Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

System Infected: Tidserv Activity 2 (Norton pop-up)

Started by dudepants , Dec 13 2011 02:30 AM

Next

This topic is locked

32 replies to this topic

#1 dudepants

Member

Members
20 posts

Posted 13 December 2011 - 02:30 AM

A few days ago, I started noticing several symptoms of a virus, such as the "double click" sound, random browser windows popping up with ads, similar activity with random tabs being added to my browser with other ad sites, and even crashing in some cases.

I bought Norton 360, and ran it's full system scan and almost all of the activities are gone. All but one. I don't hear the click sounds or see separate browsers opening up, but new tabs still appear and Norton has a pop-up frequently show up that says "Threat requiring manual removal detected: System Infected: Tidserv Activity 2." I followed the steps given by Norton, and the tdsskiller tool seemed to do the trick as it found some infected locations and said it got rid of those infected files. However, even though it can't find the tdss files, the same pop-up still shows up.

If I knew where the issue was, I'd most likely be able to get rid of the files, or at least be able to do it in safe mode. I hope someone here is experienced enough to make sense of these log files you asked for, and can find the issue where Norton couldn't.

Thanks,
Brian

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Brian at 21:06:51 on 2011-12-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1137 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [B2C_AGENT] c:\documents and settings\all users\application data\lgmobileax\b2c_client\B2CNotiAgent.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{15D47217-C38A-4489-A42E-8B0543097603} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: xmlproservice - xmlrpw32.dll
Notify: xmlrpw32 - xmlrpw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brian\application data\mozilla\firefox\profiles\f7py33rj.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-12-10 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-12-10 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111123.001\BHDrvx86.sys [2011-11-23 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-12-10 136312]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-12-10 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-20 2214504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-12-10 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111209.002\IDSXpx86.sys [2011-12-9 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20111211.006\NAVENG.SYS [2011-12-11 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20111211.006\NAVEX15.SYS [2011-12-11 1576312]
S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2008-4-14 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-20 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-11-23 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-11-23 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-11-23 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-11-23 24960]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
.
=============== Created Last 30 ================
.
2011-12-12 13:56:45 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 13:56:45 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 13:41:24 -------- dc----w- C:\TDSSKiller_Quarantine
2011-12-10 12:11:33 -------- dc----w- c:\program files\NortonInstaller
2011-12-10 12:11:33 -------- dc----w- c:\documents and settings\all users\application data\NortonInstaller
2011-12-10 11:54:27 -------- dc----w- c:\documents and settings\all users\application data\Norton
2011-12-10 11:39:06 -------- dc----w- c:\documents and settings\all users\application data\boost_interprocess
2011-12-09 22:18:29 -------- dc----w- c:\documents and settings\brian\application data\searchquband
2011-12-09 17:40:32 37888 -c--a-w- c:\windows\system32\xmlrpw32.dll
2011-12-09 17:18:07 -------- dc----w- c:\documents and settings\brian\local settings\application data\Sun
2011-11-27 23:53:27 -------- dc----w- c:\documents and settings\brian\local settings\application data\Ilivid Player
2011-11-27 23:52:23 -------- dc----w- c:\documents and settings\brian\local settings\application data\PackageAware
2011-11-25 08:00:36 -------- dc----w- c:\program files\MSXML 4.0
2011-11-23 22:11:35 24960 -c--a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-11-23 22:11:35 20864 -c--a-w- c:\windows\system32\drivers\lganddiag.sys
2011-11-23 22:11:35 19968 -c--a-w- c:\windows\system32\drivers\lgandgps.sys
2011-11-23 22:11:34 25728 -c--a-w- c:\windows\system32\drivers\lgandadb.sys
2011-11-23 22:11:34 14336 -c--a-w- c:\windows\system32\drivers\lgandbus.sys
2011-11-23 22:11:34 1416680 -c--a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-11-23 22:11:34 -------- dc----w- c:\program files\LG Electronics
2011-11-23 22:04:29 655872 -c--a-w- c:\windows\system32\msvcr90.dll
2011-11-23 22:04:29 568832 -c--a-w- c:\windows\system32\msvcp90.dll
2011-11-23 22:04:29 224768 -c--a-w- c:\windows\system32\msvcm90.dll
2011-11-23 22:04:24 82432 -c--a-w- c:\windows\system32\msxml4r.dll
2011-11-23 22:04:24 53248 -c--a-w- c:\windows\system32\CommonDL.dll
2011-11-23 22:04:24 44544 -c--a-w- c:\windows\system32\msxml4a.dll
2011-11-23 22:04:19 -------- dc----w- c:\documents and settings\all users\application data\LGMOBILEAX
2011-11-23 21:32:09 -------- dc----w- c:\documents and settings\brian\application data\Windows Search
2011-11-21 10:13:14 -------- dc----w- c:\documents and settings\brian\.m2
2011-11-21 10:04:20 -------- dc----w- c:\documents and settings\brian\android-sdks
2011-11-21 09:55:42 -------- dc----w- c:\documents and settings\brian\workspace
2011-11-21 09:54:40 -------- dc----w- c:\documents and settings\brian\.android
2011-11-21 09:54:17 -------- dc----w- c:\program files\Android
2011-11-21 09:51:10 -------- dc----w- c:\program files\eclipse
2011-11-21 09:43:06 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-11-21 09:43:06 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-11-16 20:35:10 -------- dc----w- c:\program files\common files\Blizzard Entertainment
2011-11-14 20:20:51 33104 -c--a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-11-14 20:20:51 32592 -c--a-w- c:\windows\system32\msonpmon.dll
2011-11-14 20:12:29 -------- dc----w- c:\program files\Microsoft Visual Studio 8
2011-11-14 20:12:05 -------- dc----w- c:\documents and settings\brian\local settings\application data\Microsoft Help
.
==================== Find3M ====================
.
2011-12-10 12:12:53 60872 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-10 12:12:53 126584 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-10 14:22:41 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 -c--a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 -c--a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 -c--a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 -c--a-w- c:\windows\system32\oleaccrc.dll
2009-05-15 01:02:10 3392872 -c--a-w- c:\program files\common files\adlmint_libFNP.dll
2009-05-15 01:02:10 3298152 -c--a-w- c:\program files\common files\adlmint.dll
.
============= FINISH: 21:07:20.57 ===============

Attached Files

ark.txt 19.3K 1 downloads
attach.txt 16.66K 1 downloads

Edited by hamluis, 13 December 2011 - 07:31 AM.
Moved from XP to Malware Removal Logs.

Back to top

BC Ads
BleepingComputer.com

#2 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 15 December 2011 - 02:56 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It looks like we maybe dealing with an infection known as ZeroAccess.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

NEXT:

Running OTL

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Back to top

#3 dudepants

Member

Members
20 posts

Posted 19 December 2011 - 12:31 AM

First of all, I apologize for not seeing this sooner. I guess the thread got moved to the spyware forum, and for some reason I didn't get an email notification of the reply you made. Oh well, I hope it's not too late to get started on this. Here are the logs you asked for, and no, it hasn't been resolved yet.

Thanks!

00:05:53.0656 3700 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
00:05:54.0562 3700 ============================================================
00:05:54.0562 3700 Current date / time: 2011/12/19 00:05:54.0562
00:05:54.0562 3700 SystemInfo:
00:05:54.0562 3700
00:05:54.0562 3700 OS Version: 5.1.2600 ServicePack: 3.0
00:05:54.0562 3700 Product type: Workstation
00:05:54.0562 3700 ComputerName: BRIAN-0003BCE36
00:05:54.0562 3700 UserName: Brian
00:05:54.0562 3700 Windows directory: C:\WINDOWS
00:05:54.0562 3700 System windows directory: C:\WINDOWS
00:05:54.0562 3700 Processor architecture: Intel x86
00:05:54.0562 3700 Number of processors: 2
00:05:54.0562 3700 Page size: 0x1000
00:05:54.0562 3700 Boot type: Normal boot
00:05:54.0562 3700 ============================================================
00:05:54.0921 3700 Initialize success
00:06:50.0343 4036 ============================================================
00:06:50.0343 4036 Scan started
00:06:50.0343 4036 Mode: Manual;
00:06:50.0343 4036 ============================================================
00:06:50.0562 4036 Abiosdsk - ok
00:06:50.0578 4036 abp480n5 - ok
00:06:50.0625 4036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:06:50.0625 4036 ACPI - ok
00:06:50.0671 4036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:06:50.0671 4036 ACPIEC - ok
00:06:50.0687 4036 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
00:06:50.0687 4036 adfs - ok
00:06:50.0703 4036 adpu160m - ok
00:06:50.0734 4036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:06:50.0750 4036 aec - ok
00:06:50.0781 4036 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:06:50.0781 4036 AFD - ok
00:06:50.0812 4036 Aha154x - ok
00:06:50.0828 4036 aic78u2 - ok
00:06:50.0828 4036 aic78xx - ok
00:06:50.0843 4036 AliIde - ok
00:06:50.0890 4036 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
00:06:50.0921 4036 Ambfilt - ok
00:06:50.0937 4036 amsint - ok
00:06:50.0953 4036 Andbus (19f9b865832fc563ed8eed449cb4ff31) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
00:06:50.0968 4036 Andbus - ok
00:06:50.0984 4036 AndDiag (c896b7dcd81862cb51e5c2ebcf0b50ca) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
00:06:50.0984 4036 AndDiag - ok
00:06:51.0015 4036 AndGps (2d4f4ee70eb5a03cffaa50e6d6b67bc8) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
00:06:51.0015 4036 AndGps - ok
00:06:51.0031 4036 ANDModem (13947a4e2343d1dae526fb9b8e7898dc) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
00:06:51.0046 4036 ANDModem - ok
00:06:51.0109 4036 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
00:06:51.0109 4036 androidusb - ok
00:06:51.0125 4036 asc - ok
00:06:51.0140 4036 asc3350p - ok
00:06:51.0140 4036 asc3550 - ok
00:06:51.0171 4036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:06:51.0171 4036 AsyncMac - ok
00:06:51.0203 4036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:06:51.0203 4036 atapi - ok
00:06:51.0203 4036 Atdisk - ok
00:06:51.0234 4036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:06:51.0234 4036 Atmarpc - ok
00:06:51.0265 4036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:06:51.0265 4036 audstub - ok
00:06:51.0359 4036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:06:51.0359 4036 Beep - ok
00:06:51.0453 4036 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
00:06:51.0453 4036 BHDrvx86 - ok
00:06:51.0500 4036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:06:51.0500 4036 cbidf2k - ok
00:06:51.0500 4036 cd20xrnt - ok
00:06:51.0515 4036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:06:51.0515 4036 Cdaudio - ok
00:06:51.0546 4036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:06:51.0546 4036 Cdfs - ok
00:06:51.0609 4036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:06:51.0625 4036 Cdrom - ok
00:06:51.0625 4036 Changer - ok
00:06:51.0640 4036 CmdIde - ok
00:06:51.0656 4036 Cpqarray - ok
00:06:51.0671 4036 dac2w2k - ok
00:06:51.0671 4036 dac960nt - ok
00:06:51.0687 4036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:06:51.0703 4036 Disk - ok
00:06:51.0734 4036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:06:51.0750 4036 dmboot - ok
00:06:51.0750 4036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:06:51.0765 4036 dmio - ok
00:06:51.0781 4036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:06:51.0781 4036 dmload - ok
00:06:51.0812 4036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:06:51.0812 4036 DMusic - ok
00:06:51.0812 4036 dpti2o - ok
00:06:51.0828 4036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:06:51.0828 4036 drmkaud - ok
00:06:51.0890 4036 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:06:51.0906 4036 eeCtrl - ok
00:06:51.0921 4036 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:06:51.0921 4036 EraserUtilRebootDrv - ok
00:06:51.0984 4036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:06:51.0984 4036 Fastfat - ok
00:06:52.0015 4036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:06:52.0015 4036 Fdc - ok
00:06:52.0031 4036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:06:52.0031 4036 Fips - ok
00:06:52.0046 4036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:06:52.0046 4036 Flpydisk - ok
00:06:52.0062 4036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:06:52.0078 4036 FltMgr - ok
00:06:52.0109 4036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:06:52.0109 4036 Fs_Rec - ok
00:06:52.0125 4036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:06:52.0125 4036 Ftdisk - ok
00:06:52.0140 4036 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:06:52.0140 4036 GEARAspiWDM - ok
00:06:52.0171 4036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:06:52.0171 4036 Gpc - ok
00:06:52.0234 4036 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:06:52.0234 4036 HDAudBus - ok
00:06:52.0281 4036 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:06:52.0281 4036 hidusb - ok
00:06:52.0296 4036 hpn - ok
00:06:52.0328 4036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:06:52.0328 4036 HTTP - ok
00:06:52.0343 4036 i2omgmt - ok
00:06:52.0343 4036 i2omp - ok
00:06:52.0375 4036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:06:52.0375 4036 i8042prt - ok
00:06:52.0468 4036 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111216.001\IDSxpx86.sys
00:06:52.0484 4036 IDSxpx86 - ok
00:06:52.0531 4036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:06:52.0546 4036 Imapi - ok
00:06:52.0546 4036 ini910u - ok
00:06:52.0687 4036 IntcAzAudAddService (921f2452a8d3a10083ddd824fc8c267f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:06:52.0781 4036 IntcAzAudAddService - ok
00:06:52.0796 4036 IntelIde - ok
00:06:52.0812 4036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:06:52.0812 4036 intelppm - ok
00:06:52.0843 4036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:06:52.0843 4036 Ip6Fw - ok
00:06:52.0921 4036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:06:52.0937 4036 IpFilterDriver - ok
00:06:52.0953 4036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:06:52.0953 4036 IpInIp - ok
00:06:52.0968 4036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:06:52.0968 4036 IpNat - ok
00:06:52.0984 4036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:06:52.0984 4036 IPSec - ok
00:06:53.0000 4036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:06:53.0015 4036 IRENUM - ok
00:06:53.0031 4036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:06:53.0046 4036 isapnp - ok
00:06:53.0109 4036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:06:53.0109 4036 Kbdclass - ok
00:06:53.0140 4036 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:06:53.0140 4036 kbdhid - ok
00:06:53.0187 4036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:06:53.0203 4036 kmixer - ok
00:06:53.0218 4036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:06:53.0218 4036 KSecDD - ok
00:06:53.0234 4036 lbrtfdc - ok
00:06:53.0250 4036 MBAMSwissArmy - ok
00:06:53.0281 4036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:06:53.0281 4036 mnmdd - ok
00:06:53.0312 4036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:06:53.0312 4036 Modem - ok
00:06:53.0390 4036 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
00:06:53.0406 4036 Monfilt - ok
00:06:53.0437 4036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:06:53.0437 4036 Mouclass - ok
00:06:53.0468 4036 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:06:53.0468 4036 mouhid - ok
00:06:53.0484 4036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:06:53.0484 4036 MountMgr - ok
00:06:53.0546 4036 mraid35x - ok
00:06:53.0562 4036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:06:53.0562 4036 MRxDAV - ok
00:06:53.0609 4036 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:06:53.0625 4036 MRxSmb - ok
00:06:53.0640 4036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:06:53.0640 4036 Msfs - ok
00:06:53.0671 4036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:06:53.0671 4036 MSKSSRV - ok
00:06:53.0687 4036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:06:53.0687 4036 MSPCLOCK - ok
00:06:53.0703 4036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:06:53.0703 4036 MSPQM - ok
00:06:53.0765 4036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:06:53.0765 4036 mssmbios - ok
00:06:53.0781 4036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:06:53.0781 4036 Mup - ok
00:06:53.0875 4036 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111218.009\NAVENG.SYS
00:06:53.0875 4036 NAVENG - ok
00:06:53.0937 4036 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111218.009\NAVEX15.SYS
00:06:53.0953 4036 NAVEX15 - ok
00:06:54.0000 4036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:06:54.0000 4036 NDIS - ok
00:06:54.0062 4036 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:06:54.0062 4036 NdisTapi - ok
00:06:54.0093 4036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:06:54.0093 4036 Ndisuio - ok
00:06:54.0109 4036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:06:54.0109 4036 NdisWan - ok
00:06:54.0140 4036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:06:54.0140 4036 NDProxy - ok
00:06:54.0156 4036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:06:54.0156 4036 NetBIOS - ok
00:06:54.0171 4036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:06:54.0187 4036 NetBT - ok
00:06:54.0203 4036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:06:54.0218 4036 Npfs - ok
00:06:54.0406 4036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:06:54.0468 4036 Ntfs - ok
00:06:54.0703 4036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:06:54.0718 4036 Null - ok
00:06:55.0171 4036 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:06:55.0375 4036 nv - ok
00:06:55.0437 4036 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
00:06:55.0437 4036 NVENETFD - ok
00:06:55.0468 4036 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
00:06:55.0468 4036 nvnetbus - ok
00:06:55.0500 4036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:06:55.0500 4036 NwlnkFlt - ok
00:06:55.0515 4036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:06:55.0515 4036 NwlnkFwd - ok
00:06:55.0546 4036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:06:55.0562 4036 Parport - ok
00:06:55.0578 4036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:06:55.0578 4036 PartMgr - ok
00:06:55.0640 4036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:06:55.0640 4036 ParVdm - ok
00:06:55.0671 4036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:06:55.0687 4036 PCI - ok
00:06:55.0687 4036 PCIDump - ok
00:06:55.0703 4036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:06:55.0703 4036 PCIIde - ok
00:06:55.0734 4036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:06:55.0734 4036 Pcmcia - ok
00:06:55.0750 4036 PDCOMP - ok
00:06:55.0750 4036 PDFRAME - ok
00:06:55.0765 4036 PDRELI - ok
00:06:55.0765 4036 PDRFRAME - ok
00:06:55.0781 4036 perc2 - ok
00:06:55.0796 4036 perc2hib - ok
00:06:55.0828 4036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:06:55.0828 4036 PptpMiniport - ok
00:06:55.0859 4036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:06:55.0859 4036 PSched - ok
00:06:55.0875 4036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:06:55.0890 4036 Ptilink - ok
00:06:55.0890 4036 ql1080 - ok
00:06:55.0906 4036 Ql10wnt - ok
00:06:55.0906 4036 ql12160 - ok
00:06:55.0921 4036 ql1240 - ok
00:06:55.0937 4036 ql1280 - ok
00:06:55.0953 4036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:06:55.0953 4036 RasAcd - ok
00:06:56.0000 4036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:06:56.0000 4036 Rasl2tp - ok
00:06:56.0000 4036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:06:56.0015 4036 RasPppoe - ok
00:06:56.0015 4036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:06:56.0015 4036 Raspti - ok
00:06:56.0046 4036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:06:56.0046 4036 Rdbss - ok
00:06:56.0046 4036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:06:56.0062 4036 RDPCDD - ok
00:06:56.0078 4036 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:06:56.0078 4036 rdpdr - ok
00:06:56.0109 4036 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:06:56.0109 4036 RDPWD - ok
00:06:56.0156 4036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:06:56.0156 4036 redbook - ok
00:06:56.0203 4036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:06:56.0203 4036 Secdrv - ok
00:06:56.0234 4036 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:06:56.0250 4036 serenum - ok
00:06:56.0250 4036 Serial (411503e991a0156b25e0ad40629e1fdf) C:\WINDOWS\system32\DRIVERS\serial.sys
00:06:56.0250 4036 Serial - ok
00:06:56.0281 4036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:06:56.0281 4036 Sfloppy - ok
00:06:56.0296 4036 Simbad - ok
00:06:56.0312 4036 Sparrow - ok
00:06:56.0343 4036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:06:56.0343 4036 splitter - ok
00:06:56.0359 4036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:06:56.0359 4036 sr - ok
00:06:56.0437 4036 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS
00:06:56.0453 4036 SRTSP - ok
00:06:56.0500 4036 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
00:06:56.0500 4036 SRTSPX - ok
00:06:56.0546 4036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:06:56.0546 4036 Srv - ok
00:06:56.0578 4036 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
00:06:56.0578 4036 ssadbus - ok
00:06:56.0609 4036 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
00:06:56.0609 4036 ssadmdfl - ok
00:06:56.0625 4036 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
00:06:56.0640 4036 ssadmdm - ok
00:06:56.0671 4036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:06:56.0671 4036 swenum - ok
00:06:56.0703 4036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:06:56.0703 4036 swmidi - ok
00:06:56.0734 4036 symc810 - ok
00:06:56.0734 4036 symc8xx - ok
00:06:56.0812 4036 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
00:06:56.0812 4036 SymDS - ok
00:06:56.0859 4036 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
00:06:56.0875 4036 SymEFA - ok
00:06:56.0906 4036 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:06:56.0906 4036 SymEvent - ok
00:06:56.0921 4036 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
00:06:56.0921 4036 SymIRON - ok
00:06:56.0937 4036 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
00:06:56.0953 4036 SYMTDI - ok
00:06:56.0984 4036 sym_hi - ok
00:06:57.0000 4036 sym_u3 - ok
00:06:57.0015 4036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:06:57.0015 4036 sysaudio - ok
00:06:57.0078 4036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:06:57.0078 4036 Tcpip - ok
00:06:57.0093 4036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:06:57.0109 4036 TDPIPE - ok
00:06:57.0109 4036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:06:57.0109 4036 TDTCP - ok
00:06:57.0125 4036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:06:57.0140 4036 TermDD - ok
00:06:57.0140 4036 TosIde - ok
00:06:57.0187 4036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:06:57.0187 4036 Udfs - ok
00:06:57.0218 4036 ultra - ok
00:06:57.0234 4036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:06:57.0250 4036 Update - ok
00:06:57.0281 4036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:06:57.0281 4036 usbccgp - ok
00:06:57.0312 4036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:06:57.0312 4036 usbehci - ok
00:06:57.0312 4036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:06:57.0312 4036 usbhub - ok
00:06:57.0328 4036 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:06:57.0328 4036 usbohci - ok
00:06:57.0359 4036 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:06:57.0359 4036 usbprint - ok
00:06:57.0375 4036 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:06:57.0390 4036 USBSTOR - ok
00:06:57.0406 4036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:06:57.0406 4036 VgaSave - ok
00:06:57.0421 4036 ViaIde - ok
00:06:57.0468 4036 viamraid (79d0dcf683856593309601f4089f758a) C:\WINDOWS\system32\DRIVERS\viamraid.sys
00:06:57.0468 4036 viamraid - ok
00:06:57.0515 4036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:06:57.0515 4036 VolSnap - ok
00:06:57.0531 4036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:06:57.0531 4036 Wanarp - ok
00:06:57.0578 4036 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:06:57.0578 4036 Wdf01000 - ok
00:06:57.0609 4036 WDICA - ok
00:06:57.0640 4036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:06:57.0640 4036 wdmaud - ok
00:06:57.0671 4036 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:06:57.0671 4036 WmiAcpi - ok
00:06:57.0734 4036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:06:57.0734 4036 WudfPf - ok
00:06:57.0781 4036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:06:57.0781 4036 WudfRd - ok
00:06:57.0796 4036 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:06:57.0937 4036 \Device\Harddisk0\DR0 - ok
00:06:57.0953 4036 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:06:58.0031 4036 \Device\Harddisk1\DR1 - ok
00:06:58.0031 4036 Boot (0x1200) (29d4698d0c072e445cebd8ecca9f07f7) \Device\Harddisk0\DR0\Partition0
00:06:58.0046 4036 \Device\Harddisk0\DR0\Partition0 - ok
00:06:58.0046 4036 Boot (0x1200) (f7324c71e018b08dcd065837869e4629) \Device\Harddisk1\DR1\Partition0
00:06:58.0046 4036 \Device\Harddisk1\DR1\Partition0 - ok
00:06:58.0046 4036 ============================================================
00:06:58.0046 4036 Scan finished
00:06:58.0046 4036 ============================================================
00:06:58.0046 0940 Detected object count: 0
00:06:58.0046 0940 Actual detected object count: 0
00:07:04.0718 3560 ============================================================
00:07:04.0718 3560 Scan started
00:07:04.0718 3560 Mode: Manual; SigCheck; TDLFS;
00:07:04.0718 3560 ============================================================
00:07:04.0953 3560 Abiosdsk - ok
00:07:04.0968 3560 abp480n5 - ok
00:07:05.0015 3560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:07:05.0984 3560 ACPI - ok
00:07:06.0031 3560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:07:06.0125 3560 ACPIEC - ok
00:07:06.0156 3560 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
00:07:06.0171 3560 adfs - ok
00:07:06.0187 3560 adpu160m - ok
00:07:06.0218 3560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:07:06.0296 3560 aec - ok
00:07:06.0343 3560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:07:06.0390 3560 AFD - ok
00:07:06.0437 3560 Aha154x - ok
00:07:06.0437 3560 aic78u2 - ok
00:07:06.0453 3560 aic78xx - ok
00:07:06.0468 3560 AliIde - ok
00:07:06.0515 3560 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
00:07:06.0781 3560 Ambfilt - ok
00:07:06.0796 3560 amsint - ok
00:07:06.0812 3560 Andbus (19f9b865832fc563ed8eed449cb4ff31) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
00:07:06.0890 3560 Andbus - ok
00:07:06.0921 3560 AndDiag (c896b7dcd81862cb51e5c2ebcf0b50ca) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
00:07:06.0921 3560 AndDiag - ok
00:07:06.0984 3560 AndGps (2d4f4ee70eb5a03cffaa50e6d6b67bc8) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
00:07:07.0000 3560 AndGps - ok
00:07:07.0015 3560 ANDModem (13947a4e2343d1dae526fb9b8e7898dc) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
00:07:07.0031 3560 ANDModem - ok
00:07:07.0078 3560 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
00:07:07.0093 3560 androidusb - ok
00:07:07.0109 3560 asc - ok
00:07:07.0109 3560 asc3350p - ok
00:07:07.0125 3560 asc3550 - ok
00:07:07.0156 3560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:07:07.0234 3560 AsyncMac - ok
00:07:07.0265 3560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:07:07.0359 3560 atapi - ok
00:07:07.0390 3560 Atdisk - ok
00:07:07.0406 3560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:07:07.0515 3560 Atmarpc - ok
00:07:07.0546 3560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:07:07.0625 3560 audstub - ok
00:07:07.0671 3560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:07:07.0781 3560 Beep - ok
00:07:07.0890 3560 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
00:07:07.0921 3560 BHDrvx86 - ok
00:07:07.0984 3560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:07:08.0078 3560 cbidf2k - ok
00:07:08.0078 3560 cd20xrnt - ok
00:07:08.0109 3560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:07:08.0203 3560 Cdaudio - ok
00:07:08.0234 3560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:07:08.0328 3560 Cdfs - ok
00:07:08.0359 3560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:07:08.0453 3560 Cdrom - ok
00:07:08.0453 3560 Changer - ok
00:07:08.0468 3560 CmdIde - ok
00:07:08.0484 3560 Cpqarray - ok
00:07:08.0500 3560 dac2w2k - ok
00:07:08.0515 3560 dac960nt - ok
00:07:08.0531 3560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:07:08.0609 3560 Disk - ok
00:07:08.0640 3560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:07:08.0750 3560 dmboot - ok
00:07:08.0796 3560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:07:08.0890 3560 dmio - ok
00:07:08.0906 3560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:07:09.0015 3560 dmload - ok
00:07:09.0062 3560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:07:09.0156 3560 DMusic - ok
00:07:09.0187 3560 dpti2o - ok
00:07:09.0187 3560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:07:09.0281 3560 drmkaud - ok
00:07:09.0343 3560 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:07:09.0359 3560 eeCtrl - ok
00:07:09.0375 3560 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:07:09.0375 3560 EraserUtilRebootDrv - ok
00:07:09.0453 3560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:07:09.0546 3560 Fastfat - ok
00:07:09.0578 3560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:07:09.0656 3560 Fdc - ok
00:07:09.0671 3560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:07:09.0765 3560 Fips - ok
00:07:09.0796 3560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:07:09.0890 3560 Flpydisk - ok
00:07:09.0921 3560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:07:10.0000 3560 FltMgr - ok
00:07:10.0078 3560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:07:10.0171 3560 Fs_Rec - ok
00:07:10.0187 3560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:07:10.0281 3560 Ftdisk - ok
00:07:10.0312 3560 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:07:10.0312 3560 GEARAspiWDM - ok
00:07:10.0359 3560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:07:10.0453 3560 Gpc - ok
00:07:10.0468 3560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:07:10.0562 3560 HDAudBus - ok
00:07:10.0578 3560 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:07:10.0671 3560 hidusb - ok
00:07:10.0718 3560 hpn - ok
00:07:10.0750 3560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:07:10.0781 3560 HTTP - ok
00:07:10.0796 3560 i2omgmt - ok
00:07:10.0812 3560 i2omp - ok
00:07:10.0828 3560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:07:10.0921 3560 i8042prt - ok
00:07:11.0015 3560 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111216.001\IDSxpx86.sys
00:07:11.0031 3560 IDSxpx86 - ok
00:07:11.0109 3560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:07:11.0203 3560 Imapi - ok
00:07:11.0218 3560 ini910u - ok
00:07:11.0375 3560 IntcAzAudAddService (921f2452a8d3a10083ddd824fc8c267f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:07:11.0671 3560 IntcAzAudAddService - ok
00:07:11.0718 3560 IntelIde - ok
00:07:11.0765 3560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:07:11.0875 3560 intelppm - ok
00:07:11.0890 3560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:07:11.0984 3560 Ip6Fw - ok
00:07:12.0000 3560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:07:12.0093 3560 IpFilterDriver - ok
00:07:12.0109 3560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:07:12.0187 3560 IpInIp - ok
00:07:12.0218 3560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:07:12.0312 3560 IpNat - ok
00:07:12.0375 3560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:07:12.0468 3560 IPSec - ok
00:07:12.0500 3560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:07:12.0531 3560 IRENUM - ok
00:07:12.0578 3560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:07:12.0687 3560 isapnp - ok
00:07:12.0703 3560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:07:12.0812 3560 Kbdclass - ok
00:07:12.0828 3560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:07:12.0921 3560 kbdhid - ok
00:07:12.0968 3560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:07:13.0078 3560 kmixer - ok
00:07:13.0109 3560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:07:13.0156 3560 KSecDD - ok
00:07:13.0171 3560 lbrtfdc - ok
00:07:13.0187 3560 MBAMSwissArmy - ok
00:07:13.0218 3560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:07:13.0328 3560 mnmdd - ok
00:07:13.0359 3560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:07:13.0437 3560 Modem - ok
00:07:13.0546 3560 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
00:07:13.0609 3560 Monfilt - ok
00:07:13.0625 3560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:07:13.0718 3560 Mouclass - ok
00:07:13.0750 3560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:07:13.0843 3560 mouhid - ok
00:07:13.0875 3560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:07:13.0968 3560 MountMgr - ok
00:07:14.0015 3560 mraid35x - ok
00:07:14.0031 3560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:07:14.0125 3560 MRxDAV - ok
00:07:14.0156 3560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:07:14.0218 3560 MRxSmb - ok
00:07:14.0234 3560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:07:14.0328 3560 Msfs - ok
00:07:14.0359 3560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:07:14.0437 3560 MSKSSRV - ok
00:07:14.0484 3560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:07:14.0578 3560 MSPCLOCK - ok
00:07:14.0609 3560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:07:14.0703 3560 MSPQM - ok
00:07:14.0718 3560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:07:14.0796 3560 mssmbios - ok
00:07:14.0843 3560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:07:14.0875 3560 Mup - ok
00:07:14.0968 3560 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111218.009\NAVENG.SYS
00:07:14.0984 3560 NAVENG - ok
00:07:15.0031 3560 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111218.009\NAVEX15.SYS
00:07:15.0109 3560 NAVEX15 - ok
00:07:15.0171 3560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:07:15.0265 3560 NDIS - ok
00:07:15.0328 3560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:07:15.0359 3560 NdisTapi - ok
00:07:15.0375 3560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:07:15.0468 3560 Ndisuio - ok
00:07:15.0500 3560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:07:15.0593 3560 NdisWan - ok
00:07:15.0625 3560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:07:15.0687 3560 NDProxy - ok
00:07:15.0734 3560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:07:15.0812 3560 NetBIOS - ok
00:07:15.0828 3560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:07:15.0937 3560 NetBT - ok
00:07:15.0968 3560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:07:16.0062 3560 Npfs - ok
00:07:16.0078 3560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:07:16.0171 3560 Ntfs - ok
00:07:16.0218 3560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:07:16.0296 3560 Null - ok
00:07:16.0593 3560 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:07:17.0171 3560 nv - ok
00:07:17.0234 3560 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
00:07:17.0281 3560 NVENETFD - ok
00:07:17.0312 3560 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
00:07:17.0343 3560 nvnetbus - ok
00:07:17.0390 3560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:07:17.0484 3560 NwlnkFlt - ok
00:07:17.0484 3560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:07:17.0578 3560 NwlnkFwd - ok
00:07:17.0609 3560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:07:17.0703 3560 Parport - ok
00:07:17.0765 3560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:07:17.0859 3560 PartMgr - ok
00:07:17.0890 3560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:07:17.0984 3560 ParVdm - ok
00:07:18.0000 3560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:07:18.0093 3560 PCI - ok
00:07:18.0140 3560 PCIDump - ok
00:07:18.0171 3560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:07:18.0250 3560 PCIIde - ok
00:07:18.0281 3560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:07:18.0375 3560 Pcmcia - ok
00:07:18.0390 3560 PDCOMP - ok
00:07:18.0390 3560 PDFRAME - ok
00:07:18.0406 3560 PDRELI - ok
00:07:18.0406 3560 PDRFRAME - ok
00:07:18.0421 3560 perc2 - ok
00:07:18.0437 3560 perc2hib - ok
00:07:18.0484 3560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:07:18.0578 3560 PptpMiniport - ok
00:07:18.0593 3560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:07:18.0687 3560 PSched - ok
00:07:18.0796 3560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:07:18.0906 3560 Ptilink - ok
00:07:18.0921 3560 ql1080 - ok
00:07:18.0937 3560 Ql10wnt - ok
00:07:18.0937 3560 ql12160 - ok
00:07:18.0953 3560 ql1240 - ok
00:07:18.0968 3560 ql1280 - ok
00:07:19.0031 3560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:07:19.0140 3560 RasAcd - ok
00:07:19.0234 3560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:07:19.0359 3560 Rasl2tp - ok
00:07:19.0453 3560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:07:19.0562 3560 RasPppoe - ok
00:07:19.0578 3560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:07:19.0671 3560 Raspti - ok
00:07:19.0796 3560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:07:19.0906 3560 Rdbss - ok
00:07:19.0953 3560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:07:20.0046 3560 RDPCDD - ok
00:07:20.0093 3560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:07:20.0187 3560 rdpdr - ok
00:07:20.0265 3560 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:07:20.0296 3560 RDPWD - ok
00:07:20.0328 3560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:07:20.0406 3560 redbook - ok
00:07:20.0453 3560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:07:20.0515 3560 Secdrv - ok
00:07:20.0546 3560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:07:20.0640 3560 serenum - ok
00:07:20.0640 3560 Serial (411503e991a0156b25e0ad40629e1fdf) C:\WINDOWS\system32\DRIVERS\serial.sys
00:07:20.0656 3560 Serial ( UnsignedFile.Multi.Generic ) - warning
00:07:20.0656 3560 Serial - detected UnsignedFile.Multi.Generic (1)
00:07:20.0687 3560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:07:20.0781 3560 Sfloppy - ok
00:07:20.0812 3560 Simbad - ok
00:07:20.0828 3560 Sparrow - ok
00:07:20.0859 3560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:07:20.0937 3560 splitter - ok
00:07:20.0968 3560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:07:21.0031 3560 sr - ok
00:07:21.0093 3560 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS
00:07:21.0109 3560 SRTSP - ok
00:07:21.0156 3560 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
00:07:21.0171 3560 SRTSPX - ok
00:07:21.0187 3560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:07:21.0234 3560 Srv - ok
00:07:21.0265 3560 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
00:07:21.0281 3560 ssadbus - ok
00:07:21.0312 3560 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
00:07:21.0328 3560 ssadmdfl - ok
00:07:21.0343 3560 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
00:07:21.0343 3560 ssadmdm - ok
00:07:21.0375 3560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:07:21.0484 3560 swenum - ok
00:07:21.0531 3560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:07:21.0625 3560 swmidi - ok
00:07:21.0640 3560 symc810 - ok
00:07:21.0656 3560 symc8xx - ok
00:07:21.0718 3560 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
00:07:21.0734 3560 SymDS - ok
00:07:21.0781 3560 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
00:07:21.0812 3560 SymEFA - ok
00:07:21.0875 3560 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:07:21.0875 3560 SymEvent - ok
00:07:21.0890 3560 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
00:07:21.0906 3560 SymIRON - ok
00:07:21.0921 3560 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
00:07:21.0953 3560 SYMTDI - ok
00:07:21.0968 3560 sym_hi - ok
00:07:21.0968 3560 sym_u3 - ok
00:07:22.0015 3560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:07:22.0109 3560 sysaudio - ok
00:07:22.0140 3560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:07:22.0203 3560 Tcpip - ok
00:07:22.0250 3560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:07:22.0343 3560 TDPIPE - ok
00:07:22.0375 3560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:07:22.0484 3560 TDTCP - ok
00:07:22.0515 3560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:07:22.0609 3560 TermDD - ok
00:07:22.0625 3560 TosIde - ok
00:07:22.0656 3560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:07:22.0750 3560 Udfs - ok
00:07:22.0796 3560 ultra - ok
00:07:22.0828 3560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:07:22.0921 3560 Update - ok
00:07:22.0953 3560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:07:23.0046 3560 usbccgp - ok
00:07:23.0046 3560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:07:23.0140 3560 usbehci - ok
00:07:23.0156 3560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:07:23.0234 3560 usbhub - ok
00:07:23.0250 3560 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:07:23.0343 3560 usbohci - ok
00:07:23.0375 3560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:07:23.0468 3560 usbprint - ok
00:07:23.0562 3560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:07:23.0656 3560 USBSTOR - ok
00:07:23.0703 3560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:07:23.0781 3560 VgaSave - ok
00:07:23.0796 3560 ViaIde - ok
00:07:23.0828 3560 viamraid (79d0dcf683856593309601f4089f758a) C:\WINDOWS\system32\DRIVERS\viamraid.sys
00:07:23.0875 3560 viamraid - ok
00:07:23.0906 3560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:07:23.0984 3560 VolSnap - ok
00:07:24.0000 3560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:07:24.0093 3560 Wanarp - ok
00:07:24.0125 3560 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:07:24.0156 3560 Wdf01000 - ok
00:07:24.0171 3560 WDICA - ok
00:07:24.0203 3560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:07:24.0296 3560 wdmaud - ok
00:07:24.0343 3560 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:07:24.0421 3560 WmiAcpi - ok
00:07:24.0484 3560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:07:24.0546 3560 WudfPf - ok
00:07:24.0593 3560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:07:24.0625 3560 WudfRd - ok
00:07:24.0656 3560 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:07:24.0812 3560 \Device\Harddisk0\DR0 - ok
00:07:24.0828 3560 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:07:24.0968 3560 \Device\Harddisk1\DR1 - ok
00:07:24.0968 3560 Boot (0x1200) (29d4698d0c072e445cebd8ecca9f07f7) \Device\Harddisk0\DR0\Partition0
00:07:24.0968 3560 \Device\Harddisk0\DR0\Partition0 - ok
00:07:24.0968 3560 Boot (0x1200) (f7324c71e018b08dcd065837869e4629) \Device\Harddisk1\DR1\Partition0
00:07:24.0968 3560 \Device\Harddisk1\DR1\Partition0 - ok
00:07:24.0968 3560 ============================================================
00:07:24.0968 3560 Scan finished
00:07:24.0968 3560 ============================================================
00:07:25.0078 2816 Detected object count: 1
00:07:25.0078 2816 Actual detected object count: 1
00:07:54.0890 2816 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
00:07:54.0890 2816 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:08:30.0218 1740 Deinitialize success

Looks like some unsigned file was all this found.

Edited by SweetTech, 20 December 2011 - 03:30 AM.
removed duplicate logs--ST

Back to top

#4 dudepants

Member

Members
20 posts

Posted 19 December 2011 - 12:49 PM

on a side note, Ping.exe is taking up a ton of memory, I haven't followed any instructions but yours, but it seems like other people have had this problem, too. Maybe other threads would help you to identify the root of this issue?

Back to top

#5 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 20 December 2011 - 03:31 AM

Hi dudepants!

First of all, I apologize for not seeing this sooner. I guess the thread got moved to the spyware forum, and for some reason I didn't get an email notification of the reply you made. Oh well, I hope it's not too late to get started on this. Here are the logs you asked for, and no, it hasn't been resolved yet.

No worries.

on a side note, Ping.exe is taking up a ton of memory, I haven't followed any instructions but yours, but it seems like other people have had this problem, too. Maybe other threads would help you to identify the root of this issue?

Yeah, it looks like the infection you have is causing this. This infection seems to be making its rounds, so there are quite a few people who are experiencing this issue.

Please run this tool:

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Edited by SweetTech, 20 December 2011 - 03:33 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Back to top

#6 dudepants

Member

Members
20 posts

Posted 20 December 2011 - 04:29 PM

Thanks again,

I ran everything as you asked (and only once). It seems better, but I haven't run any other scans yet. I'm not getting any notifications anymore about the tidserv activity 2. I would have normally gotten one by now, especially with a browser open. I THINK it's gone, but maybe there's something in the log that would state otherwise, here it is, and let me know. Also, I'll post if I see anything immediately. Otherwise, it seems better.

ComboFix 11-12-20.04 - Brian 12/20/2011 15:29:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1600 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB58287$\1386397013
c:\windows\$NtUninstallKB58287$\2623242228\@
c:\windows\$NtUninstallKB58287$\2623242228\bckfg.tmp
c:\windows\$NtUninstallKB58287$\2623242228\cfg.ini
c:\windows\$NtUninstallKB58287$\2623242228\Desktop.ini
c:\windows\$NtUninstallKB58287$\2623242228\keywords
c:\windows\$NtUninstallKB58287$\2623242228\kwrd.dll
c:\windows\$NtUninstallKB58287$\2623242228\L\dvmiyrhi
c:\windows\$NtUninstallKB58287$\2623242228\lsflt7.ver
c:\windows\$NtUninstallKB58287$\2623242228\U\00000001.@
c:\windows\$NtUninstallKB58287$\2623242228\U\00000002.@
c:\windows\$NtUninstallKB58287$\2623242228\U\00000004.@
c:\windows\$NtUninstallKB58287$\2623242228\U\80000000.@
c:\windows\$NtUninstallKB58287$\2623242228\U\80000004.@
c:\windows\$NtUninstallKB58287$\2623242228\U\80000032.@
c:\windows\system32\xmlrpw32.dll
c:\windows\$NtUninstallKB58287$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-19 21:34 . 2011-12-19 21:34 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2011-12-14 08:00 . 2011-12-14 08:00 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-12-12 13:56 . 2011-12-13 01:06 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 13:56 . 2011-08-31 22:00 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 13:41 . 2011-12-12 13:41 -------- dc----w- C:\TDSSKiller_Quarantine
2011-12-12 08:30 . 2011-12-12 08:31 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-10 12:12 . 2011-07-06 17:44 27888 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-10 12:12 . 2011-12-10 12:20 -------- dc----w- c:\program files\Common Files\Symantec Shared
2011-12-10 12:12 . 2011-12-10 12:12 60872 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-10 12:12 . 2011-12-10 12:12 126584 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Symantec
2011-12-10 12:12 . 2010-08-21 03:59 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\windows\system32\drivers\N360
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Norton 360
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Windows Sidebar
2011-12-10 12:11 . 2011-12-10 12:11 -------- dc----w- c:\program files\NortonInstaller
2011-12-10 11:54 . 2011-12-10 12:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2011-12-10 11:41 . 2011-12-10 11:41 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-10 11:39 . 2011-12-10 11:39 -------- dc----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-12-09 22:18 . 2011-12-09 22:18 -------- dc----w- c:\documents and settings\Brian\Application Data\searchquband
2011-12-09 17:18 . 2011-12-09 17:18 -------- dc----w- c:\windows\Sun
2011-12-09 17:18 . 2011-12-09 17:18 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\Sun
2011-11-27 23:53 . 2011-11-27 23:53 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\Ilivid Player
2011-11-27 23:52 . 2011-11-27 23:52 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\PackageAware
2011-11-25 08:00 . 2011-11-25 08:00 -------- dc----w- c:\program files\MSXML 4.0
2011-11-23 22:11 . 2010-08-02 21:19 24960 -c--a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-11-23 22:11 . 2010-08-02 21:19 19968 -c--a-w- c:\windows\system32\drivers\lgandgps.sys
2011-11-23 22:11 . 2010-08-02 21:19 20864 -c--a-w- c:\windows\system32\drivers\lganddiag.sys
2011-11-23 22:11 . 2011-11-23 22:11 -------- dc----w- c:\program files\LG Electronics
2011-11-23 22:11 . 2011-05-13 08:21 1416680 -c--a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-11-23 22:11 . 2010-08-02 21:19 25728 -c--a-w- c:\windows\system32\drivers\lgandadb.sys
2011-11-23 22:11 . 2010-08-02 21:19 14336 -c--a-w- c:\windows\system32\drivers\lgandbus.sys
2011-11-23 22:04 . 2011-05-10 18:37 655872 -c--a-w- c:\windows\system32\msvcr90.dll
2011-11-23 22:04 . 2011-05-10 18:37 568832 -c--a-w- c:\windows\system32\msvcp90.dll
2011-11-23 22:04 . 2011-05-10 18:37 224768 -c--a-w- c:\windows\system32\msvcm90.dll
2011-11-23 22:04 . 2006-05-04 13:33 53248 -c--a-w- c:\windows\system32\CommonDL.dll
2011-11-23 22:04 . 2005-11-24 07:34 82432 -c--a-w- c:\windows\system32\msxml4r.dll
2011-11-23 22:04 . 2005-10-04 06:39 44544 -c--a-w- c:\windows\system32\msxml4a.dll
2011-11-23 22:04 . 2011-11-23 22:04 -------- dc----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2011-11-23 21:32 . 2011-11-23 21:32 -------- dc----w- c:\documents and settings\Brian\Application Data\Windows Search
2011-11-21 10:13 . 2011-11-21 10:13 -------- dc----w- c:\documents and settings\Brian\.m2
2011-11-21 10:04 . 2011-11-23 21:55 -------- dc----w- c:\documents and settings\Brian\android-sdks
2011-11-21 09:55 . 2011-12-04 05:10 -------- dc----w- c:\documents and settings\Brian\workspace
2011-11-21 09:54 . 2011-11-23 21:55 -------- dc----w- c:\documents and settings\Brian\.android
2011-11-21 09:54 . 2011-11-21 09:54 -------- dc----w- c:\program files\Android
2011-11-21 09:51 . 2011-12-19 05:36 -------- dc----w- c:\program files\eclipse
2011-11-21 09:43 . 2011-11-21 09:43 -------- dc----w- c:\program files\Common Files\Java
2011-11-21 09:43 . 2011-11-21 09:42 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-11-21 09:43 . 2011-11-21 09:42 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-11-21 09:42 . 2011-11-21 09:42 -------- dc----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2008-04-14 07:00 1859584 -c--a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2008-04-14 11:42 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2008-04-14 11:42 916992 -c--a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 11:41 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 06:07 385024 -c----w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 11:42 1288704 -c--a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 11:41 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 06:54 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 11:41 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-06-20 17:55 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 11:41 599040 -c--a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 01:59 611328 -c--a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 05:00 220160 -c--a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 05:00 20480 -c--a-w- c:\windows\system32\oleaccrc.dll
2009-05-15 01:02 . 2009-05-15 01:02 3392872 -c--a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 01:02 . 2009-05-15 01:02 3298152 -c--a-w- c:\program files\Common Files\adlmint.dll
2011-11-10 08:28 . 2011-07-06 23:45 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-22 20026472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [12/10/2011 7:12 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [12/10/2011 7:12 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 6:52 PM 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [12/10/2011 7:12 AM 136312]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 4:36 PM 86016]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [12/10/2011 7:12 AM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/20/2011 2:49 PM 2214504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/10/2011 7:18 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111219.001\IDSXpx86.sys [12/19/2011 7:14 PM 356280]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [4/14/2008 6:42 AM 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/20/2011 2:44 PM 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [11/23/2011 5:11 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [11/23/2011 5:11 PM 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [11/23/2011 5:11 PM 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [11/23/2011 5:11 PM 24960]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [5/13/2011 3:21 AM 30312]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 3:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 3:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 3:21 AM 136808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\f7py33rj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-xmlproservice - WlStartupEvent
Notify-xmlrpw32 - xmlrpw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 15:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,7e,a1,ba,72,6c,99,47,a9,2e,0a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,7e,a1,ba,72,6c,99,47,a9,2e,0a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(752)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-12-20 15:56:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 20:56
.
Pre-Run: 930,948,763,648 bytes free
Post-Run: 932,436,406,272 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D703D07995FA5161749A636C57126569

Back to top

#7 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 21 December 2011 - 03:13 AM

Hi!

It looks like we still have some work to do.

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
Folder::
c:\windows\$NtUninstallKB58287$
Registry::
Driver::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Back to top

#8 dudepants

Member

Members
20 posts

Posted 22 December 2011 - 02:43 PM

TDSSKiller will most likely have me restart, so here's the combofix log. I'll run the second exe and paste that when it's done

ComboFix 11-12-22.04 - Brian 12/22/2011 14:10:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1381 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB58287$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-19 21:34 . 2011-12-19 21:34 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2011-12-14 08:00 . 2011-12-14 08:00 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-12-12 13:56 . 2011-12-13 01:06 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 13:56 . 2011-08-31 22:00 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 13:41 . 2011-12-12 13:41 -------- dc----w- C:\TDSSKiller_Quarantine
2011-12-12 08:30 . 2011-12-12 08:31 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-10 12:12 . 2011-07-06 17:44 27888 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-10 12:12 . 2011-12-10 12:20 -------- dc----w- c:\program files\Common Files\Symantec Shared
2011-12-10 12:12 . 2011-12-10 12:12 60872 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-10 12:12 . 2011-12-10 12:12 126584 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Symantec
2011-12-10 12:12 . 2010-08-21 03:59 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\windows\system32\drivers\N360
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Norton 360
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Windows Sidebar
2011-12-10 12:11 . 2011-12-10 12:11 -------- dc----w- c:\program files\NortonInstaller
2011-12-10 11:54 . 2011-12-10 12:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2011-12-10 11:41 . 2011-12-10 11:41 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-10 11:39 . 2011-12-10 11:39 -------- dc----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-12-09 22:18 . 2011-12-09 22:18 -------- dc----w- c:\documents and settings\Brian\Application Data\searchquband
2011-12-09 17:18 . 2011-12-09 17:18 -------- dc----w- c:\windows\Sun
2011-12-09 17:18 . 2011-12-09 17:18 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\Sun
2011-11-27 23:53 . 2011-11-27 23:53 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\Ilivid Player
2011-11-27 23:52 . 2011-11-27 23:52 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\PackageAware
2011-11-25 08:00 . 2011-11-25 08:00 -------- dc----w- c:\program files\MSXML 4.0
2011-11-23 22:11 . 2010-08-02 21:19 24960 -c--a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-11-23 22:11 . 2010-08-02 21:19 19968 -c--a-w- c:\windows\system32\drivers\lgandgps.sys
2011-11-23 22:11 . 2010-08-02 21:19 20864 -c--a-w- c:\windows\system32\drivers\lganddiag.sys
2011-11-23 22:11 . 2011-11-23 22:11 -------- dc----w- c:\program files\LG Electronics
2011-11-23 22:11 . 2011-05-13 08:21 1416680 -c--a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-11-23 22:11 . 2010-08-02 21:19 25728 -c--a-w- c:\windows\system32\drivers\lgandadb.sys
2011-11-23 22:11 . 2010-08-02 21:19 14336 -c--a-w- c:\windows\system32\drivers\lgandbus.sys
2011-11-23 22:04 . 2011-05-10 18:37 655872 -c--a-w- c:\windows\system32\msvcr90.dll
2011-11-23 22:04 . 2011-05-10 18:37 568832 -c--a-w- c:\windows\system32\msvcp90.dll
2011-11-23 22:04 . 2011-05-10 18:37 224768 -c--a-w- c:\windows\system32\msvcm90.dll
2011-11-23 22:04 . 2006-05-04 13:33 53248 -c--a-w- c:\windows\system32\CommonDL.dll
2011-11-23 22:04 . 2005-11-24 07:34 82432 -c--a-w- c:\windows\system32\msxml4r.dll
2011-11-23 22:04 . 2005-10-04 06:39 44544 -c--a-w- c:\windows\system32\msxml4a.dll
2011-11-23 22:04 . 2011-11-23 22:04 -------- dc----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2011-11-23 21:32 . 2011-11-23 21:32 -------- dc----w- c:\documents and settings\Brian\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2008-04-14 07:00 1859584 -c--a-w- c:\windows\system32\win32k.sys
2011-11-21 09:42 . 2011-11-21 09:43 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-11-21 09:42 . 2011-11-21 09:43 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2008-04-14 11:42 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2008-04-14 11:42 916992 -c--a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 11:41 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 06:07 385024 -c----w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 11:42 1288704 -c--a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 11:41 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 06:54 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 11:41 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-06-20 17:55 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 11:41 599040 -c--a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 01:59 611328 -c--a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 05:00 220160 -c--a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 05:00 20480 -c--a-w- c:\windows\system32\oleaccrc.dll
2009-05-15 01:02 . 2009-05-15 01:02 3392872 -c--a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 01:02 . 2009-05-15 01:02 3298152 -c--a-w- c:\program files\Common Files\adlmint.dll
2011-11-10 08:28 . 2011-07-06 23:45 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-20_20.54.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-20 20:45 . 2011-12-20 20:45 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2011-12-22 19:20 . 2011-12-22 19:20 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2011-12-22 19:19 . 2011-12-22 19:19 16384 c:\windows\Temp\Perflib_Perfdata_640.dat
+ 2004-08-04 05:00 . 2011-12-22 19:23 79072 c:\windows\system32\perfc009.dat
- 2004-08-04 05:00 . 2011-12-20 20:48 79072 c:\windows\system32\perfc009.dat
+ 2004-08-04 05:00 . 2011-12-22 19:23 463570 c:\windows\system32\perfh009.dat
- 2004-08-04 05:00 . 2011-12-20 20:48 463570 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-22 20026472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [12/10/2011 7:12 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [12/10/2011 7:12 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [12/21/2011 9:51 PM 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [12/10/2011 7:12 AM 136312]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 4:36 PM 86016]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [12/10/2011 7:12 AM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/20/2011 2:49 PM 2214504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/10/2011 7:18 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111221.001\IDSXpx86.sys [12/21/2011 9:52 PM 356280]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [4/14/2008 6:42 AM 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/20/2011 2:44 PM 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [11/23/2011 5:11 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [11/23/2011 5:11 PM 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [11/23/2011 5:11 PM 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [11/23/2011 5:11 PM 24960]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [5/13/2011 3:21 AM 30312]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 3:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 3:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 3:21 AM 136808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\f7py33rj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-22 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,7e,a1,ba,72,6c,99,47,a9,2e,0a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,7e,a1,ba,72,6c,99,47,a9,2e,0a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(752)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-12-22 14:35:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 19:35
ComboFix2.txt 2011-12-22 18:40
ComboFix3.txt 2011-12-20 20:56
.
Pre-Run: 932,495,626,240 bytes free
Post-Run: 932,504,662,016 bytes free
.
- - End Of File - - 76682B7ADCF5F6DCE8954469C106AB31

Back to top

#9 dudepants

Member

Members
20 posts

Posted 22 December 2011 - 02:48 PM

Here is the TDSSKiller log

Thanks again,
Brian

14:42:44.0156 3656 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
14:42:44.0437 3656 ============================================================
14:42:44.0437 3656 Current date / time: 2011/12/22 14:42:44.0437
14:42:44.0437 3656 SystemInfo:
14:42:44.0437 3656
14:42:44.0437 3656 OS Version: 5.1.2600 ServicePack: 3.0
14:42:44.0437 3656 Product type: Workstation
14:42:44.0437 3656 ComputerName: BRIAN-0003BCE36
14:42:44.0437 3656 UserName: Brian
14:42:44.0437 3656 Windows directory: C:\WINDOWS
14:42:44.0437 3656 System windows directory: C:\WINDOWS
14:42:44.0437 3656 Processor architecture: Intel x86
14:42:44.0437 3656 Number of processors: 2
14:42:44.0437 3656 Page size: 0x1000
14:42:44.0437 3656 Boot type: Normal boot
14:42:44.0437 3656 ============================================================
14:42:44.0703 3656 Initialize success
14:43:09.0546 4028 ============================================================
14:43:09.0546 4028 Scan started
14:43:09.0546 4028 Mode: Manual; SigCheck; TDLFS;
14:43:09.0546 4028 ============================================================
14:43:09.0750 4028 Abiosdsk - ok
14:43:09.0750 4028 abp480n5 - ok
14:43:09.0796 4028 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:43:10.0593 4028 ACPI - ok
14:43:10.0671 4028 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:43:10.0765 4028 ACPIEC - ok
14:43:10.0796 4028 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
14:43:10.0812 4028 adfs - ok
14:43:10.0828 4028 adpu160m - ok
14:43:10.0859 4028 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:43:10.0953 4028 aec - ok
14:43:10.0984 4028 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:43:11.0015 4028 AFD - ok
14:43:11.0078 4028 Aha154x - ok
14:43:11.0078 4028 aic78u2 - ok
14:43:11.0093 4028 aic78xx - ok
14:43:11.0109 4028 AliIde - ok
14:43:11.0156 4028 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
14:43:11.0265 4028 Ambfilt - ok
14:43:11.0281 4028 amsint - ok
14:43:11.0312 4028 Andbus (19f9b865832fc563ed8eed449cb4ff31) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
14:43:11.0375 4028 Andbus - ok
14:43:11.0390 4028 AndDiag (c896b7dcd81862cb51e5c2ebcf0b50ca) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
14:43:11.0421 4028 AndDiag - ok
14:43:11.0484 4028 AndGps (2d4f4ee70eb5a03cffaa50e6d6b67bc8) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
14:43:11.0515 4028 AndGps - ok
14:43:11.0531 4028 ANDModem (13947a4e2343d1dae526fb9b8e7898dc) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
14:43:11.0531 4028 ANDModem - ok
14:43:11.0562 4028 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
14:43:11.0578 4028 androidusb - ok
14:43:11.0578 4028 asc - ok
14:43:11.0593 4028 asc3350p - ok
14:43:11.0609 4028 asc3550 - ok
14:43:11.0640 4028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:43:11.0718 4028 AsyncMac - ok
14:43:11.0750 4028 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:43:11.0843 4028 atapi - ok
14:43:11.0890 4028 Atdisk - ok
14:43:11.0921 4028 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:43:12.0015 4028 Atmarpc - ok
14:43:12.0046 4028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:43:12.0125 4028 audstub - ok
14:43:12.0140 4028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:43:12.0234 4028 Beep - ok
14:43:12.0343 4028 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
14:43:12.0375 4028 BHDrvx86 - ok
14:43:12.0375 4028 catchme - ok
14:43:12.0468 4028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:43:12.0562 4028 cbidf2k - ok
14:43:12.0578 4028 cd20xrnt - ok
14:43:12.0593 4028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:43:12.0671 4028 Cdaudio - ok
14:43:12.0718 4028 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:43:12.0812 4028 Cdfs - ok
14:43:12.0812 4028 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:43:12.0906 4028 Cdrom - ok
14:43:12.0921 4028 Changer - ok
14:43:12.0937 4028 CmdIde - ok
14:43:12.0953 4028 Cpqarray - ok
14:43:12.0953 4028 dac2w2k - ok
14:43:12.0968 4028 dac960nt - ok
14:43:13.0000 4028 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:43:13.0078 4028 Disk - ok
14:43:13.0156 4028 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:43:13.0281 4028 dmboot - ok
14:43:13.0296 4028 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:43:13.0390 4028 dmio - ok
14:43:13.0421 4028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:43:13.0515 4028 dmload - ok
14:43:13.0546 4028 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:43:13.0640 4028 DMusic - ok
14:43:13.0703 4028 dpti2o - ok
14:43:13.0718 4028 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:43:13.0812 4028 drmkaud - ok
14:43:13.0875 4028 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:43:13.0890 4028 eeCtrl - ok
14:43:13.0906 4028 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:43:13.0921 4028 EraserUtilRebootDrv - ok
14:43:13.0953 4028 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:43:14.0046 4028 Fastfat - ok
14:43:14.0125 4028 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:43:14.0218 4028 Fdc - ok
14:43:14.0250 4028 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:43:14.0343 4028 Fips - ok
14:43:14.0359 4028 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:43:14.0453 4028 Flpydisk - ok
14:43:14.0484 4028 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:43:14.0593 4028 FltMgr - ok
14:43:14.0640 4028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:43:14.0734 4028 Fs_Rec - ok
14:43:14.0750 4028 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:43:14.0843 4028 Ftdisk - ok
14:43:14.0875 4028 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:43:14.0890 4028 GEARAspiWDM - ok
14:43:14.0921 4028 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:43:15.0015 4028 Gpc - ok
14:43:15.0046 4028 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:43:15.0140 4028 HDAudBus - ok
14:43:15.0171 4028 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:43:15.0265 4028 hidusb - ok
14:43:15.0328 4028 hpn - ok
14:43:15.0359 4028 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:43:15.0390 4028 HTTP - ok
14:43:15.0390 4028 i2omgmt - ok
14:43:15.0406 4028 i2omp - ok
14:43:15.0437 4028 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:43:15.0531 4028 i8042prt - ok
14:43:15.0625 4028 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111221.001\IDSxpx86.sys
14:43:15.0656 4028 IDSxpx86 - ok
14:43:15.0718 4028 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:43:15.0812 4028 Imapi - ok
14:43:15.0828 4028 ini910u - ok
14:43:15.0968 4028 IntcAzAudAddService (921f2452a8d3a10083ddd824fc8c267f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:43:16.0265 4028 IntcAzAudAddService - ok
14:43:16.0265 4028 IntelIde - ok
14:43:16.0296 4028 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:43:16.0390 4028 intelppm - ok
14:43:16.0468 4028 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:43:16.0562 4028 Ip6Fw - ok
14:43:16.0578 4028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:43:16.0671 4028 IpFilterDriver - ok
14:43:16.0687 4028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:43:16.0781 4028 IpInIp - ok
14:43:16.0812 4028 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:43:16.0890 4028 IpNat - ok
14:43:16.0921 4028 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:43:17.0000 4028 IPSec - ok
14:43:17.0031 4028 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:43:17.0062 4028 IRENUM - ok
14:43:17.0109 4028 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:43:17.0187 4028 isapnp - ok
14:43:17.0250 4028 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:43:17.0343 4028 Kbdclass - ok
14:43:17.0359 4028 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:43:17.0453 4028 kbdhid - ok
14:43:17.0484 4028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:43:17.0593 4028 kmixer - ok
14:43:17.0609 4028 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:43:17.0640 4028 KSecDD - ok
14:43:17.0703 4028 lbrtfdc - ok
14:43:17.0718 4028 MBAMSwissArmy - ok
14:43:17.0750 4028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:43:17.0859 4028 mnmdd - ok
14:43:17.0890 4028 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:43:17.0968 4028 Modem - ok
14:43:18.0031 4028 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
14:43:18.0109 4028 Monfilt - ok
14:43:18.0125 4028 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:43:18.0218 4028 Mouclass - ok
14:43:18.0296 4028 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:43:18.0390 4028 mouhid - ok
14:43:18.0421 4028 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:43:18.0531 4028 MountMgr - ok
14:43:18.0531 4028 mraid35x - ok
14:43:18.0546 4028 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:43:18.0640 4028 MRxDAV - ok
14:43:18.0687 4028 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:43:18.0734 4028 MRxSmb - ok
14:43:18.0796 4028 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:43:18.0890 4028 Msfs - ok
14:43:18.0921 4028 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:43:19.0000 4028 MSKSSRV - ok
14:43:19.0015 4028 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:43:19.0109 4028 MSPCLOCK - ok
14:43:19.0109 4028 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:43:19.0218 4028 MSPQM - ok
14:43:19.0234 4028 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:43:19.0328 4028 mssmbios - ok
14:43:19.0343 4028 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:43:19.0375 4028 Mup - ok
14:43:19.0468 4028 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111222.002\NAVENG.SYS
14:43:19.0484 4028 NAVENG - ok
14:43:19.0546 4028 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111222.002\NAVEX15.SYS
14:43:19.0656 4028 NAVEX15 - ok
14:43:19.0734 4028 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:43:19.0828 4028 NDIS - ok
14:43:19.0843 4028 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:43:19.0875 4028 NdisTapi - ok
14:43:19.0890 4028 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:43:19.0984 4028 Ndisuio - ok
14:43:20.0000 4028 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:43:20.0093 4028 NdisWan - ok
14:43:20.0109 4028 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:43:20.0125 4028 NDProxy - ok
14:43:20.0203 4028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:43:20.0312 4028 NetBIOS - ok
14:43:20.0328 4028 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:43:20.0421 4028 NetBT - ok
14:43:20.0453 4028 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:43:20.0531 4028 Npfs - ok
14:43:20.0578 4028 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:43:20.0671 4028 Ntfs - ok
14:43:20.0718 4028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:43:20.0796 4028 Null - ok
14:43:21.0140 4028 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:43:21.0843 4028 nv - ok
14:43:21.0937 4028 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:43:21.0953 4028 NVENETFD - ok
14:43:21.0984 4028 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:43:22.0000 4028 nvnetbus - ok
14:43:22.0031 4028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:43:22.0109 4028 NwlnkFlt - ok
14:43:22.0125 4028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:43:22.0218 4028 NwlnkFwd - ok
14:43:22.0265 4028 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:43:22.0359 4028 Parport - ok
14:43:22.0437 4028 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:43:22.0515 4028 PartMgr - ok
14:43:22.0546 4028 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:43:22.0640 4028 ParVdm - ok
14:43:22.0656 4028 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:43:22.0750 4028 PCI - ok
14:43:22.0750 4028 PCIDump - ok
14:43:22.0781 4028 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:43:22.0859 4028 PCIIde - ok
14:43:22.0890 4028 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:43:22.0984 4028 Pcmcia - ok
14:43:23.0031 4028 PDCOMP - ok
14:43:23.0046 4028 PDFRAME - ok
14:43:23.0062 4028 PDRELI - ok
14:43:23.0062 4028 PDRFRAME - ok
14:43:23.0078 4028 perc2 - ok
14:43:23.0078 4028 perc2hib - ok
14:43:23.0109 4028 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:43:23.0203 4028 PptpMiniport - ok
14:43:23.0203 4028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:43:23.0296 4028 PSched - ok
14:43:23.0312 4028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:43:23.0406 4028 Ptilink - ok
14:43:23.0406 4028 ql1080 - ok
14:43:23.0421 4028 Ql10wnt - ok
14:43:23.0437 4028 ql12160 - ok
14:43:23.0437 4028 ql1240 - ok
14:43:23.0453 4028 ql1280 - ok
14:43:23.0468 4028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:43:23.0562 4028 RasAcd - ok
14:43:23.0640 4028 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:43:23.0734 4028 Rasl2tp - ok
14:43:23.0750 4028 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:43:23.0843 4028 RasPppoe - ok
14:43:23.0843 4028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:43:23.0937 4028 Raspti - ok
14:43:23.0953 4028 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:43:24.0046 4028 Rdbss - ok
14:43:24.0093 4028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:43:24.0171 4028 RDPCDD - ok
14:43:24.0203 4028 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:43:24.0281 4028 rdpdr - ok
14:43:24.0328 4028 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:43:24.0359 4028 RDPWD - ok
14:43:24.0406 4028 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:43:24.0515 4028 redbook - ok
14:43:24.0578 4028 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:43:24.0609 4028 Secdrv - ok
14:43:24.0640 4028 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:43:24.0718 4028 serenum - ok
14:43:24.0734 4028 Serial (411503e991a0156b25e0ad40629e1fdf) C:\WINDOWS\system32\DRIVERS\serial.sys
14:43:24.0750 4028 Serial ( UnsignedFile.Multi.Generic ) - warning
14:43:24.0750 4028 Serial - detected UnsignedFile.Multi.Generic (1)
14:43:24.0765 4028 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:43:24.0859 4028 Sfloppy - ok
14:43:24.0921 4028 Simbad - ok
14:43:24.0937 4028 Sparrow - ok
14:43:24.0968 4028 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:43:25.0046 4028 splitter - ok
14:43:25.0078 4028 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:43:25.0125 4028 sr - ok
14:43:25.0187 4028 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS
14:43:25.0218 4028 SRTSP - ok
14:43:25.0296 4028 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
14:43:25.0312 4028 SRTSPX - ok
14:43:25.0343 4028 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:43:25.0375 4028 Srv - ok
14:43:25.0406 4028 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
14:43:25.0421 4028 ssadbus - ok
14:43:25.0453 4028 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
14:43:25.0453 4028 ssadmdfl - ok
14:43:25.0531 4028 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
14:43:25.0546 4028 ssadmdm - ok
14:43:25.0562 4028 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:43:25.0671 4028 swenum - ok
14:43:25.0687 4028 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:43:25.0781 4028 swmidi - ok
14:43:25.0796 4028 symc810 - ok
14:43:25.0812 4028 symc8xx - ok
14:43:25.0875 4028 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
14:43:25.0906 4028 SymDS - ok
14:43:26.0000 4028 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
14:43:26.0046 4028 SymEFA - ok
14:43:26.0062 4028 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:43:26.0078 4028 SymEvent - ok
14:43:26.0093 4028 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
14:43:26.0109 4028 SymIRON - ok
14:43:26.0125 4028 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
14:43:26.0156 4028 SYMTDI - ok
14:43:26.0156 4028 sym_hi - ok
14:43:26.0171 4028 sym_u3 - ok
14:43:26.0203 4028 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:43:26.0296 4028 sysaudio - ok
14:43:26.0390 4028 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:43:26.0437 4028 Tcpip - ok
14:43:26.0468 4028 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:43:26.0546 4028 TDPIPE - ok
14:43:26.0562 4028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:43:26.0656 4028 TDTCP - ok
14:43:26.0671 4028 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:43:26.0750 4028 TermDD - ok
14:43:26.0765 4028 TosIde - ok
14:43:26.0812 4028 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:43:26.0906 4028 Udfs - ok
14:43:26.0968 4028 ultra - ok
14:43:26.0984 4028 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:43:27.0093 4028 Update - ok
14:43:27.0109 4028 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:43:27.0218 4028 usbccgp - ok
14:43:27.0250 4028 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:43:27.0328 4028 usbehci - ok
14:43:27.0468 4028 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:43:27.0578 4028 usbhub - ok
14:43:27.0640 4028 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:43:27.0734 4028 usbohci - ok
14:43:27.0828 4028 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:43:27.0953 4028 usbprint - ok
14:43:27.0968 4028 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:43:28.0062 4028 USBSTOR - ok
14:43:28.0093 4028 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:43:28.0187 4028 VgaSave - ok
14:43:28.0203 4028 ViaIde - ok
14:43:28.0234 4028 viamraid (79d0dcf683856593309601f4089f758a) C:\WINDOWS\system32\DRIVERS\viamraid.sys
14:43:28.0250 4028 viamraid - ok
14:43:28.0265 4028 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:43:28.0359 4028 VolSnap - ok
14:43:28.0375 4028 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:43:28.0468 4028 Wanarp - ok
14:43:28.0515 4028 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:43:28.0546 4028 Wdf01000 - ok
14:43:28.0562 4028 WDICA - ok
14:43:28.0593 4028 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:43:28.0687 4028 wdmaud - ok
14:43:28.0734 4028 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:43:28.0828 4028 WmiAcpi - ok
14:43:28.0921 4028 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:43:28.0953 4028 WudfPf - ok
14:43:28.0984 4028 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:43:29.0000 4028 WudfRd - ok
14:43:29.0031 4028 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:43:29.0203 4028 \Device\Harddisk0\DR0 - ok
14:43:29.0203 4028 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:43:29.0359 4028 \Device\Harddisk1\DR1 - ok
14:43:29.0359 4028 Boot (0x1200) (29d4698d0c072e445cebd8ecca9f07f7) \Device\Harddisk0\DR0\Partition0
14:43:29.0359 4028 \Device\Harddisk0\DR0\Partition0 - ok
14:43:29.0375 4028 Boot (0x1200) (f7324c71e018b08dcd065837869e4629) \Device\Harddisk1\DR1\Partition0
14:43:29.0375 4028 \Device\Harddisk1\DR1\Partition0 - ok
14:43:29.0375 4028 ============================================================
14:43:29.0375 4028 Scan finished
14:43:29.0375 4028 ============================================================
14:43:29.0484 4036 Detected object count: 1
14:43:29.0484 4036 Actual detected object count: 1
14:43:54.0359 4036 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
14:43:54.0359 4036 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip

Back to top

#10 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 23 December 2011 - 03:23 AM

Hi Brian!

This infection is being extremely stubborn.

Please download GrantPerms.zip and save it to your desktop.

Unzip the file and run GrantPerms.exe
Copy and paste the following in the edit box:

c:\windows\$NtUninstallKB58287$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

NEXT:

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
c:\windows\$NtUninstallKB58287$
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Back to top

#11 dudepants

Member

Members
20 posts

Posted 23 December 2011 - 10:31 PM

Sorry, it looks like it's still there.

I did both steps and it doesn't look like it's deleting what it's supposed to...have a look, though.

Thanks again,
Brian

ComboFix 11-12-23.01 - Brian 12/23/2011 20:03:46.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1460 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB58287$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
.
.
2011-12-19 21:34 . 2011-12-19 21:34 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2011-12-14 08:00 . 2011-12-14 08:00 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-12-12 13:56 . 2011-12-13 01:06 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 13:56 . 2011-08-31 22:00 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 13:41 . 2011-12-12 13:41 -------- dc----w- C:\TDSSKiller_Quarantine
2011-12-12 08:30 . 2011-12-12 08:31 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-10 12:12 . 2011-07-06 17:44 27888 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-10 12:12 . 2011-12-10 12:20 -------- dc----w- c:\program files\Common Files\Symantec Shared
2011-12-10 12:12 . 2011-12-10 12:12 60872 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-10 12:12 . 2011-12-10 12:12 126584 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Symantec
2011-12-10 12:12 . 2010-08-21 03:59 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\windows\system32\drivers\N360
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Norton 360
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Windows Sidebar
2011-12-10 12:11 . 2011-12-10 12:11 -------- dc----w- c:\program files\NortonInstaller
2011-12-10 11:54 . 2011-12-10 12:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2011-12-10 11:41 . 2011-12-10 11:41 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-10 11:39 . 2011-12-10 11:39 -------- dc----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-12-09 22:18 . 2011-12-09 22:18 -------- dc----w- c:\documents and settings\Brian\Application Data\searchquband
2011-12-09 17:18 . 2011-12-09 17:18 -------- dc----w- c:\windows\Sun
2011-12-09 17:18 . 2011-12-09 17:18 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\Sun
2011-11-27 23:53 . 2011-11-27 23:53 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\Ilivid Player
2011-11-27 23:52 . 2011-11-27 23:52 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\PackageAware
2011-11-25 08:00 . 2011-11-25 08:00 -------- dc----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2008-04-14 07:00 1859584 -c--a-w- c:\windows\system32\win32k.sys
2011-11-21 09:42 . 2011-11-21 09:43 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-11-21 09:42 . 2011-11-21 09:43 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2008-04-14 11:42 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2008-04-14 11:42 916992 -c--a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 11:41 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 06:07 385024 -c----w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 11:42 1288704 -c--a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 11:41 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 06:54 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 11:41 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-06-20 17:55 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 11:41 599040 -c--a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 01:59 611328 -c--a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 05:00 220160 -c--a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 05:00 20480 -c--a-w- c:\windows\system32\oleaccrc.dll
2009-05-15 01:02 . 2009-05-15 01:02 3392872 -c--a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 01:02 . 2009-05-15 01:02 3298152 -c--a-w- c:\program files\Common Files\adlmint.dll
2011-11-10 08:28 . 2011-07-06 23:45 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-20_20.54.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-24 01:14 . 2011-12-24 01:14 16384 c:\windows\Temp\Perflib_Perfdata_670.dat
+ 2011-12-24 01:13 . 2011-12-24 01:13 16384 c:\windows\Temp\Perflib_Perfdata_644.dat
+ 2004-08-04 05:00 . 2011-12-24 01:17 79072 c:\windows\system32\perfc009.dat
- 2004-08-04 05:00 . 2011-12-20 20:48 79072 c:\windows\system32\perfc009.dat
+ 2004-08-04 05:00 . 2011-12-24 01:17 463570 c:\windows\system32\perfh009.dat
- 2004-08-04 05:00 . 2011-12-20 20:48 463570 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-22 20026472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [12/10/2011 7:12 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [12/10/2011 7:12 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [12/21/2011 9:51 PM 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [12/10/2011 7:12 AM 136312]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 4:36 PM 86016]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [12/10/2011 7:12 AM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/20/2011 2:49 PM 2214504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/10/2011 7:18 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111223.001\IDSXpx86.sys [12/23/2011 7:54 PM 356280]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [4/14/2008 6:42 AM 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/20/2011 2:44 PM 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [11/23/2011 5:11 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [11/23/2011 5:11 PM 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [11/23/2011 5:11 PM 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [11/23/2011 5:11 PM 24960]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [5/13/2011 3:21 AM 30312]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 3:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 3:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 3:21 AM 136808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\f7py33rj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,7e,a1,ba,72,6c,99,47,a9,2e,0a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,7e,a1,ba,72,6c,99,47,a9,2e,0a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.

Back to top

#12 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 28 December 2011 - 02:59 AM

Good Evening!

Apologizes in the delay in responding back to you. I did not intend to make you wait this long for a response, but with the holidays, and then getting sick, it couldn't of been helped. I should be back to posting at more regular intervals now. I hope you are enjoying the holidays!

That folder is part of the ZAccess infection, and we need to get it removed. I'm going to need to do some research on this and see what other options we may have to take in getting rid of this folder.

Please do me a favor and respond back to this post, so that it gets bumped back up in my queue.

I hope to have some instructions for you to take soon.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Back to top

#13 dudepants

Member

Members
20 posts

Posted 29 December 2011 - 12:08 AM

bumping per your request

Back to top

#14 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 29 December 2011 - 03:57 AM

Hi!

Thanks for bumping it back up for me.

Lets take a look at this unsigned driver and see what we can find out about it.

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
SRPeek::
C:\WINDOWS\system32\DRIVERS\serial.sys
FileLook::
C:\WINDOWS\system32\DRIVERS\serial.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Back to top

#15 dudepants

Member

Members
20 posts

Posted 30 December 2011 - 12:32 AM

Here is the log you asked for

ComboFix 11-12-29.05 - Brian 12/30/2011 0:15.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1596 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-19 21:34 . 2011-12-19 21:34 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2011-12-14 08:00 . 2011-12-14 08:00 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-12-12 13:56 . 2011-12-13 01:06 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 13:56 . 2011-08-31 22:00 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 13:41 . 2011-12-12 13:41 -------- dc----w- C:\TDSSKiller_Quarantine
2011-12-12 08:30 . 2011-12-12 08:31 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-10 12:12 . 2011-07-06 17:44 27888 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-10 12:12 . 2011-12-10 12:20 -------- dc----w- c:\program files\Common Files\Symantec Shared
2011-12-10 12:12 . 2011-12-10 12:12 60872 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-10 12:12 . 2011-12-10 12:12 126584 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Symantec
2011-12-10 12:12 . 2010-08-21 03:59 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\windows\system32\drivers\N360
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Norton 360
2011-12-10 12:12 . 2011-12-10 12:12 -------- dc----w- c:\program files\Windows Sidebar
2011-12-10 12:11 . 2011-12-10 12:11 -------- dc----w- c:\program files\NortonInstaller
2011-12-10 11:54 . 2011-12-10 12:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2011-12-10 11:41 . 2011-12-10 11:41 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-10 11:39 . 2011-12-10 11:39 -------- dc----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-12-09 22:18 . 2011-12-09 22:18 -------- dc----w- c:\documents and settings\Brian\Application Data\searchquband
2011-12-09 17:18 . 2011-12-09 17:18 -------- dc----w- c:\windows\Sun
2011-12-09 17:18 . 2011-12-09 17:18 -------- dc----w- c:\documents and settings\Brian\Local Settings\Application Data\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2008-04-14 07:00 1859584 -c--a-w- c:\windows\system32\win32k.sys
2011-11-21 09:42 . 2011-11-21 09:43 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-11-21 09:42 . 2011-11-21 09:43 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2008-04-14 11:42 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2008-04-14 11:42 916992 -c--a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 11:41 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 06:07 385024 -c----w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 11:42 1288704 -c--a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 11:41 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 06:54 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 11:41 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-06-20 17:55 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2009-05-15 01:02 . 2009-05-15 01:02 3392872 -c--a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 01:02 . 2009-05-15 01:02 3298152 -c--a-w- c:\program files\Common Files\adlmint.dll
2011-11-10 08:28 . 2011-07-06 23:45 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\DRIVERS\serial.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 64512
Created time: 2008-04-14 06:45
Modified time: 2008-04-14 06:45
MD5: 411503E991A0156B25E0AD40629E1FDF
SHA1: E07BE6C208124F530D231BCBEB78019014F5625F
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((( SnapShot@2011-12-20_20.54.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 05:26 . 2011-12-30 05:26 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
+ 2011-12-30 05:27 . 2011-12-30 05:27 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
+ 2004-08-04 05:00 . 2011-12-30 05:19 79072 c:\windows\system32\perfc009.dat
- 2004-08-04 05:00 . 2011-12-20 20:48 79072 c:\windows\system32\perfc009.dat
+ 2004-08-04 05:00 . 2011-12-30 05:19 463570 c:\windows\system32\perfh009.dat
- 2004-08-04 05:00 . 2011-12-20 20:48 463570 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-22 20026472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [12/10/2011 7:12 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [12/10/2011 7:12 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [12/21/2011 9:51 PM 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [12/10/2011 7:12 AM 136312]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 4:36 PM 86016]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [12/10/2011 7:12 AM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/20/2011 2:49 PM 2214504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/10/2011 7:18 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSXpx86.sys [12/28/2011 9:18 PM 356280]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [4/14/2008 6:42 AM 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/20/2011 2:44 PM 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [11/23/2011 5:11 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [11/23/2011 5:11 PM 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [11/23/2011 5:11 PM 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [11/23/2011 5:11 PM 24960]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [5/13/2011 3:21 AM 30312]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 3:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 3:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 3:21 AM 136808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\f7py33rj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,7e,a1,ba,72,6c,99,47,a9,2e,0a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,7e,a1,ba,72,6c,99,47,a9,2e,0a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(752)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-12-30 00:29:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 05:29
ComboFix2.txt 2011-12-24 02:11
ComboFix3.txt 2011-12-24 01:00
ComboFix4.txt 2011-12-22 19:35
ComboFix5.txt 2011-12-30 05:10
.
Pre-Run: 932,216,131,584 bytes free
Post-Run: 932,194,734,080 bytes free
.
- - End Of File - - AC95044C77E74D3893293D31EFBEDD9B