[A] Unnamed virus, black screen, no access to task manager or any icons or files

Inactive
By tapersteve
Oct 1, 2012
Topic Status:
Not open for further replies.
  1. Well, most of the time, when I rarely get infected with a virus, I am able to clean it up myself. But, this one is a doozy. I have no desktop, or any way to navigate anywhere, when I log on as myself as the user. I am able to access "Safe mode," but like my regular desktop, there are no icons there either, just a black screen. I logged on as Administrator, which gave me access to task manager, and I have run both Avast and MBAM, both of which found pieces of this virus, and I had them quarantine the pieces, but even after rebooting from these programs, there is still no screen, and task manager is locked, except when I am logged in as administrator, which is where I am now.

    Any help in beating this thing would be most appreciated. You guys were wonderful a year or more ago when I got hit with a different virus, but you got me up and running again. I am fairly adept at working with the computer, so I know how to follow your instructions, run the necessary programs and post logs here.

    Thank you in advance. Steve
  2. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    [HJT log removed by Broni]
  3. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  4. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    Broni, Thank you for assisting me. I only posted the HJI log, since I thought that was a common way to get an initial look, but I will try to follow all of the rest of the instructions exactly. I am generally pretty adept at dealing with the computer, so you are not working with someone that you have to spoon feed, instruction by instruction. That being said, I am pasting the MBAM log file and the DDs log files below. I attempted to run GMER, at least three times. The only way that I can access the computer right now, is by logging on as administrator in Safe Mode. Otherwise, it has that lovely FBI moneypak garbage, even under MY username, in Safe Mode. Each time that I ran GMER, after about a half hour, there would be the BSOD, with an error message that I can type out if you want it. I was running it in Safe Mode, and even tried unchecking the "Devices" box, but still got another BSOD. So, if you have any other suggestions regarding GMER, let me know. I will await your response. If it makes any difference, I am up very late at night. Thank you again. Steve

    --------------------------------------------------------------------------------
    MBAM LOG:

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.01.05

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 7.0.5730.13
    Administrator :: STEVE-QUAD [administrator]

    Protection: Disabled

    10/1/2012 12:45:18 PM
    mbam-log-2012-10-01 (12-45-18).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 334270
    Time elapsed: 31 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijacked.Shell) -> Bad: (C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe) Good: (explorer.exe) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\System Volume Information\_restore{E5CD8885-81EB-4EA5-9C7D-F91E4C407EEE}\RP1418\A0410176.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E5CD8885-81EB-4EA5-9C7D-F91E4C407EEE}\RP1418\A0410177.exe (Trojan.Medfos) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E5CD8885-81EB-4EA5-9C7D-F91E4C407EEE}\RP1418\A0410178.ini (Trojan.0access) -> Quarantined and deleted successfully.

    (end)

    -----------------------------------------------------------
    DDS Logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
    Run by Administrator at 21:20:23 on 2012-10-01
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2850 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Shell=c:\documents and settings\steve kwartin\application data\wsf3CmCT.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
    mRun: [jICc7n9BYxBTRVw] c:\documents and settings\steve kwartin\application data\wsf3CmCT.exe
    mRun: [CheckPoint Cleanup] c:\docume~1\admini~1.st~\locals~1\temp\cpes_clean_launcher.exe c:\docume~1\admini~1.st~\locals~1\temp\cpes_clean.exe
    mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -I
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{BA1C7DD3-2BA9-4643-AC50-C1558133AD4F} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\sharp\sharpdesk\ExplorerExtensions.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator.steve-quad\application data\mozilla\firefox\profiles\8sohzsm4.default\
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    S0 jrsrfvwy;jrsrfvwy;c:\windows\system32\drivers\dasqqmlj.sys --> c:\windows\system32\drivers\dasqqmlj.sys [?]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 729752]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-5 355632]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-5 21256]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 44808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-1 399432]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-25 676936]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-28 253088]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\maudiodelta.sys --> c:\windows\system32\drivers\MAudioDelta.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-8-5 13192]
    S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-8-5 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-25 22856]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-4 121192]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-8-4 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-8-4 136680]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-7-27 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-22 2358656]
    .
    =============== Created Last 30 ================
    .
    2012-10-01 22:03:52 -------- d-----w- c:\documents and settings\all users\application data\ZA_PreservedFiles
    2012-10-01 11:11:03 -------- d-----w- c:\documents and settings\administrator.steve-quad\local settings\application data\Mozilla
    2012-10-01 10:20:59 -------- d-----w- c:\documents and settings\administrator.steve-quad\application data\Malwarebytes
    2012-09-25 15:39:17 -------- d-----w- c:\program files\Open Freely
    2012-09-17 21:55:28 -------- d-----w- c:\program files\Silabs
    2012-09-17 21:55:09 -------- d-----w- c:\windows\system32\Silabs
    2012-09-17 21:55:02 -------- d-----w- c:\program files\Sound Devices
    2012-09-09 06:26:00 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    2012-09-08 03:36:20 -------- d-----w- c:\windows\system32\NtmsData
    .
    ==================== Find3M ====================
    .
    2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
    .
    ============= FINISH: 21:21:19.98 ===============
  5. Broni

    Broni Malware Annihilator Posts: 46,182   +251

  6. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    I had to search to find it, but here is the DDS "Attach.txt" info. I will attempt the fixes in the post that you linked to, and will let you know if they worked. Thank you again. Steve

    -------------------------------------------------------------------------------------------
    DDS Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/21/2008 9:35:28 AM
    System Uptime: 10/1/2012 9:15:52 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0FM586
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 62.86 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    Description: HID Non-User Input Data Filter (KB 911895)
    Device ID: HID\VID_045E&PID_00E3&MI_01&COL01\7&303B4474&0&0000
    Manufacturer: Microsoft
    Name: HID Non-User Input Data Filter (KB 911895)
    PNP Device ID: HID\VID_045E&PID_00E3&MI_01&COL01\7&303B4474&0&0000
    Service: NuidFltr
    .
    Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    Description: HID Non-User Input Data Filter (KB 911895)
    Device ID: HID\VID_045E&PID_00E3&MI_01&COL03\7&303B4474&0&0002
    Manufacturer: Microsoft
    Name: HID Non-User Input Data Filter (KB 911895)
    PNP Device ID: HID\VID_045E&PID_00E3&MI_01&COL03\7&303B4474&0&0002
    Service: NuidFltr
    .
    ==== System Restore Points ===================
    .
    RP1412: 9/25/2012 11:41:52 AM - System Checkpoint
    RP1413: 9/26/2012 12:04:46 AM - System Checkpoint
    RP1414: 9/27/2012 3:27:04 AM - System Checkpoint
    RP1415: 9/28/2012 3:52:47 AM - System Checkpoint
    RP1416: 9/29/2012 6:06:02 AM - System Checkpoint
    RP1417: 9/30/2012 7:02:10 AM - System Checkpoint
    RP1418: 10/1/2012 6:47:49 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Download Manager
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8.1.2
    Audacity 1.3.12 (Unicode)
    Audacity Recovery Utility
    Auslogics Disk Defrag
    avast! Free Antivirus
    BTeasy 0.2.1.5
    CD Wave Editor version 1.97
    CKRename
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Critical Update for Windows Media Player 11 (KB959772)
    CutePDF Writer 2.7
    Dell Support Center (Support Software)
    Delta
    DING!
    DOC Regenerator
    E-Transcript Bundle Viewer
    EaseUS Partition Master 9.1.1 Home Edition
    ERUNT 1.1j
    Exact Audio Copy 0.99pb4
    File Type Assistant
    FLAC 1.2.1b (remove only)
    foobar2000 v0.9.5.4
    Free File Viewer 2011
    FreeUndelete 2.0.35248.1
    G-Force
    Garmin City Navigator North America NT 2010.40
    GIMP 2.6.6
    Glary Utilities 2.47.0.1539
    Google Earth
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections 12.1.12.0
    Java Auto Updater
    Java(TM) 6 Update 31
    K-Lite Codec Pack 7.0.0 (Standard)
    Malwarebytes Anti-Malware version 1.65.0.1400
    Maxtor Manager
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel Viewer 2003
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Nero Suite
    Open Freely
    PandoraRecovery (Remove Only)
    ParetoLogic Data Recovery
    PDF-Viewer
    PDF-XChange Viewer
    QuickTime
    r8brain 1.9
    Realtek High Definition Audio Driver
    Recuva
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SES Driver
    SHARP AM-900 Series MFP Driver
    Sharpdesk
    Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
    Sonic Activation Module
    Sony Sound Forge 8.0d
    Sound Forge Pro 10.0
    Sp5
    Sp5Intl
    Sp5TTInt
    SpCommon
    SpeedFan (remove only)
    SpPhones
    Spybot - Search & Destroy
    SUPERAntiSpyware
    System Requirements Lab for Intel
    TeamViewer 6
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Wireless Software Utility Application for Android - Samsung
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.2
    WaveAgent
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Wondershare Video Converter Ultimate(Build 5.5.1.0)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/30/2012 1:15:15 PM, error: Print [6161] - The document Pay Dues owned by Steve Kwartin failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1245184. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\STEVE-QUAD. Win32 error code returned by the print processor: 6 (0x6).
    9/28/2012 2:47:27 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
    9/28/2012 2:38:48 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D097F523C. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    9/26/2012 10:28:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SASDIFSV SASKUTIL
    9/26/2012 10:27:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/26/2012 1:16:28 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/25/2012 11:40:38 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000185' while processing the file '_362828_' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
    9/25/2012 11:40:38 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
    9/25/2012 11:40:28 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
    11/24/2012 6:45:13 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 001D097F523C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    11/24/2012 5:51:21 PM, error: Dhcp [1002] - The IP address lease 50.140.54.21 for the Network Card with network address 001D097F523C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    11/24/2012 3:04:02 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    11/24/2012 3:03:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/24/2012 3:02:18 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.
    11/24/2012 3:02:17 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/24/2012 3:02:17 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the file specified.
    11/24/2012 3:01:46 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -5273993 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|50.140.54.21:123->65.55.21.20:123) is working properly.
    11/24/2012 3:01:32 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/24/2012 2:56:46 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
    11/24/2012 2:56:46 PM, error: Service Control Manager [7034] - The Maxtor Service service terminated unexpectedly. It has done this 1 time(s).
    11/24/2012 1:46:56 PM, error: Print [6161] - The document JANIS JOPLIN, QUICKSILVER 1967 Avalon Ballroom Benefit Concert Handbill | eBay owned by Steve Kwartin failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3457872. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\STEVE-QUAD. Win32 error code returned by the print processor: 6 (0x6).
    10/1/2012 6:44:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    10/1/2012 6:02:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/1/2012 5:57:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/1/2012 5:56:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vsdatant
    10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/1/2012 5:53:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    10/1/2012 5:53:26 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/1/2012 2:26:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================

    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/21/2008 9:35:28 AM
    System Uptime: 10/1/2012 9:15:52 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0FM586
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 62.86 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    Description: HID Non-User Input Data Filter (KB 911895)
    Device ID: HID\VID_045E&PID_00E3&MI_01&COL01\7&303B4474&0&0000
    Manufacturer: Microsoft
    Name: HID Non-User Input Data Filter (KB 911895)
    PNP Device ID: HID\VID_045E&PID_00E3&MI_01&COL01\7&303B4474&0&0000
    Service: NuidFltr
    .
    Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    Description: HID Non-User Input Data Filter (KB 911895)
    Device ID: HID\VID_045E&PID_00E3&MI_01&COL03\7&303B4474&0&0002
    Manufacturer: Microsoft
    Name: HID Non-User Input Data Filter (KB 911895)
    PNP Device ID: HID\VID_045E&PID_00E3&MI_01&COL03\7&303B4474&0&0002
    Service: NuidFltr
    .
    ==== System Restore Points ===================
    .
    RP1412: 9/25/2012 11:41:52 AM - System Checkpoint
    RP1413: 9/26/2012 12:04:46 AM - System Checkpoint
    RP1414: 9/27/2012 3:27:04 AM - System Checkpoint
    RP1415: 9/28/2012 3:52:47 AM - System Checkpoint
    RP1416: 9/29/2012 6:06:02 AM - System Checkpoint
    RP1417: 9/30/2012 7:02:10 AM - System Checkpoint
    RP1418: 10/1/2012 6:47:49 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Download Manager
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8.1.2
    Audacity 1.3.12 (Unicode)
    Audacity Recovery Utility
    Auslogics Disk Defrag
    avast! Free Antivirus
    BTeasy 0.2.1.5
    CD Wave Editor version 1.97
    CKRename
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Critical Update for Windows Media Player 11 (KB959772)
    CutePDF Writer 2.7
    Dell Support Center (Support Software)
    Delta
    DING!
    DOC Regenerator
    E-Transcript Bundle Viewer
    EaseUS Partition Master 9.1.1 Home Edition
    ERUNT 1.1j
    Exact Audio Copy 0.99pb4
    File Type Assistant
    FLAC 1.2.1b (remove only)
    foobar2000 v0.9.5.4
    Free File Viewer 2011
    FreeUndelete 2.0.35248.1
    G-Force
    Garmin City Navigator North America NT 2010.40
    GIMP 2.6.6
    Glary Utilities 2.47.0.1539
    Google Earth
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections 12.1.12.0
    Java Auto Updater
    Java(TM) 6 Update 31
    K-Lite Codec Pack 7.0.0 (Standard)
    Malwarebytes Anti-Malware version 1.65.0.1400
    Maxtor Manager
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel Viewer 2003
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Nero Suite
    Open Freely
    PandoraRecovery (Remove Only)
    ParetoLogic Data Recovery
    PDF-Viewer
    PDF-XChange Viewer
    QuickTime
    r8brain 1.9
    Realtek High Definition Audio Driver
    Recuva
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SES Driver
    SHARP AM-900 Series MFP Driver
    Sharpdesk
    Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
    Sonic Activation Module
    Sony Sound Forge 8.0d
    Sound Forge Pro 10.0
    Sp5
    Sp5Intl
    Sp5TTInt
    SpCommon
    SpeedFan (remove only)
    SpPhones
    Spybot - Search & Destroy
    SUPERAntiSpyware
    System Requirements Lab for Intel
    TeamViewer 6
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Wireless Software Utility Application for Android - Samsung
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.2
    WaveAgent
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Wondershare Video Converter Ultimate(Build 5.5.1.0)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/30/2012 1:15:15 PM, error: Print [6161] - The document Pay Dues owned by Steve Kwartin failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1245184. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\STEVE-QUAD. Win32 error code returned by the print processor: 6 (0x6).
    9/28/2012 2:47:27 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
    9/28/2012 2:38:48 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D097F523C. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    9/26/2012 10:28:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SASDIFSV SASKUTIL
    9/26/2012 10:27:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/26/2012 1:16:28 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/25/2012 11:40:38 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000185' while processing the file '_362828_' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
    9/25/2012 11:40:38 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
    9/25/2012 11:40:28 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
    11/24/2012 6:45:13 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 001D097F523C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    11/24/2012 5:51:21 PM, error: Dhcp [1002] - The IP address lease 50.140.54.21 for the Network Card with network address 001D097F523C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    11/24/2012 3:04:02 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    11/24/2012 3:03:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/24/2012 3:02:18 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.
    11/24/2012 3:02:17 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/24/2012 3:02:17 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the file specified.
    11/24/2012 3:01:46 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -5273993 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|50.140.54.21:123->65.55.21.20:123) is working properly.
    11/24/2012 3:01:32 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/24/2012 2:56:46 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
    11/24/2012 2:56:46 PM, error: Service Control Manager [7034] - The Maxtor Service service terminated unexpectedly. It has done this 1 time(s).
    11/24/2012 1:46:56 PM, error: Print [6161] - The document JANIS JOPLIN, QUICKSILVER 1967 Avalon Ballroom Benefit Concert Handbill | eBay owned by Steve Kwartin failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3457872. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\STEVE-QUAD. Win32 error code returned by the print processor: 6 (0x6).
    10/1/2012 6:44:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    10/1/2012 6:02:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/1/2012 5:57:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/1/2012 5:56:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vsdatant
    10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/1/2012 5:53:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    10/1/2012 5:53:26 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/1/2012 2:26:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
  7. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    I have downloaded the emsisoft free emergency kit, following the instructions in the bleepingcomputer link, but when I try to run the main program, I keep getting a Microsoft error message that the program is shutting itself down. I have had one of these "FBI" type infections before, and it was relatively easy to get rid of on my own. This version has a lot more protections built in, such as keeping me from accessing my desktop, application data, and other folders, and otherwise being far more resistant to prior removal methods. Do these jerks really think that someone is going to wire them money? I would be in favor of public executions of virus/spam creators. Thanks again. Steve
  8. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

    Please print this guide for future reference!

    You will need a blank CD, a clean computer and a flash drive.

    Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

    :step1:

    1. Download and Run Ultimate Boot CD for Windows
    • Save it to your Desktop.
    • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
    • Follow all of the instructions/prompts that come up.
      NOTES:
      • Do not install to a folder with spaces in it's name.
      • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
    2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
    • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
    • Click "I agree" to the Builders License.
    • Click NO to Search for Windows Installation Files
    • Make the following selections from the Main Screen that pops up:
      • Builder
        • Source:(path to Windows installation files)
          • Enter the path to the drive where your XP CD is located.
          • You can click on the "..." button on the right to navigate to the path as well.
        • Custom: (include files and folders from this directory)
          • No information is necessary, leave blank.
        • Output: (C:\ubcd4win\BartPE)
          • Keep the default BartPE
      • Media output
        • Choose Create ISO image
        • Do not choose Burn to CD/DVD


        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

        Also note: If you have a Dell XP install disc you will need to follow the instructions here
        http://www.ubcd4win.com/faq.htm#dell

      3. Click on the "Build" button
      • You will see the Windows EULA message. Click on I Agree
      • You will now see the Build Screen. Let it run it's course
      • When the Build is finished you can click close, then exit


      4. Burn your ISO file to CD
      • Please see HERE on how to burn an ISO to CD.

    ==========

    :step2:

    Next, from your clean computer:

    Download Farbar Recovery Scan Tool
    and save it to your flash drive.

    Now plug your flashdrive back into your sick computer and follow the next instructions:

    ==========

    :step3:

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    • You should now have a desktop that looks like this:
      [​IMG]

    ==========

    :step4:

    • Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
    • Double click on it to begin running the tool.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.
  9. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    As I indicated above, despite several tries, I was unable to run the emergency kit. I was able to run the command line scanner, the results of which are pasted below. I think that this virus has much greater capabilities to mask itself, and to block other software from locating it and removing it.

    ---------------------------------------
    Command Line Scanner Report



    C:\DOCUME~1\ADMINI~1.ST~\LOCALS~1\Temp\Rar$EX01.094>ECHO OFF

    Emsisoft Commandline Scanner v. 6.5.0.6
    (C) 2003-2012 Emsisoft - www.emsisoft.com

    Emsisoft Commandline Scanner - Version 2.0
    Last update: N/A

    Scan settings:

    Objects: Memory, Traces, C:\WINDOWS\, C:\PROGRAM FILES\
    Scan archives: Off
    ADS Scan: Off

    Scan start: 10/1/2012 11:53:03 PM

    C:\PROGRAM FILES\Acro Software\CutePDF Writer\README.HTM


    Scanned

    Objects: 518676
    Traces: 471676
    Cookies: 0
    Processes: 0

    Found

    Objects: 0
    Traces: 0
    Cookies: 0
    Processes: 0

    Quarantined

    Files: 0
    Traces: 0
    Cookies: 0
    Processes: 0

    Scan end: 10/2/2012 12:07:16 AM
    Scan time: 0:14:13
    Press any key to continue . . .
  10. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    I had not seen your last post, before my post above. The only problem with the next suggestion is that I do not have the XP CDs. The computer came with it loaded, and without any media at all. I do have a recovery mirror from a while back on one of my external hard drives. I am not sure if that would help, but lacking the CDs, I am not sure whether the method above will be useful. I will wait for your response before proceeding any further. Steve
  11. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  12. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    OK. So I was able to download, install and run OTLPE. I ran the scan, and the log is below. Several notes for future reference. It did not ask me whether I wanted to use a remote registry. It did ask me about multiple user accounts. Don't know if that is a change or not. While I was able to access the internet while on that system, and could get to gmail, to e-mail myself the log, when I went to your site, the main page loaded, but if I attempted to get to the forums or anything with the word virus in it, it blocked it. I could get to other news pages, but even if I went through a number of other clicks, and then tried to access the forum, I would get blocked. This is a much nastier POS than the other version of the FBI/moneypak scam that I saw previously.
    ---------------------------------------------------------------------------
    OTL logfile created on: 10/2/2012 3:51:41 AM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date
    Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory |
    91.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
    C:\Program Files
    Drive C: | 232.82 Gb Total Space | 62.33 Gb Free Space | 26.77% Space
    Free | Partition Type: NTFS
    Drive D: | 698.64 Gb Total Space | 100.82 Gb Free Space | 14.43% Space
    Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space
    Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company
    Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet005

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- -- (stllssvr)
    SRV - File not found [Auto] -- -- (MDM)
    SRV - File not found [Disabled] -- -- (IDriverT)
    SRV - File not found [Disabled] -- -- (AOL TopSpeedMonitor)
    SRV - [2012/09/09 02:25:57 | 000,114,144 | ---- | M] (Mozilla
    Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance
    Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes
    Corporation) [Auto] -- C:\Program Files\Malwarebytes'
    Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes
    Corporation) [Auto] -- C:\Program Files\Malwarebytes'
    Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software)
    [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe --
    (avast! Antivirus)
    SRV - [2012/04/28 18:37:11 | 000,253,088 | ---- | M] (Adobe Systems
    Incorporated) [On_Demand] --
    C:\WINDOWS\system32\Macromed\
    Flash\FlashPlayerUpdateService.exe --
    (AdobeFlashPlayerUpdateSvc)
    SRV - [2011/11/03 14:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH)
    [Disabled] -- C:\Program
    Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M]
    (SUPERAntiSpyware.com) [Disabled] -- C:\Program
    Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems
    Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
    -- (nosGetPlusHelper) getPlus(R)
    SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft,
    Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service
    (DellSupportCenter)
    SRV - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate
    Technology LLC) [Auto] -- C:\Program
    Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | Auto] -- -- (PfModNT)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Boot] -- -- (jrsrfvwy)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilDrv11010)
    DRV - File not found [Kernel | On_Demand] -- -- (ENTECH)
    DRV - File not found [Kernel | On_Demand] -- -- (DELTAII) Service for
    M-Audio Delta Driver (WDM)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | System] -- -- (A2DDA)
    DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes
    Corporation) [File_System | On_Demand] --
    C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software)
    [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys --
    (aswSnx)
    DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software)
    [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software)
    [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys --
    (aswTdi)
    DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software)
    [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys --
    (aswMon2)
    DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software)
    [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys --
    (aswRdr)
    DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software)
    [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys --
    (Aavmker4)
    DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software)
    [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys --
    (aswFsBlk)
    DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel |
    On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel |
    On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M]
    (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] --
    C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M]
    (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] --
    C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software)
    [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2011/01/12 21:15:08 | 000,136,680 | ---- | M] (MCCI
    Corporation) [Kernel | On_Demand] --
    C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2011/01/12 21:15:08 | 000,121,192 | ---- | M] (MCCI
    Corporation) [Kernel | On_Demand] --
    C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android
    USB Composite Device driver (WDM)
    DRV - [2011/01/12 21:15:08 | 000,012,776 | ---- | M] (MCCI
    Corporation) [Kernel | On_Demand] --
    C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android
    USB Modem (Filter)
    DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel |
    On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys --
    (cpudrv)
    DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital
    Technologies) [Kernel | On_Demand] --
    C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.)
    [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys --
    (MXOPSWD)
    DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek
    Semiconductor Corp.) [Kernel | On_Demand] --
    C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    Service for Realtek HD Audio (WDM)
    DRV - [2007/01/25 12:12:22 | 000,302,336 | ---- | M] (Midiman/M-Audio)
    [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\delta.sys --
    (DELTA) Service for Delta Driver (WDM)
    DRV - [2007/01/19 13:53:43 | 000,018,304 | ---- | M] (Printing
    Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] --
    C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2007/01/19 13:53:42 | 000,019,712 | ---- | M] (Printing
    Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] --
    C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant
    Systems, Inc.) [Kernel | On_Demand] --
    C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant
    Systems, Inc.) [Kernel | On_Demand] --
    C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant
    Systems, Inc.) [Kernel | On_Demand] --
    C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online,
    Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys
    -- (wanatw) WAN Miniport (ATW)
    DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel |
    Disabled] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    %SystemRoot%\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.msn.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings: "ProxyEnable" = 0

    IE - HKU\Administrator.STEVE-QUAD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings: "ProxyEnable" = 0

    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings: "ProxyEnable" = 0



    IE - HKU\Steve_Kwartin_ON_C\Software\Microsoft\Internet
    Explorer\Main,Start Page = http://www.cnn.com/
    IE - HKU\Steve_Kwartin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings: "ProxyEnable" = 0

    IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
    C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer
    Plugin,version=1.0,application/pdf: C:\Program Files\Tracker
    Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products
    (Canada) Ltd.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:
    C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program
    Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
    C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll (
    Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:
    C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
    Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97:
    C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99:
    C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
    Update;version=3: C:\Program
    Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
    Update;version=9: C:\Program
    Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange
    Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker
    Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products
    (Canada) Ltd.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com:
    C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/09/05 18:33:39
    | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
    15.0.1\extensions\\Components: C:\Program Files\Mozilla
    Firefox\components [2012/09/09 02:26:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
    15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    [2011/11/08 01:01:32 | 000,000,000 | ---D | M]

    [2012/10/01 07:11:10 | 000,000,000 | ---D | M] (No name found) --
    C:\Documents and Settings\Administrator.STEVE-QUAD\Application
    Data\Mozilla\Extensions
    [2012/06/11 11:32:11 | 000,000,000 | ---D | M] (No name found) --
    C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) --
    [2012/09/09 02:25:59 | 000,266,720 | ---- | M] (Mozilla Foundation) --
    C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/04/27 11:35:22 | 000,476,904 | ---- | M] (Sun Microsystems,
    Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/08/14 17:49:30 | 000,171,136 | ---- | M] (Tracker Software
    Products (Canada) Ltd.) -- C:\Program Files\mozilla
    firefox\plugins\npPDFXCviewNPPlugin.dll
    [2012/09/09 02:25:53 | 000,002,465 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/09 02:25:53 | 000,002,253 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/06 16:36:57 | 000,443,883 | R--- | M]) -
    C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15244 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems
    Incorporated)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
    C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST
    Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) -
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil
    Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) -
    {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) -
    {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
    O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) -
    {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil
    Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CheckPoint Cleanup] File not found
    O4 - HKLM..\Run: [jICc7n9BYxBTRVw] C:\Documents and Settings\Steve
    Kwartin\Application Data\wsf3CmCT.exe ()
    O4 - HKU\Steve_Kwartin_ON_C..\Run: [jICc7n9BYxBTRVw] C:\Documents and
    Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
    O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe
    (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program
    Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes
    Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)]
    C:\Documents and Settings\All Users\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes
    Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveAutoRun = 67108863
    O7 - HKU\Administrator.STEVE-QUAD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 145
    O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 145
    O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 145
    O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveAutoRun = 67108863
    O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDesktop = 1
    O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
    DisableRegistryTools = 1
    O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
    DisableTaskMgr = 1
    O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 145
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
    75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} -
    C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP
    CORPORATION)
    O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Steve
    Kwartin\Application Data\wsf3CmCT.exe) - C:\Documents and
    Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
    O20 - HKU\Steve_Kwartin_ON_C Winlogon: Shell - (C:\Documents and
    Settings\Steve Kwartin\Application Data\wsf3CmCT.exe) - C:\Documents
    and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program
    Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program
    Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. -
    Reg Error: Value error. File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
    C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/21 09:33:29 | 000,000,000 | ---- | M] ()
    - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/05/31 15:17:24 | 000,000,118 | ---- | M] ()
    - D:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] ()
    - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O36 - AppCertDlls: ddessrvc - (C:\WINDOWS\system32\clipipv6.dll) -
    File not found
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days
    ==========


    [2012/11/24 15:25:44 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Virus
    [2012/10/01 23:15:38 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\My Documents\Run
    [2012/10/01 23:14:14 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data\EurekaLog
    [2012/10/01 23:12:30 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data\WinRAR
    [2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\My Documents\My Videos
    [2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\My Documents\My Pictures
    [2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\My Documents\My Music
    [2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Administrative
    Tools
    [2012/10/01 20:31:23 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Steve Kwartin\My Documents\virus
    [2012/10/01 18:03:52 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Application Data\ZA_PreservedFiles
    [2012/10/01 15:32:33 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\My Documents\Downloads
    [2012/10/01 07:12:07 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data\Macromedia
    [2012/10/01 07:11:03 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Local Settings\Application
    Data\Mozilla
    [2012/10/01 07:11:03 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data\Mozilla
    [2012/10/01 06:20:59 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data\Malwarebytes
    [2012/10/01 06:05:02 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data\Adobe
    [2012/10/01 05:55:54 | 000,000,000 | --SD | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data\Microsoft
    [2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Startup
    [2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Start Menu
    [2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\SendTo
    [2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data
    [2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Accessories
    [2012/10/01 05:55:54 | 000,000,000 | -HSD | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Cookies
    [2012/10/01 05:55:54 | 000,000,000 | -H-D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Local Settings
    [2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Templates
    [2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Recent
    [2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\PrintHood
    [2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\NetHood
    [2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\My Documents
    [2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Local Settings\Application
    Data\Microsoft
    [2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Favorites
    [2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Desktop
    [2012/10/01 04:41:34 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Roaming
    [2012/09/25 11:39:27 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Open Freely
    [2012/09/25 11:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
    [2012/09/20 17:00:53 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
    [2012/09/17 18:08:27 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Sound Devices
    [2012/09/17 17:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
    [2012/09/17 17:55:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Silabs
    [2012/09/17 17:55:06 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Sound Devices
    [2012/09/17 17:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sound Devices
    [2012/09/12 22:05:26 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\ERUNT
    [2012/09/12 22:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/09/07 23:36:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [5 C:\Documents and Settings\Steve Kwartin\My Documents\*.tmp files ->
    C:\Documents and Settings\Steve Kwartin\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/24 13:39:57 | 000,199,046 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Thank you for your Order2!.pdf
    [2012/11/24 13:37:41 | 000,166,662 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Shopping cart3.pdf
    [2012/11/24 13:35:26 | 000,198,523 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Thank you for your Order!.pdf
    [2012/11/24 13:30:28 | 000,167,294 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Shopping cart2.pdf
    [2012/10/02 02:42:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/02 02:37:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/10/02 00:52:49 | 000,000,664 | ---- | M] () --
    C:\WINDOWS\System32\d3d9caps.dat
    [2012/10/01 23:36:15 | 000,811,138 | ---- | M] () -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\My Documents\152 Order Adopting
    Report and Recommendations re Attorneys Fees.pdf
    [2012/10/01 21:14:03 | 000,000,318 | -H-- | M] () --
    C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/10/01 21:13:56 | 000,000,328 | ---- | M] () --
    C:\WINDOWS\tasks\GlaryInitialize.job
    [2012/10/01 21:13:52 | 000,000,394 | ---- | M] () --
    C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
    [2012/10/01 21:13:51 | 000,000,896 | ---- | M] () --
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/01 21:13:49 | 000,000,260 | ---- | M] () --
    C:\WINDOWS\tasks\WGASetup.job
    [2012/10/01 20:17:23 | 000,000,440 | RHS- | M] () -- C:\Documents and
    Settings\Steve Kwartin\ntuser.pol
    [2012/10/01 17:22:32 | 000,000,440 | RHS- | M] () -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\ntuser.pol
    [2012/10/01 12:44:20 | 000,000,784 | ---- | M] () -- C:\Documents and
    Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/01 04:40:56 | 000,283,495 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\wsf3CmCT.exe
    [2012/10/01 03:58:00 | 000,000,900 | ---- | M] () --
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/01 03:57:00 | 000,000,830 | ---- | M] () --
    C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/09/30 18:00:00 | 000,000,458 | ---- | M] () --
    C:\WINDOWS\tasks\ParetoLogic Registration.job
    [2012/09/30 14:48:32 | 000,081,792 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Scanned Image 122740000.jpg
    [2012/09/29 19:42:48 | 000,000,063 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\bteasy.ini
    [2012/09/29 18:56:32 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2012/09/28 14:54:02 | 000,521,038 | ---- | M] () --
    C:\WINDOWS\System32\perfh009.dat
    [2012/09/28 14:54:02 | 000,095,478 | ---- | M] () --
    C:\WINDOWS\System32\perfc009.dat
    [2012/09/28 14:36:02 | 000,000,256 | -HS- | M] () -- C:\boot.ini
    [2012/09/28 12:16:15 | 000,187,238 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\My Documents\Ticketmaster Confirmation.pdf
    [2012/09/27 01:20:00 | 000,000,432 | ---- | M] () --
    C:\WINDOWS\tasks\ParetoLogic Update Version2.job
    [2012/09/26 23:29:52 | 000,000,745 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Microsoft\Internet
    Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
    [2012/09/26 23:01:31 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2012/09/26 22:49:05 | 000,000,815 | ---- | M] () -- C:\Documents and
    Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick
    Launch\Launch Internet Explorer Browser.lnk
    [2012/09/26 22:28:21 | 000,001,337 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/09/25 11:39:27 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Open Freely
    [2012/09/24 12:20:44 | 000,181,703 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Confirm Order.pdf
    [2012/09/22 01:24:04 | 000,000,706 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Microsoft\Internet
    Explorer\Quick Launch\foobar2000.lnk
    [2012/09/21 19:03:38 | 000,068,565 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\The Who - Posters.pdf
    [2012/09/20 17:00:53 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
    [2012/09/19 20:57:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/09/17 17:55:06 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Sound Devices
    [2012/09/15 18:40:31 | 000,102,300 | ---- | M] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\axel-rosales-most-piercings-on-face_dsc5560.jpg
    [2012/09/12 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\ERUNT
    [2012/09/09 02:37:37 | 000,000,548 | ---- | M] () --
    C:\WINDOWS\tasks\Rescue Reminder for 2HAA48PR.job
    [2012/09/08 12:58:00 | 004,503,728 | ---- | M] () -- C:\Documents and
    Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes
    Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/09/05 18:33:46 | 000,002,626 | ---- | M] () --
    C:\WINDOWS\System32\CONFIG.NT
    [5 C:\Documents and Settings\Steve Kwartin\My Documents\*.tmp files ->
    C:\Documents and Settings\Steve Kwartin\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/24 13:39:56 | 000,199,046 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Thank you for your Order2!.pdf
    [2012/11/24 13:37:40 | 000,166,662 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Shopping cart3.pdf
    [2012/11/24 13:35:25 | 000,198,523 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Thank you for your Order!.pdf
    [2012/11/24 13:30:27 | 000,167,294 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Shopping cart2.pdf
    [2012/10/01 23:36:15 | 000,811,138 | ---- | C] () -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\My Documents\152 Order Adopting
    Report and Recommendations re Attorneys Fees.pdf
    [2012/10/01 12:44:20 | 000,000,784 | ---- | C] () -- C:\Documents and
    Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/01 06:44:31 | 000,000,440 | RHS- | C] () -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\ntuser.pol
    [2012/10/01 05:55:55 | 000,001,599 | ---- | C] () -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Remote
    Assistance.lnk
    [2012/10/01 05:55:55 | 000,000,792 | ---- | C] () -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Windows Media
    Player.lnk
    [2012/10/01 04:40:57 | 000,283,495 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\wsf3CmCT.exe
    [2012/09/30 14:46:08 | 000,081,792 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Scanned Image 122740000.jpg
    [2012/09/28 12:16:13 | 000,187,238 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\My Documents\Ticketmaster Confirmation.pdf
    [2012/09/26 23:29:52 | 000,000,745 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Microsoft\Internet
    Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
    [2012/09/24 12:20:42 | 000,181,703 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\Confirm Order.pdf
    [2012/09/22 01:24:04 | 000,000,706 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Microsoft\Internet
    Explorer\Quick Launch\foobar2000.lnk
    [2012/09/21 19:03:37 | 000,068,565 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\The Who - Posters.pdf
    [2012/09/15 18:46:42 | 000,102,300 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Desktop\axel-rosales-most-piercings-on-face_dsc5560.jpg
    [2012/09/12 22:02:33 | 000,000,440 | RHS- | C] () -- C:\Documents and
    Settings\Steve Kwartin\ntuser.pol
    [2012/09/04 19:14:17 | 004,503,728 | ---- | C] () -- C:\Documents and
    Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
    [2012/08/14 03:46:24 | 083,023,306 | ---- | C] () -- C:\Documents and
    Settings\All Users\Application Data\ism_0_llatsni.pad
    [2012/08/06 13:04:53 | 004,503,728 | ---- | C] () -- C:\Documents and
    Settings\All Users\Application Data\rat_0ybba.pad
    [2012/08/05 14:25:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bench32.INI
    [2012/08/05 03:28:39 | 000,019,840 | ---- | C] () --
    C:\WINDOWS\System32\EuEpmGdi.dll
    [2012/08/05 03:28:37 | 002,468,520 | ---- | C] () --
    C:\WINDOWS\System32\BootMan.exe
    [2012/08/05 03:28:37 | 000,086,408 | ---- | C] () --
    C:\WINDOWS\System32\setupempdrv03.exe
    [2012/08/05 03:28:37 | 000,013,192 | ---- | C] () --
    C:\WINDOWS\System32\epmntdrv.sys
    [2012/08/05 03:28:37 | 000,008,456 | ---- | C] () --
    C:\WINDOWS\System32\EuGdiDrv.sys
    [2012/08/02 19:27:20 | 000,178,688 | ---- | C] () --
    C:\WINDOWS\System32\unrar.dll
    [2012/07/26 12:19:07 | 004,503,728 | ---- | C] () -- C:\Documents and
    Settings\All Users\Application Data\z7_0ytr.pad
    [2012/07/13 19:18:42 | 000,000,664 | ---- | C] () --
    C:\WINDOWS\System32\d3d9caps.dat
    [2012/07/13 17:50:51 | 000,003,584 | ---- | C] () -- C:\Documents and
    Settings\Guest\Local Settings\Application
    Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/20 18:54:29 | 000,156,864 | ---- | C] () -- C:\Documents and
    Settings\LocalService\Local Settings\Application
    Data\FontCache3.0.0.0.dat
    [2012/01/06 18:10:20 | 000,000,088 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\default.pls
    [2012/01/06 16:30:50 | 000,156,160 | ---- | C] () --
    C:\WINDOWS\System32\WS_ContextMenu.dll
    [2011/10/26 17:10:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/09/11 15:31:07 | 000,000,918 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\.recently-used.xbel
    [2011/01/08 16:19:10 | 000,074,703 | ---- | C] () --
    C:\WINDOWS\System32\mfc45.dll
    [2011/01/05 17:35:49 | 000,004,212 | ---- | C] () --
    C:\WINDOWS\System32\zllictbl.dat
    [2011/01/05 13:49:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2010/12/13 02:18:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/05/12 01:00:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
    [2009/02/12 12:26:33 | 000,492,118 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\fontlst2.opf
    [2009/02/03 15:15:15 | 000,000,543 | ---- | C] () -- C:\WINDOWS\OPHC.ini
    [2008/12/07 22:53:20 | 000,021,504 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Local Settings\Application
    Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/20 23:46:29 | 135,124,796 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Dg24.wav
    [2008/11/20 23:46:21 | 130,717,148 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Dg23.wav
    [2008/11/19 15:38:52 | 000,087,552 | ---- | C] () --
    C:\WINDOWS\System32\cpwmon2k.dll
    [2008/11/03 23:15:06 | 000,131,584 | ---- | C] () --
    C:\WINDOWS\System32\SpoonUninstall.exe
    [2008/11/03 21:54:53 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2008/11/02 23:39:59 | 000,000,063 | ---- | C] () -- C:\Documents and
    Settings\Steve Kwartin\Application Data\bteasy.ini
    [2008/11/02 21:25:18 | 000,561,086 | ---- | C] () -- C:\Documents and
    Settings\LocalService\Application Data\fontlst2.opf
    [2008/10/23 18:26:12 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
    [2008/10/23 18:17:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/10/23 18:09:19 | 000,020,480 | ---- | C] () --
    C:\WINDOWS\System32\SPZLPO__.DLL
    [2008/08/09 18:04:56 | 000,000,203 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/08/09 17:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2008/07/21 19:30:17 | 000,204,800 | ---- | C] () --
    C:\WINDOWS\System32\igfxCoIn_v4820.dll
    [2008/07/21 19:29:28 | 000,049,152 | ---- | C] () --
    C:\WINDOWS\System32\ChCfg.exe
    [2008/07/21 13:37:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/07/21 09:35:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/07/21 09:31:08 | 000,021,640 | ---- | C] () --
    C:\WINDOWS\System32\emptyregdb.dat
    [2008/07/21 05:25:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/21 05:24:32 | 000,263,824 | ---- | C] () --
    C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/03/21 19:48:05 | 013,107,200 | ---- | C] () --
    C:\WINDOWS\System32\oembios.bin
    [2005/03/21 19:48:05 | 000,004,627 | ---- | C] () --
    C:\WINDOWS\System32\oembios.dat
    [2004/08/06 20:00:42 | 000,045,056 | ---- | C] () --
    C:\WINDOWS\System32\WINREGP.DLL
    [2004/08/04 06:00:00 | 000,673,088 | ---- | C] () --
    C:\WINDOWS\System32\mlang.dat
    [2004/08/04 06:00:00 | 000,521,038 | ---- | C] () --
    C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 06:00:00 | 000,272,128 | ---- | C] () --
    C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 06:00:00 | 000,218,003 | ---- | C] () --
    C:\WINDOWS\System32\dssec.dat
    [2004/08/04 06:00:00 | 000,095,478 | ---- | C] () --
    C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 06:00:00 | 000,028,626 | ---- | C] () --
    C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 06:00:00 | 000,004,569 | ---- | C] () --
    C:\WINDOWS\System32\secupd.dat
    [2004/08/04 06:00:00 | 000,001,804 | ---- | C] () --
    C:\WINDOWS\System32\dcache.bin
    [2004/08/04 06:00:00 | 000,000,741 | ---- | C] () --
    C:\WINDOWS\System32\noise.dat
    [2004/02/06 13:05:22 | 000,014,848 | ---- | C] () --
    C:\WINDOWS\System32\TERNT.DLL
    [2004/02/06 13:00:04 | 000,015,872 | ---- | C] () --
    C:\WINDOWS\System32\TER9X.DLL
    [2003/12/14 02:03:42 | 001,107,472 | ---- | C] () --
    C:\WINDOWS\System32\OWL52.DLL
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () --
    C:\WINDOWS\System32\OUTLPERF.INI
    [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () --
    C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2012/10/02 00:57:34 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Administrator.STEVE-QUAD\Application Data\EurekaLog
    [2008/11/02 21:25:22 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\LocalService\Application Data\Sharpdesk
    [2011/05/16 12:03:31 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\.oit
    [2012/07/27 15:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\0FF73A05
    [2012/09/30 17:23:15 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Audacity
    [2012/08/04 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Auslogics
    [2011/01/05 17:39:26 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\CheckPoint
    [2011/01/20 17:08:36 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\DriverCure
    [2012/09/22 15:10:37 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\foobar2000
    [2011/11/04 13:52:44 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\FreeFileViewer
    [2011/07/26 01:42:59 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\GARMIN
    [2012/08/04 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\GlarySoft
    [2010/09/01 16:22:31 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\gtk-2.0
    [2011/07/12 02:04:17 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\IVONA ControlCenter
    [2011/05/22 17:11:12 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\OfficeRecovery
    [2010/05/25 17:43:32 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\PandoraRecovery
    [2011/01/20 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\ParetoLogic
    [2008/08/03 14:42:54 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Publish Providers
    [2012/10/01 04:41:34 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Roaming
    [2008/12/05 16:53:11 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Sharpdesk
    [2010/07/27 19:13:23 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Sony
    [2010/07/26 23:28:51 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Sony Setup
    [2012/09/18 13:14:44 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Sound Devices
    [2011/07/23 01:26:39 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\SoundSpectrum
    [2012/06/11 17:24:31 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Southwest Airlines
    [2011/07/23 01:43:03 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\SystemRequirementsLab
    [2012/08/16 06:33:08 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\TeamViewer
    [2011/01/05 01:07:53 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Tific
    [2012/08/04 16:13:44 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\Uniblue
    [2012/10/01 04:46:30 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\Steve Kwartin\Application Data\uTorrent
    [2011/01/05 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\Alwil Software
    [2008/08/02 20:05:50 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\AT&T
    [2011/05/22 15:50:24 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\Cached Installations
    [2012/04/23 15:50:00 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\ClubSanDisk
    [2011/07/26 01:42:59 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\GARMIN
    [2012/01/06 16:26:16 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\InstallMate
    [2011/01/08 16:19:15 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\iolo
    [2010/01/01 14:34:24 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\Maxtor
    [2011/01/05 17:20:24 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\MFAData
    [2010/06/29 16:03:50 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\MSScanAppDataDir
    [2011/05/22 15:51:11 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\ParetoLogic
    [2011/01/06 01:27:42 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\PassMark
    [2011/08/04 06:24:16 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\Samsung
    [2011/01/05 01:41:39 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\SecTaskMan
    [2008/10/23 18:18:43 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\Sharpdesk
    [2010/07/27 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\Sony
    [2011/01/08 15:52:01 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\SupportSoft
    [2012/08/04 17:01:18 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\TEMP
    [2012/01/06 18:18:17 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\xml_param
    [2012/10/01 18:03:52 | 000,000,000 | ---D | M] -- C:\Documents and
    Settings\All Users\Application Data\ZA_PreservedFiles
    [2012/10/01 21:14:03 | 000,000,318 | -H-- | M] () --
    C:\WINDOWS\Tasks\avast! Emergency Update.job
    [2012/10/01 21:13:52 | 000,000,394 | ---- | M] () --
    C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
    [2012/10/01 21:13:56 | 000,000,328 | ---- | M] () --
    C:\WINDOWS\Tasks\GlaryInitialize.job
    [2012/09/30 18:00:00 | 000,000,458 | ---- | M] () --
    C:\WINDOWS\Tasks\ParetoLogic Registration.job
    [2012/09/27 01:20:00 | 000,000,432 | ---- | M] () --
    C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
    [2012/09/09 02:37:37 | 000,000,548 | ---- | M] () --
    C:\WINDOWS\Tasks\Rescue Reminder for 2HAA48PR.job
    [2012/10/01 21:13:49 | 000,000,260 | ---- | M] () --
    C:\WINDOWS\Tasks\WGASetup.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All
    Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
    Kwartin\My Documents\My Videos:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
    Kwartin\Desktop\Widespread_Panic_2008-10-28_Fillmore_Miami_Beach_FL_TLM-170_FOB.flac16:Roxio
    EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
    Kwartin\Desktop\CODETKRSO08013.WAV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
    Kwartin\Desktop\CODETKRSO08012.WAV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
    Kwartin\Desktop\Buckethead_2008-10-26_Culture_Room_Ft._Lauderdale_FL_TLM-170:Roxio
    EMC Stream
    @Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All
    Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All
    Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All
    Users\Application Data\TEMP:5D432CE3
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All
    Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All
    Users\Application Data\TEMP:FA5F15C4
    < End of report >
  13. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Make sure you disable "word wrap" in Notepad.
    I had a heck of a time to read your log.

    ======================================

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    DRV - File not found [Kernel | Boot] -- -- (jrsrfvwy)
    O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
    O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [CheckPoint Cleanup] File not found
    O4 - HKLM..\Run: [jICc7n9BYxBTRVw] C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
    O4 - HKU\Steve_Kwartin_ON_C..\Run: [jICc7n9BYxBTRVw] C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
    O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe) - C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
    O20 - HKU\Steve_Kwartin_ON_C Winlogon: Shell - (C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe) - C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    [2012/10/01 04:40:56 | 000,283,495 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe
    [2012/09/04 19:14:17 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
    [2012/08/14 03:46:24 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
    [2012/08/06 13:04:53 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rat_0ybba.pad
    [2012/07/26 12:19:07 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\z7_0ytr.pad
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\My Documents\My Videos:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\Widespread_Panic_2008-10-28_Fillmore_Miami_Beach_FL_TLM-170_FOB.flac16:Roxio
    EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\CODETKRSO08013.WAV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\CODETKRSO08012.WAV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\Buckethead_2008-10-26_Culture_Room_Ft._Lauderdale_FL_TLM-170:Roxio
    EMC Stream
    @Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D432CE3
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Remove the CD and shut down computer manually.
    • Attempt to reboot normally into Windows.

    Let me know how things are.
  14. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    Broni,

    First, I want to thank you for your ongoing help. It appears that we are making progress. I followed the instructions and ran the fix.txt file in OTLPE. But, then the computer locked up, and would not let me access the Start button to shut down, so I did a hard shut down, and re-did what I had just done. It locked up again, so I had to do another hard shut down. I am posting the .txt file below from the second effort of running OTLPE.

    I then removed the CD and rebooted normally. I am posting from my normal account, but at the end of the boot process, it indicated that it tried to do a system restore to September 27, but could not do so successfully, so no changes were made. I also got the system configuration utility message, indicating that changes had been made, but I just left things as they were.

    The computer continued to boot, and for the first time, I now have a task bar again, but no desktop icons. I can access the internet through my normal account, without the virus blocking me, as it had done before. Let me know how to proceed from here. Thank you very much. Steve

    P.S. This is the only way to paste the data from the .txt file. There is no word wrap option that I could see in the menu. If there is another way to do this, or to insert the .txt file, let me know, and I will turn it right around.

    ========== OTL ==========
    Service\Driver key jrsrfvwy not found.
    Registry value HKEY_USERS\Steve_Kwartin_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
    Registry value HKEY_USERS\Steve_Kwartin_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}\ not found.
    Registry value HKEY_USERS\Steve_Kwartin_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CheckPoint Cleanup not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jICc7n9BYxBTRVw not found.
    File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
    Registry value HKEY_USERS\Steve_Kwartin_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\jICc7n9BYxBTRVw not found.
    File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe deleted successfully.
    File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
    Registry value HKEY_USERS\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe deleted successfully.
    File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ not found.
    File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
    File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found.
    File C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad not found.
    File C:\Documents and Settings\All Users\Application Data\rat_0ybba.pad not found.
    File C:\Documents and Settings\All Users\Application Data\z7_0ytr.pad not found.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
    Unable to delete ADS C:\Documents and Settings\Steve Kwartin\My Documents\My Videos:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Steve Kwartin\Desktop\Widespread_Panic_2008-10-28_Fillmore_Miami_Beach_FL_TLM-170_FOB.flac16:Roxio .
    Unable to delete ADS C:\Documents and Settings\Steve Kwartin\Desktop\CODETKRSO08013.WAV:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Steve Kwartin\Desktop\CODETKRSO08012.WAV:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Steve Kwartin\Desktop\Buckethead_2008-10-26_Culture_Room_Ft._Lauderdale_FL_TLM-170:Roxio .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D432CE3 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4 .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    OTLPE by OldTimer - Version 3.1.48.0 log created on 10032012_012615
  15. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Well done :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  16. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    Broni,

    I will post them one at a time. TDSSKiller showed no infected or suspicious files. Here is the log:

    03:30:00.0125 0456 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    03:30:01.0765 0456 ============================================================
    03:30:01.0765 0456 Current date / time: 2012/10/03 03:30:01.0765
    03:30:01.0765 0456 SystemInfo:
    03:30:01.0765 0456
    03:30:01.0765 0456 OS Version: 5.1.2600 ServicePack: 3.0
    03:30:01.0765 0456 Product type: Workstation
    03:30:01.0765 0456 ComputerName: STEVE-QUAD
    03:30:01.0765 0456 UserName: Steve Kwartin
    03:30:01.0765 0456 Windows directory: C:\WINDOWS
    03:30:01.0765 0456 System windows directory: C:\WINDOWS
    03:30:01.0765 0456 Processor architecture: Intel x86
    03:30:01.0765 0456 Number of processors: 4
    03:30:01.0765 0456 Page size: 0x1000
    03:30:01.0765 0456 Boot type: Normal boot
    03:30:01.0765 0456 ============================================================
    03:30:02.0546 0456 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    03:30:02.0562 0456 Drive \Device\Harddisk1\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    03:30:02.0562 0456 ============================================================
    03:30:02.0562 0456 \Device\Harddisk0\DR0:
    03:30:02.0562 0456 MBR partitions:
    03:30:02.0562 0456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
    03:30:02.0562 0456 \Device\Harddisk1\DR2:
    03:30:02.0562 0456 MBR partitions:
    03:30:02.0562 0456 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
    03:30:02.0562 0456 ============================================================
    03:30:02.0625 0456 C: <-> \Device\Harddisk0\DR0\Partition1
    03:30:02.0625 0456 H: <-> \Device\Harddisk1\DR2\Partition1
    03:30:02.0625 0456 ============================================================
    03:30:02.0625 0456 Initialize success
    03:30:02.0625 0456 ============================================================
    03:30:12.0359 2612 ============================================================
    03:30:12.0375 2612 Scan started
    03:30:12.0375 2612 Mode: Manual;
    03:30:12.0375 2612 ============================================================
    03:30:12.0515 2612 ================ Scan system memory ========================
    03:30:12.0531 2612 System memory - ok
    03:30:12.0531 2612 ================ Scan services =============================
    03:30:12.0625 2612 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    03:30:12.0625 2612 !SASCORE - ok
    03:30:12.0734 2612 A2DDA - ok
    03:30:14.0390 2612 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
    03:30:14.0390 2612 Aavmker4 - ok
    03:30:14.0390 2612 Abiosdsk - ok
    03:30:14.0406 2612 abp480n5 - ok
    03:30:14.0437 2612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    03:30:14.0437 2612 ACPI - ok
    03:30:14.0453 2612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    03:30:14.0468 2612 ACPIEC - ok
    03:30:14.0515 2612 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    03:30:14.0531 2612 AdobeFlashPlayerUpdateSvc - ok
    03:30:14.0531 2612 adpu160m - ok
    03:30:14.0578 2612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    03:30:14.0578 2612 aec - ok
    03:30:14.0609 2612 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    03:30:14.0609 2612 AFD - ok
    03:30:14.0625 2612 Aha154x - ok
    03:30:14.0640 2612 aic78u2 - ok
    03:30:14.0656 2612 aic78xx - ok
    03:30:14.0687 2612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    03:30:14.0703 2612 Alerter - ok
    03:30:14.0718 2612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    03:30:14.0718 2612 ALG - ok
    03:30:14.0734 2612 AliIde - ok
    03:30:14.0750 2612 amsint - ok
    03:30:14.0781 2612 AOL TopSpeedMonitor - ok
    03:30:14.0812 2612 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    03:30:14.0812 2612 AppMgmt - ok
    03:30:14.0828 2612 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    03:30:14.0828 2612 Arp1394 - ok
    03:30:14.0843 2612 asc - ok
    03:30:14.0859 2612 asc3350p - ok
    03:30:14.0875 2612 asc3550 - ok
    03:30:15.0234 2612 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    03:30:15.0281 2612 aspnet_state - ok
    03:30:15.0281 2612 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    03:30:15.0281 2612 aswFsBlk - ok
    03:30:15.0296 2612 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
    03:30:15.0296 2612 aswMon2 - ok
    03:30:15.0312 2612 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
    03:30:15.0312 2612 aswRdr - ok
    03:30:15.0375 2612 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    03:30:15.0375 2612 aswSnx - ok
    03:30:15.0390 2612 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    03:30:15.0390 2612 aswSP - ok
    03:30:15.0406 2612 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    03:30:15.0406 2612 aswTdi - ok
    03:30:15.0421 2612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    03:30:15.0421 2612 AsyncMac - ok
    03:30:15.0437 2612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    03:30:15.0437 2612 atapi - ok
    03:30:15.0453 2612 Atdisk - ok
    03:30:15.0468 2612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    03:30:15.0468 2612 Atmarpc - ok
    03:30:15.0500 2612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    03:30:15.0500 2612 AudioSrv - ok
    03:30:15.0546 2612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    03:30:15.0546 2612 audstub - ok
    03:30:15.0593 2612 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    03:30:15.0593 2612 avast! Antivirus - ok
    03:30:15.0640 2612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    03:30:15.0640 2612 Beep - ok
    03:30:15.0656 2612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    03:30:15.0671 2612 BITS - ok
    03:30:15.0687 2612 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
    03:30:15.0687 2612 Browser - ok
    03:30:15.0718 2612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    03:30:15.0718 2612 cbidf2k - ok
    03:30:15.0718 2612 cd20xrnt - ok
    03:30:15.0734 2612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    03:30:15.0734 2612 Cdaudio - ok
    03:30:15.0750 2612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    03:30:15.0750 2612 Cdfs - ok
    03:30:15.0765 2612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    03:30:15.0765 2612 Cdrom - ok
    03:30:15.0796 2612 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    03:30:15.0812 2612 cercsr6 - ok
    03:30:15.0812 2612 Changer - ok
    03:30:15.0843 2612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    03:30:15.0843 2612 CiSvc - ok
    03:30:15.0859 2612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    03:30:15.0875 2612 ClipSrv - ok
    03:30:15.0953 2612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:30:16.0031 2612 clr_optimization_v2.0.50727_32 - ok
    03:30:16.0062 2612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:30:16.0187 2612 clr_optimization_v4.0.30319_32 - ok
    03:30:16.0203 2612 CmdIde - ok
    03:30:16.0218 2612 COMSysApp - ok
    03:30:16.0250 2612 Cpqarray - ok
    03:30:16.0296 2612 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
    03:30:16.0296 2612 cpudrv - ok
    03:30:16.0312 2612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    03:30:16.0328 2612 CryptSvc - ok
    03:30:16.0343 2612 dac2w2k - ok
    03:30:16.0359 2612 dac960nt - ok
    03:30:16.0406 2612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    03:30:16.0406 2612 DcomLaunch - ok
    03:30:16.0453 2612 [ B34DAFA517F838B82A4256B08346917F ] DELTA C:\WINDOWS\system32\DRIVERS\delta.sys
    03:30:16.0453 2612 DELTA - ok
    03:30:16.0468 2612 DELTAII - ok
    03:30:16.0500 2612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    03:30:16.0500 2612 Dhcp - ok
    03:30:16.0531 2612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    03:30:16.0531 2612 Disk - ok
    03:30:16.0546 2612 dmadmin - ok
    03:30:16.0578 2612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    03:30:16.0578 2612 dmboot - ok
    03:30:16.0593 2612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    03:30:16.0593 2612 dmio - ok
    03:30:16.0625 2612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    03:30:16.0625 2612 dmload - ok
    03:30:16.0640 2612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    03:30:16.0640 2612 dmserver - ok
    03:30:16.0671 2612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    03:30:16.0671 2612 DMusic - ok
    03:30:16.0703 2612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    03:30:16.0718 2612 Dnscache - ok
    03:30:16.0734 2612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    03:30:16.0734 2612 Dot3svc - ok
    03:30:16.0750 2612 dpti2o - ok
    03:30:16.0765 2612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    03:30:16.0781 2612 drmkaud - ok
    03:30:16.0781 2612 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    03:30:16.0796 2612 e1express - ok
    03:30:16.0812 2612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    03:30:16.0828 2612 EapHost - ok
    03:30:16.0828 2612 ENTECH - ok
    03:30:16.0875 2612 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
    03:30:16.0875 2612 epmntdrv - ok
    03:30:16.0890 2612 EraserUtilDrv11010 - ok
    03:30:16.0921 2612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    03:30:16.0921 2612 ERSvc - ok
    03:30:16.0937 2612 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
    03:30:16.0937 2612 EuGdiDrv - ok
    03:30:16.0984 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    03:30:16.0984 2612 Eventlog - ok
    03:30:17.0000 2612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    03:30:17.0015 2612 EventSystem - ok
    03:30:17.0031 2612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    03:30:17.0031 2612 Fastfat - ok
    03:30:17.0062 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    03:30:17.0078 2612 FastUserSwitchingCompatibility - ok
    03:30:17.0093 2612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    03:30:17.0093 2612 Fdc - ok
    03:30:17.0125 2612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    03:30:17.0125 2612 Fips - ok
    03:30:17.0140 2612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    03:30:17.0140 2612 Flpydisk - ok
    03:30:17.0171 2612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    03:30:17.0171 2612 FltMgr - ok
    03:30:17.0234 2612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    03:30:17.0234 2612 FontCache3.0.0.0 - ok
    03:30:17.0234 2612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    03:30:17.0250 2612 Fs_Rec - ok
    03:30:17.0265 2612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    03:30:17.0281 2612 Ftdisk - ok
    03:30:17.0312 2612 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
    03:30:17.0312 2612 giveio - ok
    03:30:17.0328 2612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    03:30:17.0328 2612 Gpc - ok
    03:30:17.0390 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    03:30:17.0406 2612 gupdate - ok
    03:30:17.0406 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    03:30:17.0406 2612 gupdatem - ok
    03:30:17.0421 2612 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    03:30:17.0437 2612 HDAudBus - ok
    03:30:17.0484 2612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    03:30:17.0500 2612 helpsvc - ok
    03:30:17.0515 2612 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    03:30:17.0531 2612 HidServ - ok
    03:30:17.0546 2612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    03:30:17.0546 2612 hidusb - ok
    03:30:17.0578 2612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    03:30:17.0578 2612 hkmsvc - ok
    03:30:17.0593 2612 hpn - ok
    03:30:17.0640 2612 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    03:30:17.0640 2612 HSFHWBS2 - ok
    03:30:17.0703 2612 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    03:30:17.0703 2612 HSF_DP - ok
    03:30:17.0750 2612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    03:30:17.0750 2612 HTTP - ok
    03:30:17.0781 2612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    03:30:17.0796 2612 HTTPFilter - ok
    03:30:17.0796 2612 i2omgmt - ok
    03:30:17.0812 2612 i2omp - ok
    03:30:17.0843 2612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
    03:30:17.0843 2612 i8042prt - ok
    03:30:17.0906 2612 [ C5DB546F9028CD00E64335091860D8F3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    03:30:17.0937 2612 ialm - ok
    03:30:17.0953 2612 IDriverT - ok
    03:30:18.0015 2612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    03:30:18.0015 2612 idsvc - ok
    03:30:18.0031 2612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    03:30:18.0046 2612 Imapi - ok
    03:30:18.0078 2612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    03:30:18.0078 2612 ImapiService - ok
    03:30:18.0093 2612 ini910u - ok
    03:30:18.0203 2612 [ 17BBBABB21F86B650B2626045A9D016C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    03:30:18.0265 2612 IntcAzAudAddService - ok
    03:30:18.0265 2612 IntelIde - ok
    03:30:18.0296 2612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    03:30:18.0296 2612 intelppm - ok
    03:30:18.0312 2612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    03:30:18.0312 2612 Ip6Fw - ok
    03:30:18.0343 2612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    03:30:18.0343 2612 IpFilterDriver - ok
    03:30:18.0343 2612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    03:30:18.0359 2612 IpInIp - ok
    03:30:18.0390 2612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    03:30:18.0390 2612 IpNat - ok
    03:30:18.0406 2612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    03:30:18.0406 2612 IPSec - ok
    03:30:18.0421 2612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    03:30:18.0421 2612 IRENUM - ok
    03:30:18.0453 2612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    03:30:18.0453 2612 isapnp - ok
    03:30:18.0578 2612 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    03:30:18.0578 2612 JavaQuickStarterService - ok
    03:30:18.0593 2612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    03:30:18.0593 2612 Kbdclass - ok
    03:30:18.0593 2612 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    03:30:18.0593 2612 kbdhid - ok
    03:30:18.0609 2612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    03:30:18.0625 2612 kmixer - ok
    03:30:18.0640 2612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    03:30:18.0640 2612 KSecDD - ok
    03:30:18.0687 2612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    03:30:18.0687 2612 lanmanserver - ok
    03:30:18.0734 2612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    03:30:18.0734 2612 lanmanworkstation - ok
    03:30:18.0750 2612 lbrtfdc - ok
    03:30:18.0781 2612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    03:30:18.0781 2612 LmHosts - ok
    03:30:18.0890 2612 [ 1BDB34A492109198CAB0575F2743BE70 ] Maxtor Sync Service C:\Program Files\Maxtor\Sync\SyncServices.exe
    03:30:18.0890 2612 Maxtor Sync Service - ok
    03:30:18.0906 2612 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    03:30:18.0906 2612 MBAMProtector - ok
    03:30:18.0953 2612 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    03:30:18.0953 2612 MBAMScheduler - ok
    03:30:18.0984 2612 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    03:30:18.0984 2612 MBAMService - ok
    03:30:19.0015 2612 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
    03:30:19.0015 2612 McciCMService - ok
    03:30:19.0062 2612 MDM - ok
    03:30:19.0093 2612 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    03:30:19.0093 2612 mdmxsdk - ok
    03:30:19.0125 2612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    03:30:19.0125 2612 Messenger - ok
    03:30:19.0156 2612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    03:30:19.0156 2612 mnmdd - ok
    03:30:19.0171 2612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    03:30:19.0187 2612 mnmsrvc - ok
    03:30:19.0203 2612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    03:30:19.0203 2612 Modem - ok
    03:30:19.0218 2612 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
    03:30:19.0218 2612 MODEMCSA - ok
    03:30:19.0250 2612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    03:30:19.0250 2612 Mouclass - ok
    03:30:19.0265 2612 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    03:30:19.0265 2612 mouhid - ok
    03:30:19.0265 2612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    03:30:19.0265 2612 MountMgr - ok
    03:30:19.0328 2612 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    03:30:19.0328 2612 MozillaMaintenance - ok
    03:30:19.0328 2612 mraid35x - ok
    03:30:19.0359 2612 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    03:30:19.0375 2612 MREMP50 - ok
    03:30:19.0390 2612 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    03:30:19.0390 2612 MRESP50 - ok
    03:30:19.0406 2612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    03:30:19.0406 2612 MRxDAV - ok
    03:30:19.0437 2612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    03:30:19.0437 2612 MRxSmb - ok
    03:30:19.0453 2612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    03:30:19.0453 2612 MSDTC - ok
    03:30:19.0468 2612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    03:30:19.0484 2612 Msfs - ok
    03:30:19.0484 2612 MSIServer - ok
    03:30:19.0531 2612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    03:30:19.0531 2612 MSKSSRV - ok
    03:30:19.0546 2612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    03:30:19.0546 2612 MSPCLOCK - ok
    03:30:19.0546 2612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    03:30:19.0546 2612 MSPQM - ok
    03:30:19.0562 2612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    03:30:19.0562 2612 mssmbios - ok
    03:30:19.0609 2612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    03:30:19.0609 2612 Mup - ok
    03:30:19.0640 2612 [ 216AC775320F64DE28CFEB7C179C4FF9 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
    03:30:19.0640 2612 MXOPSWD - ok
    03:30:19.0656 2612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    03:30:19.0671 2612 napagent - ok
    03:30:19.0687 2612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    03:30:19.0687 2612 NDIS - ok
    03:30:19.0718 2612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    03:30:19.0718 2612 NdisTapi - ok
    03:30:19.0734 2612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    03:30:19.0734 2612 Ndisuio - ok
    03:30:19.0734 2612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    03:30:19.0750 2612 NdisWan - ok
    03:30:19.0781 2612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    03:30:19.0781 2612 NDProxy - ok
    03:30:19.0796 2612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    03:30:19.0796 2612 NetBIOS - ok
    03:30:19.0812 2612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    03:30:19.0812 2612 NetBT - ok
    03:30:19.0843 2612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    03:30:19.0859 2612 NetDDE - ok
    03:30:19.0859 2612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    03:30:19.0859 2612 NetDDEdsdm - ok
    03:30:19.0890 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    03:30:19.0890 2612 Netlogon - ok
    03:30:19.0906 2612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    03:30:19.0906 2612 Netman - ok
    03:30:19.0937 2612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    03:30:19.0984 2612 NetTcpPortSharing - ok
    03:30:20.0015 2612 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    03:30:20.0015 2612 NIC1394 - ok
    03:30:20.0031 2612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    03:30:20.0031 2612 Nla - ok
    03:30:20.0078 2612 [ 25D6B2EB0A1FC4AB413AFE7EC4793EC1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
    03:30:20.0093 2612 nosGetPlusHelper - ok
    03:30:20.0109 2612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    03:30:20.0109 2612 Npfs - ok
    03:30:20.0140 2612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    03:30:20.0156 2612 Ntfs - ok
    03:30:20.0171 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    03:30:20.0171 2612 NtLmSsp - ok
    03:30:20.0203 2612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    03:30:20.0203 2612 NtmsSvc - ok
    03:30:20.0250 2612 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    03:30:20.0250 2612 NuidFltr - ok
    03:30:20.0265 2612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    03:30:20.0265 2612 Null - ok
    03:30:20.0296 2612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    03:30:20.0312 2612 NwlnkFlt - ok
    03:30:20.0312 2612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    03:30:20.0312 2612 NwlnkFwd - ok
    03:30:20.0343 2612 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    03:30:20.0343 2612 ohci1394 - ok
    03:30:20.0390 2612 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    03:30:20.0390 2612 ose - ok
    03:30:20.0421 2612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    03:30:20.0421 2612 Parport - ok
    03:30:20.0437 2612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    03:30:20.0437 2612 PartMgr - ok
    03:30:20.0453 2612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    03:30:20.0453 2612 ParVdm - ok
    03:30:20.0484 2612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    03:30:20.0484 2612 PCI - ok
    03:30:20.0484 2612 PCIDump - ok
    03:30:20.0500 2612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    03:30:20.0500 2612 PCIIde - ok
    03:30:20.0515 2612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    03:30:20.0515 2612 Pcmcia - ok
    03:30:20.0531 2612 PDCOMP - ok
    03:30:20.0546 2612 PDFRAME - ok
    03:30:20.0562 2612 PDRELI - ok
    03:30:20.0578 2612 PDRFRAME - ok
    03:30:20.0593 2612 perc2 - ok
    03:30:20.0609 2612 perc2hib - ok
    03:30:20.0640 2612 PfModNT - ok
    03:30:20.0656 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    03:30:20.0671 2612 PlugPlay - ok
    03:30:20.0671 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    03:30:20.0687 2612 PolicyAgent - ok
    03:30:20.0703 2612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    03:30:20.0703 2612 PptpMiniport - ok
    03:30:20.0718 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    03:30:20.0718 2612 ProtectedStorage - ok
    03:30:20.0734 2612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    03:30:20.0734 2612 PSched - ok
    03:30:20.0750 2612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    03:30:20.0750 2612 Ptilink - ok
    03:30:20.0765 2612 ql1080 - ok
    03:30:20.0781 2612 Ql10wnt - ok
    03:30:20.0796 2612 ql12160 - ok
    03:30:20.0796 2612 ql1240 - ok
    03:30:20.0812 2612 ql1280 - ok
    03:30:20.0843 2612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    03:30:20.0843 2612 RasAcd - ok
    03:30:20.0859 2612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    03:30:20.0875 2612 RasAuto - ok
    03:30:20.0890 2612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    03:30:20.0890 2612 Rasl2tp - ok
    03:30:20.0921 2612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    03:30:20.0921 2612 RasMan - ok
    03:30:20.0937 2612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    03:30:20.0937 2612 RasPppoe - ok
    03:30:20.0937 2612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    03:30:20.0953 2612 Raspti - ok
    03:30:20.0968 2612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    03:30:20.0968 2612 Rdbss - ok
    03:30:20.0968 2612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    03:30:20.0968 2612 RDPCDD - ok
    03:30:21.0000 2612 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    03:30:21.0000 2612 rdpdr - ok
    03:30:21.0031 2612 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    03:30:21.0031 2612 RDPWD - ok
    03:30:21.0062 2612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    03:30:21.0062 2612 RDSessMgr - ok
    03:30:21.0093 2612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    03:30:21.0093 2612 redbook - ok
    03:30:21.0140 2612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    03:30:21.0156 2612 RemoteAccess - ok
    03:30:21.0187 2612 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    03:30:21.0187 2612 RemoteRegistry - ok
    03:30:21.0203 2612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    03:30:21.0203 2612 RpcLocator - ok
    03:30:21.0234 2612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    03:30:21.0234 2612 RpcSs - ok
    03:30:21.0250 2612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    03:30:21.0265 2612 RSVP - ok
    03:30:21.0265 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    03:30:21.0265 2612 SamSs - ok
    03:30:21.0312 2612 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    03:30:21.0312 2612 SASDIFSV - ok
    03:30:21.0312 2612 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    03:30:21.0312 2612 SASKUTIL - ok
    03:30:21.0359 2612 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    03:30:21.0359 2612 sbp2port - ok
    03:30:21.0375 2612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    03:30:21.0375 2612 SCardSvr - ok
    03:30:21.0390 2612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    03:30:21.0390 2612 Schedule - ok
    03:30:21.0453 2612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    03:30:21.0453 2612 Secdrv - ok
    03:30:21.0453 2612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    03:30:21.0468 2612 seclogon - ok
    03:30:21.0468 2612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    03:30:21.0484 2612 SENS - ok
    03:30:21.0500 2612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    03:30:21.0500 2612 Serial - ok
    03:30:21.0546 2612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    03:30:21.0546 2612 Sfloppy - ok
    03:30:21.0578 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    03:30:21.0593 2612 ShellHWDetection - ok
    03:30:21.0593 2612 Simbad - ok
    03:30:21.0625 2612 Sparrow - ok
    03:30:21.0687 2612 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
    03:30:21.0687 2612 speedfan - ok
    03:30:21.0718 2612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    03:30:21.0718 2612 splitter - ok
    03:30:21.0734 2612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    03:30:21.0750 2612 Spooler - ok
    03:30:21.0796 2612 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    03:30:21.0796 2612 sprtsvc_DellSupportCenter - ok
    03:30:21.0812 2612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    03:30:21.0812 2612 sr - ok
    03:30:21.0828 2612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    03:30:21.0828 2612 srservice - ok
    03:30:21.0859 2612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    03:30:21.0875 2612 Srv - ok
    03:30:21.0875 2612 [ 48F44A1BE434830B7C90FB730745F65A ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    03:30:21.0875 2612 ssadbus - ok
    03:30:21.0906 2612 [ 9630B486B62CC0ADB0A89152ED0218D7 ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
    03:30:21.0906 2612 ssadmdfl - ok
    03:30:21.0937 2612 [ 9AFAA23421622C392B55508FA9613949 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
    03:30:21.0937 2612 ssadmdm - ok
    03:30:21.0953 2612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    03:30:21.0968 2612 SSDPSRV - ok
    03:30:21.0984 2612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    03:30:21.0984 2612 stisvc - ok
    03:30:22.0000 2612 stllssvr - ok
    03:30:22.0015 2612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    03:30:22.0031 2612 swenum - ok
    03:30:22.0031 2612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    03:30:22.0031 2612 swmidi - ok
    03:30:22.0046 2612 SwPrv - ok
    03:30:22.0062 2612 symc810 - ok
    03:30:22.0078 2612 symc8xx - ok
    03:30:22.0093 2612 sym_hi - ok
    03:30:22.0109 2612 sym_u3 - ok
    03:30:22.0125 2612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    03:30:22.0125 2612 sysaudio - ok
    03:30:22.0140 2612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    03:30:22.0156 2612 SysmonLog - ok
    03:30:22.0171 2612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    03:30:22.0187 2612 TapiSrv - ok
    03:30:22.0218 2612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    03:30:22.0218 2612 Tcpip - ok
    03:30:22.0234 2612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    03:30:22.0234 2612 TDPIPE - ok
    03:30:22.0250 2612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    03:30:22.0250 2612 TDTCP - ok
    03:30:22.0359 2612 [ 01A402D34732CA3DA91786ADCC765069 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    03:30:22.0375 2612 TeamViewer6 - ok
    03:30:22.0375 2612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    03:30:22.0390 2612 TermDD - ok
    03:30:22.0421 2612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    03:30:22.0421 2612 TermService - ok
    03:30:22.0437 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    03:30:22.0453 2612 Themes - ok
    03:30:22.0468 2612 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    03:30:22.0468 2612 TlntSvr - ok
    03:30:22.0484 2612 TosIde - ok
    03:30:22.0500 2612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    03:30:22.0500 2612 TrkWks - ok
    03:30:22.0515 2612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    03:30:22.0515 2612 Udfs - ok
    03:30:22.0531 2612 ultra - ok
    03:30:22.0562 2612 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    03:30:22.0562 2612 UMWdf - ok
    03:30:22.0578 2612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    03:30:22.0578 2612 Update - ok
    03:30:22.0609 2612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    03:30:22.0609 2612 upnphost - ok
    03:30:22.0625 2612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    03:30:22.0625 2612 UPS - ok
    03:30:22.0687 2612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    03:30:22.0687 2612 usbccgp - ok
    03:30:22.0718 2612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    03:30:22.0718 2612 usbehci - ok
    03:30:22.0734 2612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    03:30:22.0734 2612 usbhub - ok
    03:30:22.0750 2612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    03:30:22.0750 2612 usbprint - ok
    03:30:22.0781 2612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    03:30:22.0781 2612 usbscan - ok
    03:30:22.0812 2612 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    03:30:22.0812 2612 USBSTOR - ok
    03:30:22.0828 2612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    03:30:22.0828 2612 usbuhci - ok
    03:30:22.0843 2612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    03:30:22.0843 2612 VgaSave - ok
    03:30:22.0859 2612 ViaIde - ok
    03:30:22.0875 2612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    03:30:22.0890 2612 VolSnap - ok
    03:30:22.0890 2612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    03:30:22.0906 2612 VSS - ok
    03:30:22.0921 2612 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    03:30:22.0937 2612 W32Time - ok
    03:30:22.0953 2612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    03:30:22.0953 2612 Wanarp - ok
    03:30:22.0984 2612 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    03:30:23.0000 2612 wanatw - ok
    03:30:23.0015 2612 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    03:30:23.0015 2612 WDC_SAM - ok
    03:30:23.0046 2612 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    03:30:23.0062 2612 Wdf01000 - ok
    03:30:23.0062 2612 WDICA - ok
    03:30:23.0078 2612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    03:30:23.0078 2612 wdmaud - ok
    03:30:23.0109 2612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    03:30:23.0109 2612 WebClient - ok
    03:30:23.0140 2612 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    03:30:23.0156 2612 winachsf - ok
    03:30:23.0234 2612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    03:30:23.0234 2612 winmgmt - ok
    03:30:23.0281 2612 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
    03:30:23.0281 2612 WMDM PMSP Service - ok
    03:30:23.0328 2612 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    03:30:23.0328 2612 WmdmPmSN - ok
    03:30:23.0375 2612 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    03:30:23.0375 2612 Wmi - ok
    03:30:23.0390 2612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    03:30:23.0390 2612 WmiApSrv - ok
    03:30:23.0421 2612 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
    03:30:23.0421 2612 WpdUsb - ok
    03:30:23.0484 2612 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    03:30:23.0484 2612 WPFFontCache_v0400 - ok
    03:30:23.0546 2612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    03:30:23.0546 2612 WudfPf - ok
    03:30:23.0593 2612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    03:30:23.0625 2612 WudfSvc - ok
    03:30:23.0656 2612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    03:30:23.0656 2612 WZCSVC - ok
    03:30:23.0703 2612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    03:30:23.0703 2612 xmlprov - ok
    03:30:23.0718 2612 ================ Scan global ===============================
    03:30:23.0750 2612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    03:30:23.0781 2612 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    03:30:23.0781 2612 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    03:30:23.0812 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    03:30:23.0812 2612 [Global] - ok
    03:30:23.0812 2612 ================ Scan MBR ==================================
    03:30:23.0843 2612 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    03:30:24.0187 2612 \Device\Harddisk0\DR0 - ok
    03:30:24.0203 2612 [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk1\DR2
    03:30:24.0437 2612 \Device\Harddisk1\DR2 - ok
    03:30:24.0437 2612 ================ Scan VBR ==================================
    03:30:24.0437 2612 [ 7287B6128035F6C254E1167D319B7DAB ] \Device\Harddisk0\DR0\Partition1
    03:30:24.0437 2612 \Device\Harddisk0\DR0\Partition1 - ok
    03:30:24.0453 2612 [ 929749AC877032ADA46FEA5E036CB138 ] \Device\Harddisk1\DR2\Partition1
    03:30:24.0453 2612 \Device\Harddisk1\DR2\Partition1 - ok
    03:30:24.0468 2612 ============================================================
    03:30:24.0468 2612 Scan finished
    03:30:24.0468 2612 ============================================================
    03:30:24.0500 3828 Detected object count: 0
    03:30:24.0500 3828 Actual detected object count: 0
  17. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    Broni,

    Here is the RogueKiller report. It seemed to have found and deleted a number of items. I already have MBAM installed, so I am going to update it, and run as instructed, and will post the log next. Thank you again. Steve

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Steve Kwartin [Admin rights]
    Mode : Remove -- Date : 10/03/2012 03:34:40

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [SHELL][SUSP PATH] HKCU\[...]\Winlogon : Shell (c:\documents and settings\steve kwartin\application data\wsf3cmct.exe) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-21-1993962763-682003330-725345543-1003\$ed84b369ffbb44a099bb1ee356d33099\n.) -> REPLACED (C:\WINDOWS\system32\shell32.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\L --> REMOVED
    [ZeroAccess][FILE] @ : C:\Documents and Settings\Steve Kwartin\Local Settings\Application Data\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Steve Kwartin\Local Settings\Application Data\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Steve Kwartin\Local Settings\Application Data\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\L --> REMOVED
    [ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\@ --> REMOVED
    [ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1993962763-682003330-725345543-1003\$ed84b369ffbb44a099bb1ee356d33099\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1993962763-682003330-725345543-1003\$ed84b369ffbb44a099bb1ee356d33099\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\L\00000004.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1993962763-682003330-725345543-1003\$ed84b369ffbb44a099bb1ee356d33099\L --> REMOVED

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST1000DL002-9TT153 +++++
    --- User ---
    [MBR] 0da6599973a2edc24d3d0c3c92d75c99
    [BSP] b828249d42599fbb248fb22eb05d2b61 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
    --- User ---
    [MBR] 3f7ad32bf8ccb5754a79597e581aed30
    [BSP] 8ac8edf5d743ff7e3de380919894c726 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  18. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    Broni.

    MBAM found one infected item. Here is the log:

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.02.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Steve Kwartin :: STEVE-QUAD [administrator]

    Protection: Enabled

    10/3/2012 3:39:17 AM
    mbam-log-2012-10-03 (03-39-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 242389
    Time elapsed: 10 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  19. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    Broni,

    Here is an update. After running all of the scans above, and then rebooting the computer, I intitially still did not have a visible desktop. But when I hit the "Show Desktop" icon in the quick start tray, it appeared. But, it would disappear when I clicked on a program, but could be brought back if I hit the icon again.

    Then, I had to download ZoneAlarm again, as the only way that I was able to disable it during the scans you wanted done without any anti-virus or firewalls running was to uninstall it. After I installed it, and rebooted again, my desktop is now back, and things seem pretty normal. I ran a full MBAM scan overnight, and the log is posted below. Aside from the items that it found, MBAM today has reported several attempts by something in my computer trying to access what MBAM refers to as potentially unsafe websites.

    I can't thank you enough for your help. You have been a life saver here. I will await further instructions. Steve

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.03.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Steve Kwartin :: STEVE-QUAD [administrator]

    Protection: Enabled

    10/3/2012 3:49:28 AM
    mbam-log-2012-10-03 (03-49-28).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 336361
    Time elapsed: 1 hour(s), 55 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Documents and Settings\Steve Kwartin\desktop\Virus\eoox23.exe (RootKit.0Access.PE) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Steve Kwartin\desktop\Program Files\openfreely_d161683.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    c:\documents and settings\steve kwartin\my documents\virus\wsf3cmct.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
    c:\documents and settings\steve kwartin\my documents\virus\new folder\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

    (end)
  20. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Well done :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  21. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    Broni,

    As usual, thank you for all of your help. I was able to download and run Combofix without any problem. It seemed to have found several more items. MBAM now runs as a background anti-malware [I did disable everything before running Combofix], and it seems to continually pick up both inbound and outbound "suspicious" attempts to access the internet. Is this normal, particularly the outbound attempts? Let me know. Here is the Combofix log file. Steve

    ComboFix 12-10-03.03 - Steve Kwartin 10/03/2012 23:26:12.5.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2671 [GMT -4:00]
    Running from: c:\documents and settings\Steve Kwartin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Steve Kwartin\Application Data\Roaming
    c:\documents and settings\Steve Kwartin\Application Data\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#konugani.com\settings.sol
    c:\documents and settings\Steve Kwartin\Application Data\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
    c:\documents and settings\Steve Kwartin\My Documents\~WRL0597.tmp
    c:\documents and settings\Steve Kwartin\My Documents\~WRL1116.tmp
    c:\documents and settings\Steve Kwartin\My Documents\~WRL1195.tmp
    c:\documents and settings\Steve Kwartin\My Documents\~WRL1328.tmp
    c:\documents and settings\Steve Kwartin\My Documents\~WRL3636.tmp
    c:\documents and settings\Steve Kwartin\WINDOWS
    c:\program files\Internet Explorer\SET14E.tmp
    c:\program files\Internet Explorer\SET14F.tmp
    c:\program files\Internet Explorer\SET150.tmp
    c:\program files\Internet Explorer\SET2.tmp
    c:\program files\Internet Explorer\SET20.tmp
    c:\program files\Internet Explorer\SET21.tmp
    c:\program files\Internet Explorer\SET22.tmp
    c:\program files\Internet Explorer\SET3.tmp
    c:\program files\Internet Explorer\SET4.tmp
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    H:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-03 22:22 . 2012-10-03 22:22 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2012-10-03 04:04 . 2012-10-03 04:04 -------- d-----w- C:\_OTL
    2012-10-02 18:59 . 2012-10-02 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
    2012-10-01 22:03 . 2012-10-01 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
    2012-10-01 09:55 . 2012-10-01 21:22 -------- d-----w- c:\documents and settings\Administrator.STEVE-QUAD
    2012-09-25 15:39 . 2012-09-27 17:13 -------- d-----w- c:\program files\Open Freely
    2012-09-17 22:08 . 2012-09-18 17:14 -------- d-----w- c:\documents and settings\Steve Kwartin\Application Data\Sound Devices
    2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\program files\Silabs
    2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\windows\system32\Silabs
    2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\program files\Sound Devices
    2012-09-13 02:05 . 2012-09-13 02:05 -------- d-----w- c:\program files\ERUNT
    2012-09-09 06:26 . 2012-09-09 06:26 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
    2012-09-08 03:36 . 2012-09-08 03:37 -------- d-----w- c:\windows\system32\NtmsData
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-07 21:04 . 2011-12-25 08:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 09:13 . 2011-06-03 05:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:13 . 2011-01-05 21:28 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-21 09:13 . 2011-01-05 21:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-21 09:13 . 2011-01-05 21:28 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-08-21 09:13 . 2011-01-05 21:28 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-08-21 09:13 . 2011-01-05 21:28 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-08-21 09:13 . 2011-01-05 21:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-21 09:13 . 2011-01-05 21:28 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-08-21 09:12 . 2011-01-05 21:27 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-21 09:12 . 2011-01-05 21:27 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-09-09 06:25 . 2011-11-08 05:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-08-30 738984]
    "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Steve Kwartin^Start Menu^Programs^Startup^DING!.lnk]
    path=c:\documents and settings\Steve Kwartin\Start Menu\Programs\Startup\DING!.lnk
    backup=c:\windows\pss\DING!.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Steve Kwartin^Start Menu^Programs^Startup^Launch Utility Application.lnk]
    backup=c:\windows\pss\Launch Utility Application.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IVONA Reader
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2009-01-23 19:35 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]
    2004-08-27 03:43 56320 ------w- c:\windows\system32\delttray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2010-01-13 15:46 166912 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2010-01-13 15:46 134656 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Indexer]
    2005-02-08 00:40 184320 ----a-w- c:\program files\Sharp\Sharpdesk\Indexer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexTray]
    2005-02-08 00:38 106496 ----a-w- c:\program files\Sharp\Sharpdesk\IndexTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
    2007-01-25 15:54 154112 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    2008-07-21 21:54 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2010-01-13 15:46 135680 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-10-23 22:24 98304 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharpTray]
    2005-02-08 00:47 32768 ----a-w- c:\program files\Sharp\Sharpdesk\SharpTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-09-05 00:59 4777856 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypeRegChecker]
    2005-02-08 00:40 57344 ----a-w- c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Symantec AntiVirus"=2 (0x2)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=2 (0x2)
    "SavRoam"=3 (0x3)
    "DefWatch"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "Symantec RemoteAssist"=2 (0x2)
    "TeamViewer6"=2 (0x2)
    "CiSvc"=2 (0x2)
    "!SASCORE"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/3/2011 1:18 AM 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/5/2011 5:28 PM 355632]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/5/2011 5:28 PM 21256]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/30/2012 7:03 AM 27056]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/30/2012 7:03 AM 497320]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/1/2012 12:44 PM 399432]
    S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\docume~1\ADMINI~1.ST~\LOCALS~1\temp\Rar$EX01.094\Run\a2ddax86.sys --> c:\docume~1\ADMINI~1.ST~\LOCALS~1\temp\Rar$EX01.094\Run\a2ddax86.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 12:54 AM 136176]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/25/2011 4:39 AM 676936]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11/22/2011 2:39 PM 2358656]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/28/2012 6:37 PM 253088]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
    S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys --> c:\windows\system32\DRIVERS\MAudioDelta.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/5/2012 3:28 AM 13192]
    S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/5/2012 3:28 AM 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 12:54 AM 136176]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10/3/2012 6:22 PM 35144]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/25/2011 4:39 AM 22856]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 10:59 PM 114144]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 6:00 AM 14336]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/4/2011 6:25 AM 121192]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [8/4/2011 6:25 AM 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [8/4/2011 6:25 AM 136680]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/27/2012 7:56 PM 11520]
    S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 22:37]
    .
    2012-10-04 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-06 09:12]
    .
    2012-10-04 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
    - c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-11-03 19:24]
    .
    2012-10-04 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2012-08-04 02:16]
    .
    2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 04:53]
    .
    2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 04:53]
    .
    2012-10-03 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]
    .
    2012-09-27 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]
    .
    2012-09-09 c:\windows\Tasks\Rescue Reminder for 2HAA48PR.job
    - c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 21:52]
    .
    2012-10-04 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.cnn.com/
    uInternet Connection Wizard,ShellNext = iexplore
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\documents and settings\Steve Kwartin\Application Data\Mozilla\Firefox\Profiles\5l5wp0pq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-GoogleChrome - c:\docume~1\STEVEK~1\LOCALS~1\Temp\buuso.exe
    MSConfigStartUp-xeqhwjmVOs - (no file)
    AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
    AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Steve Kwartin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-03 23:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(808)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'lsass.exe'(868)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    Completion time: 2012-10-03 23:33:29
    ComboFix-quarantined-files.txt 2012-10-04 03:33
    .
    Pre-Run: 68,225,462,272 bytes free
    Post-Run: 68,191,170,560 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 89A953786C2B30228D4BAA003BD3DAEA
  22. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    That looks good.

    Is MBAM still complaining after running Combofix?

    Give me fresh RogueKiller log.
  23. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    There have not been any further reports from MBAM since I ran Combofix. So, I guess that we [you] are really making progress. I ran Roguekiller again. The first time, it said that I needed an update, but it was not connecting right, and there was no way to stop Roguekiller from the Task Manager, so I did a reboot, and dragged and dropped it into the Recycle bin, and downloaded and ran a new copy. It still seemed to find at least one thing, from what I can tell. The log is below. You are the greatest. Steve

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Steve Kwartin [Admin rights]
    Mode : Remove -- Date : 10/04/2012 01:02:19

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST1000DL002-9TT153 +++++
    --- User ---
    [MBR] 0da6599973a2edc24d3d0c3c92d75c99
    [BSP] b828249d42599fbb248fb22eb05d2b61 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
    --- User ---
    [MBR] 3f7ad32bf8ccb5754a79597e581aed30
    [BSP] 8ac8edf5d743ff7e3de380919894c726 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: WDC WD40 0JB-00JJA0 USB Device +++++
    --- User ---
    [MBR] a0fd2e4a8dbb8d687c457c09027de702
    [BSP] 8e5c4f4baa128e3e3558d521e5bb1ed1 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[4].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  24. tapersteve

    tapersteve Newcomer, in training Topic Starter Posts: 52

    Well, I spoke too soon. After running rogue killer, and then rebooting for another reason, MBAM reported another outgoing attempt to: IP: 89.28.69.32 in the Republic of Moldova. I don't recall having any reason to be trying to contact anyone or anything in Moldova, although I hear that it is lovely there this time of year. So, they are apparently still at it. I will await your response. Steve
  25. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Re-run TDSSKiller and then Combofix.
    Post both logs.
    tapersteve likes this.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.