in your next reply. Do not include the longer list marked Events.

-- If you cannot run the Kaspersky AVP Removal Tool in normal mode, then try using it in "safe mode".

Link to comment
Share on other sites

This is the only log that I got

 

Status: Deleted (events: 25) 2/2/2013 12:17:27 PM Deleted virus Virus.Win32.Sality.gen C:Documents and SettingsAll UsersDocumentsComboFix.exe//UPX//iexplore.exe High 2/2/2013 12:17:27 PM Deleted virus Virus.Win32.Sality.gen C:Documents and SettingsAll UsersDocumentsComboFix.exe//UPX High 2/2/2013 12:17:27 PM Deleted virus Virus.Win32.Sality.gen C:Documents and SettingsAll UsersDocumentsComboFix.exe High 2/2/2013 12:20:46 PM Deleted virus Virus.Win32.Sality.gen C:Documents and SettingsM1918A1Desktopx.exe//UPX//iexplore.exe High 2/2/2013 12:20:46 PM Deleted virus Virus.Win32.Sality.gen C:Documents and SettingsM1918A1Desktopx.exe//UPX High 2/2/2013 12:20:46 PM Deleted virus Virus.Win32.Sality.gen C:Documents and SettingsM1918A1Desktopx.exe High 2/2/2013 1:01:23 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:Documents and SettingsM1918A1Local SettingsApplication DataSunJavaDeploymentcache6.03972e1e0e7-25219240 High 2/2/2013 1:01:24 PM Deleted Trojan program Trojan.Win32.AutoRun.gen C:QooboxAutorun.inf High 2/2/2013 1:01:26 PM Deleted Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineCautorun.inf.vir High 2/2/2013 1:01:23 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091761.exe//UPX//iexplore.exe High 2/2/2013 1:01:23 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091761.exe//UPX High 2/2/2013 1:01:23 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091761.exe High 2/2/2013 1:09:30 PM Deleted Trojan program Trojan.Win32.Genome.ajctw C:QooboxQuarantineCDocuments and SettingsM1918A1Local SettingsApplication DataVid-SaverMicrosoft Helpxnbiqwby.dll.vir High 2/2/2013 1:09:29 PM Deleted Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineDAutorun.inf.vir High 2/2/2013 1:10:01 PM Deleted Trojan program Trojan.WinREG.Agent.w C:QooboxQuarantineRegistry_backupsService_amsint32.reg.dat High 2/2/2013 1:10:15 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091809.exe//UPX//iexplore.exe High 2/2/2013 1:10:15 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091809.exe//UPX High 2/2/2013 1:10:15 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091809.exe High 2/2/2013 1:11:35 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP290A0094109.exe//UPX//iexplore.exe High 2/2/2013 1:11:35 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP290A0094109.exe//UPX High 2/2/2013 1:11:35 PM Deleted virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP290A0094109.exe High 2/2/2013 1:20:17 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:TDSSKiller_Quarantine27.01.2013_13.16.48mbr0000mbr0000tsk0000.dta//HDDImage High 2/2/2013 1:20:27 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:TDSSKiller_Quarantine27.01.2013_13.16.48mbr0000mbr0000tsk0001.dta//vbr0 High 2/2/2013 1:20:17 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:TDSSKiller_Quarantine27.01.2013_13.16.48mbr0000mbr0000tsk0000.dta High 2/2/2013 1:20:27 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:TDSSKiller_Quarantine27.01.2013_13.16.48mbr0000mbr0000tsk0001.dta High Status: Disinfected (events: 22) 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineC_autorun_.inf.zip/autorun.inf High 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineDav6.zip/Qoobox/Autorun.inf High 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineDav6.zip High 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineC_autorun_.inf.zip/autorun.inf.1 High 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineC_autorun_.inf.zip High 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineDav7.zip/Qoobox/Quarantine/D/Autorun.inf.vir High 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineD_autorun_.inf.zip/Autorun.inf High 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineDav7.zip High 2/2/2013 1:01:24 PM Disinfected Trojan program Trojan.Win32.AutoRun.gen C:QooboxQuarantineD_autorun_.inf.zip High 2/2/2013 1:10:01 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091805.com High 2/2/2013 1:10:01 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091798.exe High 2/2/2013 1:10:01 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091803.exe High 2/2/2013 1:10:12 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091804.exe High 2/2/2013 1:10:24 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0091823.exe High 2/2/2013 1:10:26 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0093829.com High 2/2/2013 1:10:40 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0093831.EXE High 2/2/2013 1:10:44 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0093830.exe High 2/2/2013 1:10:42 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0093832.exe High 2/2/2013 1:10:56 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP286A0093833.exe High 2/2/2013 1:11:05 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP287A0093885.exe High 2/2/2013 1:11:14 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP289A0093898.exe High 2/2/2013 1:11:24 PM Disinfected virus Virus.Win32.Sality.gen C:System Volume Information_restore{5F5F20F1-B174-4051-9811-213E9C212AA7}RP289A0093899.exe High

Link to comment
Share on other sites

 Share

×
×
  • Create New...