Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads running in background


  • This topic is locked This topic is locked
18 replies to this topic

#1 S.c0tty

S.c0tty

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 26 June 2012 - 06:15 PM

Ads have been running in the background with nothing else open for about 3 days now..



Computer Info:

OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Intel® G33/G31 Express Chipset Family, 128 Mb
Hard Drives: C: Total - 234982 MB, Free - 191077 MB;
Motherboard: Dell Inc., 0RY007
Antivirus: Norton Security Suite, Updated: Yes, On-Demand Scanner: Enabled


Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:59:06 PM, on 6/26/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (file missing)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Cure.exe] C:\Documents and Settings\Scotty\Local Settings\Temp\
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [upd_debug.exe] "C:\Documents and Settings\Scotty\Application Data\B5FBFDC7CA0712315894BC50592C0097\upd_debug.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [upd_debug.exe] "C:\Documents and Settings\Scotty\Application Data\B5FBFDC7CA0712315894BC50592C0097\upd_debug.exe" (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9735 bytes




MBAB:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Scotty :: SCOTT [administrator]

6/26/2012 6:59:24 PM
mbam-log-2012-06-26 (18-59-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241222
Time elapsed: 15 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Help greatly appreciated :)

Edited by S.c0tty, 26 June 2012 - 06:18 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 27 June 2012 - 01:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 S.c0tty

S.c0tty
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 June 2012 - 04:03 AM

Security Check up:

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java™ 6 Update 33
Java™ 7 Update 5
Adobe Flash Player 11.3.300.262
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````


DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Scotty at 4:56:05 on 2012-06-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.743 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ZoneAlarm Firewall *Disabled*
FW: Norton Security Suite *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Scotty\My Documents\Downloads\SecurityCheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page =
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Cure.exe] c:\documents and settings\scotty\local settings\temp\
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4415FC90-EA17-4390-AC08-77BC3D131594} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scotty\application data\mozilla\firefox\profiles\mm6vlnz7.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-4-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-4-23 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-18 821920]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-4-23 136312]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-1-27 226624]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-4-23 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-4 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120626.001\IDSXpx86.sys [2012-6-26 369632]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120626.019\NAVENG.SYS [2012-6-26 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120626.019\NAVEX15.SYS [2012-6-26 1589752]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys --> c:\windows\system32\drivers\n360\0403000.005\ccHPx86.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 250056]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-10-30 6016]
S3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [2004-3-9 108032]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-10-30 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-10-30 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-10-30 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-10-30 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-10-30 9472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-19 113120]
S3 Normandy;Normandy SR2; [x]
.
=============== Created Last 30 ================
.
2012-06-25 18:30:43 388096 ----a-r- c:\documents and settings\scotty\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-25 18:30:42 -------- d-----w- c:\program files\Trend Micro
2012-06-25 15:18:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-25 15:18:31 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-06-25 00:54:06 81984 ----a-w- c:\windows\system32\bdod.bin
2012-06-25 00:26:23 -------- d-----w- c:\documents and settings\all users\application data\BitDefender
2012-06-25 00:14:34 -------- d-----w- c:\program files\common files\BitDefender
2012-06-24 19:50:24 -------- d-----w- c:\windows\pss
2012-06-21 21:39:14 -------- d-----w- c:\documents and settings\scotty\local settings\application data\Sun
2012-06-21 21:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-21 21:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-21 21:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-21 21:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-21 21:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-21 21:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-21 21:23:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-06-21 21:17:30 -------- d-----w- c:\program files\Oracle
2012-06-12 23:42:04 -------- d-----w- c:\program files\Microsoft
2012-06-12 23:40:22 -------- dc-h--w- c:\windows\ie8
2012-06-12 23:40:12 -------- d--h--w- c:\windows\msdownld.tmp
2012-06-12 21:41:39 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-12 21:41:39 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2012-06-27 04:41:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-27 04:41:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2594B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a26093c]; MOV EAX, [0x8a260ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A903AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000071[0x8A905F18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8A94F940]
\Driver\atapi[0x8A2828B8] -> IRP_MJ_CREATE -> 0x8A2594B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2592E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 4:58:11.32 ===============



2nd Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/16/2008 10:27:15 PM
System Uptime: 6/27/2012 4:47:20 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 186.408 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP222: 3/29/2012 11:31:33 PM - System Checkpoint
RP223: 3/31/2012 12:35:49 AM - System Checkpoint
RP224: 4/1/2012 1:16:46 AM - System Checkpoint
RP225: 4/2/2012 3:40:39 AM - System Checkpoint
RP226: 4/3/2012 4:16:50 AM - System Checkpoint
RP227: 4/4/2012 7:04:08 AM - System Checkpoint
RP228: 4/5/2012 7:16:50 AM - System Checkpoint
RP229: 4/6/2012 8:16:51 AM - System Checkpoint
RP230: 4/7/2012 9:16:50 AM - System Checkpoint
RP231: 4/8/2012 10:17:59 AM - System Checkpoint
RP232: 4/9/2012 11:30:10 AM - System Checkpoint
RP233: 4/10/2012 12:16:14 PM - System Checkpoint
RP234: 4/11/2012 12:17:20 PM - System Checkpoint
RP235: 4/11/2012 6:57:13 PM - Software Distribution Service 3.0
RP236: 4/12/2012 7:09:02 PM - System Checkpoint
RP237: 4/22/2012 6:18:57 PM - System Checkpoint
RP238: 4/23/2012 6:55:32 PM - System Checkpoint
RP239: 4/24/2012 7:43:33 PM - System Checkpoint
RP240: 4/25/2012 8:43:32 PM - System Checkpoint
RP241: 4/26/2012 9:09:49 PM - System Checkpoint
RP242: 4/27/2012 9:55:33 PM - System Checkpoint
RP243: 4/28/2012 10:55:33 PM - System Checkpoint
RP244: 4/29/2012 11:36:54 PM - System Checkpoint
RP245: 4/30/2012 11:45:04 PM - System Checkpoint
RP246: 5/2/2012 12:12:56 AM - System Checkpoint
RP247: 5/3/2012 2:19:16 AM - System Checkpoint
RP248: 5/4/2012 7:44:55 AM - System Checkpoint
RP249: 5/5/2012 9:44:32 AM - System Checkpoint
RP250: 5/6/2012 10:31:27 AM - System Checkpoint
RP251: 5/7/2012 10:38:04 AM - System Checkpoint
RP252: 5/8/2012 11:11:59 AM - System Checkpoint
RP253: 5/9/2012 12:49:47 PM - System Checkpoint
RP254: 5/10/2012 6:01:56 PM - System Checkpoint
RP255: 5/11/2012 3:00:16 AM - Software Distribution Service 3.0
RP256: 5/12/2012 3:17:50 AM - System Checkpoint
RP257: 5/13/2012 9:30:11 AM - System Checkpoint
RP258: 5/14/2012 9:30:30 AM - System Checkpoint
RP259: 5/15/2012 10:30:33 AM - System Checkpoint
RP260: 5/16/2012 12:36:59 PM - System Checkpoint
RP261: 5/17/2012 1:34:59 PM - System Checkpoint
RP262: 5/18/2012 4:33:24 PM - System Checkpoint
RP263: 5/19/2012 5:14:52 PM - System Checkpoint
RP264: 5/20/2012 5:46:39 PM - System Checkpoint
RP265: 5/21/2012 7:59:22 PM - System Checkpoint
RP266: 5/22/2012 3:00:15 AM - Software Distribution Service 3.0
RP267: 5/23/2012 4:10:44 AM - System Checkpoint
RP268: 5/24/2012 4:14:49 AM - System Checkpoint
RP269: 5/25/2012 5:14:51 AM - System Checkpoint
RP270: 6/3/2012 8:11:00 PM - System Checkpoint
RP271: 6/5/2012 12:28:52 AM - System Checkpoint
RP272: 6/5/2012 3:00:15 AM - Software Distribution Service 3.0
RP273: 6/6/2012 3:18:25 AM - System Checkpoint
RP274: 6/7/2012 3:30:24 AM - System Checkpoint
RP275: 6/8/2012 4:18:24 AM - System Checkpoint
RP276: 6/9/2012 2:37:18 PM - System Checkpoint
RP277: 6/10/2012 5:58:25 PM - System Checkpoint
RP278: 6/11/2012 8:04:06 PM - System Checkpoint
RP279: 6/12/2012 5:40:50 PM - Removed Java™ 6 Update 29
RP280: 6/12/2012 5:43:02 PM - Removed Ask Toolbar.
RP281: 6/12/2012 7:12:45 PM - Restore Operation
RP282: 6/12/2012 7:41:08 PM - Installed Windows Internet Explorer 8.
RP283: 6/13/2012 7:59:30 PM - System Checkpoint
RP284: 6/14/2012 11:20:43 AM - Software Distribution Service 3.0
RP285: 6/14/2012 4:44:56 PM - Removed Bing Bar
RP286: 6/15/2012 7:06:24 PM - System Checkpoint
RP287: 6/16/2012 8:49:56 PM - System Checkpoint
RP288: 6/18/2012 2:34:36 AM - System Checkpoint
RP289: 6/19/2012 4:04:59 AM - System Checkpoint
RP290: 6/20/2012 4:38:45 AM - System Checkpoint
RP291: 6/20/2012 11:26:06 AM - Software Distribution Service 3.0
RP292: 6/20/2012 11:49:23 AM - Software Distribution Service 3.0
RP293: 6/21/2012 12:08:03 PM - System Checkpoint
RP294: 6/21/2012 5:16:51 PM - Installed Java™ 7 Update 5
RP295: 6/21/2012 5:17:28 PM - Installed JavaFX 2.1.1
RP296: 6/21/2012 5:22:58 PM - Installed QuickTime
RP297: 6/22/2012 6:15:59 PM - System Checkpoint
RP298: 6/23/2012 8:09:28 PM - System Checkpoint
RP299: 6/24/2012 8:26:07 PM - Installed BitDefender Free Edition 2009
RP300: 6/24/2012 8:57:25 PM - Removed BitDefender Free Edition 2009
RP301: 6/24/2012 8:59:37 PM - Removed Microsoft Silverlight
RP302: 6/24/2012 9:05:59 PM - Removed BitDefender Free Edition 2009
RP303: 6/25/2012 11:07:58 AM - Removed BitDefender Free Edition 2009
RP304: 6/25/2012 2:30:40 PM - Installed HiJackThis
RP305: 6/26/2012 11:29:29 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
FrostWire 4.21.8
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Java Auto Updater
Java™ 6 Update 33
Java™ 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Norton Security Suite
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
6/24/2012 9:48:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.



6/24/2012 9:48:47 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2012 8:57:29 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/24/2012 8:46:26 PM, error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 8:41:17 PM, error: System Error [1003] - Error code 10000050, parameter1 ef94eedc, parameter2 00000001, parameter3 89a8026e, parameter4 00000002.
6/24/2012 8:41:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ccHP
6/24/2012 8:41:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
6/24/2012 8:41:13 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2012 8:40:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/24/2012 7:57:28 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 3:43:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ccHP iaStor
6/24/2012 3:42:09 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/20/2012 11:32:22 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007001f: Internet Explorer 8 for Windows XP.
.
==== End Of File ===========================




All tools downloaded ran smoothly. Still hear audio ads running in background. Also, I have been getting an alert from Norton about high CPU usage, Svchost.exe (98% of one cpu)

Edited by S.c0tty, 27 June 2012 - 04:05 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 27 June 2012 - 07:27 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 S.c0tty

S.c0tty
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 June 2012 - 10:37 AM

During around stage 26 of completion combo fix I got the blue screen.. I forgot to mention I got this for the first time the other day.. Here is info:

A problem has been detected and windows has shut down to prevent damage to your computer

Plug and play detected an error most likely caused by a faulty driver

Technical information
STOP: 0x000000CA (0x00000004, 0x88A65148, 0x00000000, 0x00000000)

I just started my computer back up and am currently hearing ads as we speak.. I didn't get the log from combo fix.. Should I run it again? Or what should I do? Thanks Gringo, sir

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 27 June 2012 - 02:00 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 S.c0tty

S.c0tty
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 June 2012 - 02:32 PM

TDSS:

15:06:30.0125 3252 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
15:06:31.0375 3252 ============================================================
15:06:31.0375 3252 Current date / time: 2012/06/27 15:06:31.0375
15:06:31.0375 3252 SystemInfo:
15:06:31.0375 3252
15:06:31.0375 3252 OS Version: 5.1.2600 ServicePack: 3.0
15:06:31.0375 3252 Product type: Workstation
15:06:31.0375 3252 ComputerName: SCOTT
15:06:31.0375 3252 UserName: Scotty
15:06:31.0375 3252 Windows directory: C:\WINDOWS
15:06:31.0375 3252 System windows directory: C:\WINDOWS
15:06:31.0375 3252 Processor architecture: Intel x86
15:06:31.0375 3252 Number of processors: 2
15:06:31.0375 3252 Page size: 0x1000
15:06:31.0375 3252 Boot type: Normal boot
15:06:31.0375 3252 ============================================================
15:06:33.0593 3252 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:06:33.0609 3252 ============================================================
15:06:33.0609 3252 \Device\Harddisk0\DR0:
15:06:33.0609 3252 MBR partitions:
15:06:33.0609 3252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1CAF3004
15:06:33.0609 3252 ============================================================
15:06:33.0671 3252 C: <-> \Device\Harddisk0\DR0\Partition0
15:06:33.0671 3252 ============================================================
15:06:33.0671 3252 Initialize success
15:06:33.0671 3252 ============================================================
15:07:28.0421 2232 ============================================================
15:07:28.0421 2232 Scan started
15:07:28.0421 2232 Mode: Manual;
15:07:28.0421 2232 ============================================================
15:07:28.0718 2232 Abiosdsk - ok
15:07:28.0750 2232 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:07:28.0765 2232 abp480n5 - ok
15:07:28.0781 2232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:07:28.0796 2232 ACPI - ok
15:07:28.0812 2232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:07:28.0812 2232 ACPIEC - ok
15:07:28.0859 2232 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:07:28.0875 2232 AdobeFlashPlayerUpdateSvc - ok
15:07:28.0906 2232 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:07:28.0921 2232 adpu160m - ok
15:07:28.0937 2232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:07:28.0953 2232 aec - ok
15:07:28.0968 2232 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:07:28.0984 2232 AFD - ok
15:07:29.0015 2232 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:07:29.0015 2232 agp440 - ok
15:07:29.0031 2232 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:07:29.0046 2232 agpCPQ - ok
15:07:29.0078 2232 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:07:29.0093 2232 Aha154x - ok
15:07:29.0109 2232 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:07:29.0109 2232 aic78u2 - ok
15:07:29.0125 2232 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:07:29.0125 2232 aic78xx - ok
15:07:29.0156 2232 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:07:29.0156 2232 Alerter - ok
15:07:29.0171 2232 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:07:29.0187 2232 ALG - ok
15:07:29.0203 2232 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:07:29.0203 2232 AliIde - ok
15:07:29.0250 2232 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:07:29.0265 2232 alim1541 - ok
15:07:29.0296 2232 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:07:29.0296 2232 amdagp - ok
15:07:29.0312 2232 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:07:29.0312 2232 amsint - ok
15:07:29.0359 2232 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:07:29.0390 2232 Apple Mobile Device - ok
15:07:29.0390 2232 AppMgmt - ok
15:07:29.0421 2232 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:07:29.0421 2232 asc - ok
15:07:29.0437 2232 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:07:29.0437 2232 asc3350p - ok
15:07:29.0437 2232 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:07:29.0453 2232 asc3550 - ok
15:07:29.0531 2232 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:07:29.0562 2232 aspnet_state - ok
15:07:29.0593 2232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:07:29.0593 2232 AsyncMac - ok
15:07:29.0625 2232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:07:29.0625 2232 atapi - ok
15:07:29.0625 2232 Atdisk - ok
15:07:29.0640 2232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:07:29.0640 2232 Atmarpc - ok
15:07:29.0671 2232 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:07:29.0671 2232 AudioSrv - ok
15:07:29.0703 2232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:07:29.0703 2232 audstub - ok
15:07:29.0750 2232 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:07:29.0765 2232 BCM43XX - ok
15:07:29.0796 2232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:07:29.0812 2232 Beep - ok
15:07:29.0984 2232 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
15:07:30.0000 2232 BHDrvx86 - ok
15:07:30.0046 2232 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:07:30.0093 2232 BITS - ok
15:07:30.0156 2232 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
15:07:30.0156 2232 Bonjour Service - ok
15:07:30.0187 2232 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:07:30.0187 2232 Browser - ok
15:07:30.0250 2232 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
15:07:30.0265 2232 BTCFilterService - ok
15:07:30.0343 2232 catchme - ok
15:07:30.0375 2232 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:07:30.0375 2232 cbidf - ok
15:07:30.0375 2232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:07:30.0375 2232 cbidf2k - ok
15:07:30.0421 2232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:07:30.0421 2232 CCDECODE - ok
15:07:30.0437 2232 ccHP - ok
15:07:30.0453 2232 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:07:30.0468 2232 cd20xrnt - ok
15:07:30.0484 2232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:07:30.0484 2232 Cdaudio - ok
15:07:30.0500 2232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:07:30.0500 2232 Cdfs - ok
15:07:30.0515 2232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:07:30.0515 2232 Cdrom - ok
15:07:30.0531 2232 Changer - ok
15:07:30.0562 2232 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:07:30.0562 2232 CiSvc - ok
15:07:30.0578 2232 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:07:30.0578 2232 ClipSrv - ok
15:07:30.0656 2232 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:07:30.0687 2232 clr_optimization_v2.0.50727_32 - ok
15:07:30.0734 2232 CLTNetCnService - ok
15:07:30.0765 2232 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:07:30.0765 2232 CmdIde - ok
15:07:30.0781 2232 COMSysApp - ok
15:07:30.0796 2232 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:07:30.0796 2232 Cpqarray - ok
15:07:30.0828 2232 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:07:30.0828 2232 CryptSvc - ok
15:07:30.0859 2232 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:07:30.0875 2232 dac2w2k - ok
15:07:30.0875 2232 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:07:30.0875 2232 dac960nt - ok
15:07:30.0906 2232 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
15:07:30.0937 2232 DCamUSBEMPIA - ok
15:07:30.0968 2232 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:07:30.0984 2232 DcomLaunch - ok
15:07:31.0015 2232 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:07:31.0015 2232 Dhcp - ok
15:07:31.0031 2232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:07:31.0031 2232 Disk - ok
15:07:31.0031 2232 dmadmin - ok
15:07:31.0078 2232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:07:31.0109 2232 dmboot - ok
15:07:31.0125 2232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:07:31.0125 2232 dmio - ok
15:07:31.0140 2232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:07:31.0140 2232 dmload - ok
15:07:31.0187 2232 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:07:31.0203 2232 dmserver - ok
15:07:31.0218 2232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:07:31.0218 2232 DMusic - ok
15:07:31.0234 2232 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:07:31.0250 2232 Dnscache - ok
15:07:31.0296 2232 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:07:31.0312 2232 Dot3svc - ok
15:07:31.0328 2232 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:07:31.0343 2232 dpti2o - ok
15:07:31.0359 2232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:07:31.0359 2232 drmkaud - ok
15:07:31.0375 2232 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:07:31.0390 2232 E100B - ok
15:07:31.0421 2232 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:07:31.0421 2232 e1express - ok
15:07:31.0453 2232 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:07:31.0468 2232 EapHost - ok
15:07:31.0562 2232 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:07:31.0578 2232 eeCtrl - ok
15:07:31.0609 2232 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys
15:07:31.0609 2232 emAudio - ok
15:07:31.0640 2232 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:07:31.0640 2232 EraserUtilRebootDrv - ok
15:07:31.0656 2232 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:07:31.0656 2232 ERSvc - ok
15:07:31.0687 2232 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:07:31.0703 2232 Eventlog - ok
15:07:31.0734 2232 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:07:31.0734 2232 EventSystem - ok
15:07:31.0765 2232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:07:31.0781 2232 Fastfat - ok
15:07:31.0812 2232 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:07:31.0812 2232 FastUserSwitchingCompatibility - ok
15:07:31.0843 2232 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
15:07:31.0843 2232 Fax - ok
15:07:31.0859 2232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:07:31.0859 2232 Fdc - ok
15:07:31.0890 2232 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
15:07:31.0906 2232 FiltUSBEMPIA - ok
15:07:31.0921 2232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:07:31.0921 2232 Fips - ok
15:07:31.0937 2232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:07:31.0937 2232 Flpydisk - ok
15:07:31.0968 2232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:07:31.0968 2232 FltMgr - ok
15:07:32.0046 2232 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:07:32.0046 2232 FontCache3.0.0.0 - ok
15:07:32.0078 2232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:07:32.0078 2232 Fs_Rec - ok
15:07:32.0109 2232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:07:32.0109 2232 Ftdisk - ok
15:07:32.0140 2232 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:07:32.0156 2232 GEARAspiWDM - ok
15:07:32.0187 2232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:07:32.0187 2232 Gpc - ok
15:07:32.0203 2232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:07:32.0218 2232 HDAudBus - ok
15:07:32.0296 2232 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:07:32.0296 2232 helpsvc - ok
15:07:32.0312 2232 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:07:32.0312 2232 HidServ - ok
15:07:32.0328 2232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:07:32.0328 2232 HidUsb - ok
15:07:32.0359 2232 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:07:32.0375 2232 hkmsvc - ok
15:07:32.0390 2232 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:07:32.0406 2232 hpn - ok
15:07:32.0437 2232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:07:32.0453 2232 HTTP - ok
15:07:32.0484 2232 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:07:32.0484 2232 HTTPFilter - ok
15:07:32.0500 2232 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:07:32.0500 2232 i2omgmt - ok
15:07:32.0515 2232 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:07:32.0515 2232 i2omp - ok
15:07:32.0531 2232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:07:32.0531 2232 i8042prt - ok
15:07:32.0750 2232 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:07:32.0859 2232 ialm - ok
15:07:32.0984 2232 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
15:07:32.0984 2232 iaStor - ok
15:07:33.0093 2232 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:07:33.0125 2232 idsvc - ok
15:07:33.0265 2232 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120626.001\IDSxpx86.sys
15:07:33.0296 2232 IDSxpx86 - ok
15:07:33.0375 2232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:07:33.0375 2232 Imapi - ok
15:07:33.0406 2232 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:07:33.0421 2232 ImapiService - ok
15:07:33.0437 2232 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:07:33.0453 2232 ini910u - ok
15:07:33.0640 2232 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:07:33.0750 2232 IntcAzAudAddService - ok
15:07:33.0875 2232 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:07:33.0875 2232 IntelIde - ok
15:07:33.0890 2232 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:07:33.0906 2232 intelppm - ok
15:07:33.0906 2232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:07:33.0921 2232 Ip6Fw - ok
15:07:33.0921 2232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:07:33.0921 2232 IpFilterDriver - ok
15:07:33.0937 2232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:07:33.0937 2232 IpInIp - ok
15:07:33.0968 2232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:07:33.0968 2232 IpNat - ok
15:07:34.0046 2232 iPod Service (8f610078437a459948480407f4db91ea) C:\Program Files\iPod\bin\iPodService.exe
15:07:34.0062 2232 iPod Service - ok
15:07:34.0093 2232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:07:34.0109 2232 IPSec - ok
15:07:34.0125 2232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:07:34.0125 2232 IRENUM - ok
15:07:34.0156 2232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:07:34.0156 2232 isapnp - ok
15:07:34.0203 2232 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:07:34.0203 2232 JavaQuickStarterService - ok
15:07:34.0218 2232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:07:34.0218 2232 Kbdclass - ok
15:07:34.0234 2232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:07:34.0234 2232 kbdhid - ok
15:07:34.0250 2232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:07:34.0265 2232 kmixer - ok
15:07:34.0296 2232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:07:34.0296 2232 KSecDD - ok
15:07:34.0328 2232 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:07:34.0343 2232 lanmanserver - ok
15:07:34.0375 2232 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:07:34.0375 2232 lanmanworkstation - ok
15:07:34.0375 2232 lbrtfdc - ok
15:07:34.0406 2232 LinksysFVNETusbl(AR)® (4922e576063b25f835c90cf4940bfd0c) C:\WINDOWS\system32\DRIVERS\vnetusbl.sys
15:07:34.0421 2232 LinksysFVNETusbl(AR)® - ok
15:07:34.0437 2232 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:07:34.0437 2232 LmHosts - ok
15:07:34.0453 2232 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
15:07:34.0453 2232 MarvinBus - ok
15:07:34.0484 2232 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:07:34.0484 2232 Messenger - ok
15:07:34.0515 2232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:07:34.0515 2232 mnmdd - ok
15:07:34.0546 2232 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:07:34.0546 2232 mnmsrvc - ok
15:07:34.0546 2232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:07:34.0578 2232 Modem - ok
15:07:34.0609 2232 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
15:07:34.0609 2232 motandroidusb - ok
15:07:34.0625 2232 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
15:07:34.0640 2232 motccgp - ok
15:07:34.0656 2232 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
15:07:34.0656 2232 motccgpfl - ok
15:07:34.0671 2232 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
15:07:34.0687 2232 motmodem - ok
15:07:34.0734 2232 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
15:07:34.0781 2232 MotoHelper - ok
15:07:34.0796 2232 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
15:07:34.0812 2232 MotoSwitchService - ok
15:07:34.0843 2232 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
15:07:34.0843 2232 Motousbnet - ok
15:07:34.0859 2232 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
15:07:34.0859 2232 motusbdevice - ok
15:07:34.0890 2232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:07:34.0890 2232 Mouclass - ok
15:07:34.0921 2232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:07:34.0937 2232 mouhid - ok
15:07:34.0937 2232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:07:34.0937 2232 MountMgr - ok
15:07:34.0984 2232 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:07:35.0015 2232 MozillaMaintenance - ok
15:07:35.0046 2232 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
15:07:35.0046 2232 MPE - ok
15:07:35.0078 2232 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:07:35.0078 2232 mraid35x - ok
15:07:35.0109 2232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:07:35.0109 2232 MRxDAV - ok
15:07:35.0156 2232 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:07:35.0171 2232 MRxSmb - ok
15:07:35.0203 2232 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:07:35.0218 2232 MSDTC - ok
15:07:35.0234 2232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:07:35.0234 2232 Msfs - ok
15:07:35.0234 2232 MSIServer - ok
15:07:35.0250 2232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:07:35.0250 2232 MSKSSRV - ok
15:07:35.0250 2232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:07:35.0281 2232 MSPCLOCK - ok
15:07:35.0296 2232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:07:35.0296 2232 MSPQM - ok
15:07:35.0343 2232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:07:35.0343 2232 mssmbios - ok
15:07:35.0359 2232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:07:35.0375 2232 MSTEE - ok
15:07:35.0390 2232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:07:35.0406 2232 Mup - ok
15:07:35.0453 2232 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
15:07:35.0453 2232 N360 - ok
15:07:35.0484 2232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:07:35.0515 2232 NABTSFEC - ok
15:07:35.0562 2232 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:07:35.0562 2232 napagent - ok
15:07:35.0703 2232 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120626.019\NAVENG.SYS
15:07:35.0703 2232 NAVENG - ok
15:07:36.0046 2232 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120626.019\NAVEX15.SYS
15:07:36.0093 2232 NAVEX15 - ok
15:07:36.0203 2232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:07:36.0203 2232 NDIS - ok
15:07:36.0234 2232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:07:36.0234 2232 NdisIP - ok
15:07:36.0265 2232 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:07:36.0265 2232 NdisTapi - ok
15:07:36.0281 2232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:07:36.0281 2232 Ndisuio - ok
15:07:36.0296 2232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:07:36.0312 2232 NdisWan - ok
15:07:36.0328 2232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:07:36.0343 2232 NDProxy - ok
15:07:36.0359 2232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:07:36.0359 2232 NetBIOS - ok
15:07:36.0375 2232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:07:36.0390 2232 NetBT - ok
15:07:36.0421 2232 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:07:36.0437 2232 NetDDE - ok
15:07:36.0437 2232 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:07:36.0437 2232 NetDDEdsdm - ok
15:07:36.0468 2232 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:07:36.0484 2232 Netlogon - ok
15:07:36.0500 2232 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:07:36.0515 2232 Netman - ok
15:07:36.0593 2232 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:07:36.0593 2232 NetTcpPortSharing - ok
15:07:36.0640 2232 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:07:36.0640 2232 Nla - ok
15:07:36.0656 2232 Normandy - ok
15:07:36.0687 2232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:07:36.0687 2232 Npfs - ok
15:07:36.0703 2232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:07:36.0734 2232 Ntfs - ok
15:07:36.0750 2232 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:07:36.0750 2232 NtLmSsp - ok
15:07:36.0781 2232 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:07:36.0812 2232 NtmsSvc - ok
15:07:36.0828 2232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:07:36.0828 2232 Null - ok
15:07:36.0921 2232 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:07:36.0984 2232 nv - ok
15:07:37.0031 2232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:07:37.0031 2232 NwlnkFlt - ok
15:07:37.0046 2232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:07:37.0046 2232 NwlnkFwd - ok
15:07:37.0078 2232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:07:37.0078 2232 Parport - ok
15:07:37.0093 2232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:07:37.0093 2232 PartMgr - ok
15:07:37.0125 2232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:07:37.0125 2232 ParVdm - ok
15:07:37.0140 2232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:07:37.0140 2232 PCI - ok
15:07:37.0140 2232 PCIDump - ok
15:07:37.0140 2232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:07:37.0140 2232 PCIIde - ok
15:07:37.0171 2232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:07:37.0187 2232 Pcmcia - ok
15:07:37.0187 2232 PDCOMP - ok
15:07:37.0187 2232 PDFRAME - ok
15:07:37.0187 2232 PDRELI - ok
15:07:37.0203 2232 PDRFRAME - ok
15:07:37.0203 2232 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:07:37.0218 2232 perc2 - ok
15:07:37.0218 2232 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:07:37.0218 2232 perc2hib - ok
15:07:37.0484 2232 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
15:07:37.0875 2232 PEVSystemStart - ok
15:07:37.0921 2232 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:07:37.0921 2232 PlugPlay - ok
15:07:37.0953 2232 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:07:37.0953 2232 PolicyAgent - ok
15:07:37.0968 2232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:07:37.0968 2232 PptpMiniport - ok
15:07:37.0984 2232 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:07:37.0984 2232 ProtectedStorage - ok
15:07:37.0984 2232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:07:37.0984 2232 PSched - ok
15:07:38.0000 2232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:07:38.0000 2232 Ptilink - ok
15:07:38.0031 2232 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:07:38.0031 2232 PxHelp20 - ok
15:07:38.0046 2232 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:07:38.0046 2232 ql1080 - ok
15:07:38.0046 2232 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:07:38.0062 2232 Ql10wnt - ok
15:07:38.0062 2232 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:07:38.0062 2232 ql12160 - ok
15:07:38.0078 2232 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:07:38.0078 2232 ql1240 - ok
15:07:38.0093 2232 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:07:38.0093 2232 ql1280 - ok
15:07:38.0109 2232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:07:38.0109 2232 RasAcd - ok
15:07:38.0125 2232 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:07:38.0140 2232 RasAuto - ok
15:07:38.0156 2232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:07:38.0156 2232 Rasl2tp - ok
15:07:38.0187 2232 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:07:38.0203 2232 RasMan - ok
15:07:38.0203 2232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:07:38.0203 2232 RasPppoe - ok
15:07:38.0218 2232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:07:38.0218 2232 Raspti - ok
15:07:38.0234 2232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:07:38.0234 2232 Rdbss - ok
15:07:38.0250 2232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:07:38.0250 2232 RDPCDD - ok
15:07:38.0281 2232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:07:38.0281 2232 rdpdr - ok
15:07:38.0312 2232 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:07:38.0359 2232 RDPWD - ok
15:07:38.0375 2232 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:07:38.0390 2232 RDSessMgr - ok
15:07:38.0421 2232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:07:38.0421 2232 redbook - ok
15:07:38.0500 2232 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:07:38.0500 2232 RemoteAccess - ok
15:07:38.0515 2232 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:07:38.0531 2232 RpcLocator - ok
15:07:38.0562 2232 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:07:38.0562 2232 RpcSs - ok
15:07:38.0609 2232 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:07:38.0625 2232 RSVP - ok
15:07:38.0656 2232 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:07:38.0656 2232 SamSs - ok
15:07:38.0703 2232 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
15:07:38.0703 2232 ScanUSBEMPIA - ok
15:07:38.0734 2232 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:07:38.0734 2232 SCardSvr - ok
15:07:38.0765 2232 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:07:38.0781 2232 Schedule - ok
15:07:38.0828 2232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:07:38.0828 2232 Secdrv - ok
15:07:38.0843 2232 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:07:38.0843 2232 seclogon - ok
15:07:38.0859 2232 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:07:38.0859 2232 SENS - ok
15:07:38.0890 2232 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:07:38.0906 2232 serenum - ok
15:07:38.0921 2232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:07:38.0921 2232 Serial - ok
15:07:38.0953 2232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:07:38.0953 2232 Sfloppy - ok
15:07:39.0000 2232 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:07:39.0000 2232 SharedAccess - ok
15:07:39.0046 2232 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:07:39.0046 2232 ShellHWDetection - ok
15:07:39.0046 2232 Simbad - ok
15:07:39.0078 2232 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:07:39.0093 2232 sisagp - ok
15:07:39.0125 2232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:07:39.0140 2232 SLIP - ok
15:07:39.0156 2232 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:07:39.0171 2232 Sparrow - ok
15:07:39.0187 2232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:07:39.0203 2232 splitter - ok
15:07:39.0218 2232 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:07:39.0234 2232 Spooler - ok
15:07:39.0265 2232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:07:39.0265 2232 sr - ok
15:07:39.0281 2232 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:07:39.0296 2232 srservice - ok
15:07:39.0406 2232 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS
15:07:39.0421 2232 SRTSP - ok
15:07:39.0453 2232 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS
15:07:39.0453 2232 SRTSPX - ok
15:07:39.0484 2232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:07:39.0500 2232 Srv - ok
15:07:39.0531 2232 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:07:39.0531 2232 SSDPSRV - ok
15:07:39.0546 2232 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:07:39.0562 2232 stisvc - ok
15:07:39.0625 2232 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:07:39.0656 2232 stllssvr - ok
15:07:39.0671 2232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:07:39.0671 2232 streamip - ok
15:07:39.0703 2232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:07:39.0703 2232 swenum - ok
15:07:39.0718 2232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:07:39.0718 2232 swmidi - ok
15:07:39.0718 2232 SwPrv - ok
15:07:39.0750 2232 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:07:39.0765 2232 symc810 - ok
15:07:39.0781 2232 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:07:39.0781 2232 symc8xx - ok
15:07:39.0812 2232 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS
15:07:39.0828 2232 SymDS - ok
15:07:39.0875 2232 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS
15:07:39.0890 2232 SymEFA - ok
15:07:39.0921 2232 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
15:07:39.0937 2232 SymEvent - ok
15:07:39.0953 2232 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS
15:07:39.0968 2232 SymIRON - ok
15:07:39.0984 2232 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS
15:07:40.0000 2232 SYMTDI - ok
15:07:40.0015 2232 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:07:40.0015 2232 sym_hi - ok
15:07:40.0031 2232 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:07:40.0031 2232 sym_u3 - ok
15:07:40.0062 2232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:07:40.0078 2232 sysaudio - ok
15:07:40.0093 2232 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:07:40.0109 2232 SysmonLog - ok
15:07:40.0125 2232 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:07:40.0140 2232 TapiSrv - ok
15:07:40.0171 2232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:07:40.0187 2232 Tcpip - ok
15:07:40.0218 2232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:07:40.0234 2232 TDPIPE - ok
15:07:40.0250 2232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:07:40.0250 2232 TDTCP - ok
15:07:40.0265 2232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:07:40.0265 2232 TermDD - ok
15:07:40.0296 2232 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:07:40.0312 2232 TermService - ok
15:07:40.0328 2232 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:07:40.0343 2232 Themes - ok
15:07:40.0375 2232 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:07:40.0375 2232 TosIde - ok
15:07:40.0421 2232 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:07:40.0421 2232 TrkWks - ok
15:07:40.0453 2232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:07:40.0453 2232 Udfs - ok
15:07:40.0468 2232 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:07:40.0468 2232 ultra - ok
15:07:40.0500 2232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:07:40.0515 2232 Update - ok
15:07:40.0562 2232 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:07:40.0578 2232 upnphost - ok
15:07:40.0593 2232 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:07:40.0593 2232 UPS - ok
15:07:40.0625 2232 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:07:40.0625 2232 USBAAPL - ok
15:07:40.0656 2232 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:07:40.0656 2232 usbaudio - ok
15:07:40.0671 2232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:07:40.0671 2232 usbccgp - ok
15:07:40.0687 2232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:07:40.0687 2232 usbehci - ok
15:07:40.0718 2232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:07:40.0718 2232 usbhub - ok
15:07:40.0750 2232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:07:40.0750 2232 usbscan - ok
15:07:40.0781 2232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:07:40.0781 2232 USBSTOR - ok
15:07:40.0781 2232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:07:40.0781 2232 usbuhci - ok
15:07:40.0796 2232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:07:40.0796 2232 VgaSave - ok
15:07:40.0828 2232 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:07:40.0828 2232 viaagp - ok
15:07:40.0843 2232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:07:40.0843 2232 ViaIde - ok
15:07:40.0859 2232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:07:40.0859 2232 VolSnap - ok
15:07:40.0906 2232 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:07:40.0906 2232 VSS - ok
15:07:40.0937 2232 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:07:40.0953 2232 w32time - ok
15:07:40.0984 2232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:07:40.0984 2232 Wanarp - ok
15:07:41.0031 2232 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:07:41.0046 2232 Wdf01000 - ok
15:07:41.0062 2232 WDICA - ok
15:07:41.0093 2232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:07:41.0093 2232 wdmaud - ok
15:07:41.0109 2232 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:07:41.0109 2232 WebClient - ok
15:07:41.0250 2232 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:07:41.0250 2232 winmgmt - ok
15:07:41.0265 2232 wltrysvc - ok
15:07:41.0312 2232 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:07:41.0328 2232 WmdmPmSN - ok
15:07:41.0359 2232 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:07:41.0359 2232 WmiApSrv - ok
15:07:41.0375 2232 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:07:41.0390 2232 WpdUsb - ok
15:07:41.0406 2232 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:07:41.0406 2232 WS2IFSL - ok
15:07:41.0437 2232 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:07:41.0437 2232 wscsvc - ok
15:07:41.0468 2232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:07:41.0468 2232 WSTCODEC - ok
15:07:41.0484 2232 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:07:41.0484 2232 wuauserv - ok
15:07:41.0531 2232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:07:41.0546 2232 WudfPf - ok
15:07:41.0562 2232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:07:41.0609 2232 WudfRd - ok
15:07:41.0625 2232 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:07:41.0640 2232 WudfSvc - ok
15:07:41.0671 2232 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:07:41.0687 2232 WZCSVC - ok
15:07:41.0734 2232 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:07:41.0734 2232 xmlprov - ok
15:07:41.0781 2232 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
15:07:41.0796 2232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:07:41.0796 2232 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:07:41.0828 2232 Boot (0x1200) (3350aa5cf6f9ac51d5b34b23d709e345) \Device\Harddisk0\DR0\Partition0
15:07:41.0828 2232 \Device\Harddisk0\DR0\Partition0 - ok
15:07:41.0828 2232 ============================================================
15:07:41.0828 2232 Scan finished
15:07:41.0828 2232 ============================================================
15:07:41.0843 3720 Detected object count: 1
15:07:41.0843 3720 Actual detected object count: 1
15:07:50.0171 3720 \Device\Harddisk0\DR0\# - copied to quarantine
15:07:50.0171 3720 \Device\Harddisk0\DR0 - copied to quarantine
15:07:50.0250 3720 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:07:50.0250 3720 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:07:50.0250 3720 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:07:50.0265 3720 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:07:50.0265 3720 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:07:50.0265 3720 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:07:50.0281 3720 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:07:50.0281 3720 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:07:50.0281 3720 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:07:50.0328 3720 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:07:50.0328 3720 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:07:50.0328 3720 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:07:50.0328 3720 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:07:50.0328 3720 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:07:50.0359 3720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:07:50.0390 3720 \Device\Harddisk0\DR0 - ok
15:07:50.0390 3720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:08:07.0968 4784 Deinitialize success



aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 15:13:23
-----------------------------
15:13:23.765 OS Version: Windows 5.1.2600 Service Pack 3
15:13:23.765 Number of processors: 2 586 0xF0D
15:13:23.765 ComputerName: SCOTT UserName:
15:13:24.500 Initialize success
15:14:41.890 AVAST engine defs: 12062700
15:14:48.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:14:48.296 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
15:14:48.312 Disk 0 MBR read successfully
15:14:48.312 Disk 0 MBR scan
15:14:48.343 Disk 0 unknown MBR code
15:14:48.343 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
15:14:48.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 234982 MB offset 96390
15:14:48.375 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3380 MB offset 481339530
15:14:48.375 Disk 0 scanning sectors +488263545
15:14:48.437 Disk 0 scanning C:\WINDOWS\system32\drivers
15:15:00.437 Service scanning
15:15:16.625 Modules scanning
15:15:22.875 Disk 0 trace - called modules:
15:15:22.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:15:22.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8fcab8]
15:15:22.890 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a901f18]
15:15:22.890 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a975940]
15:15:23.453 AVAST engine scan C:\WINDOWS
15:15:46.500 AVAST engine scan C:\WINDOWS\system32
15:18:04.968 AVAST engine scan C:\WINDOWS\system32\drivers
15:18:24.781 AVAST engine scan C:\Documents and Settings\Scotty
15:22:34.703 AVAST engine scan C:\Documents and Settings\All Users
15:29:14.234 Scan finished successfully
15:30:55.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Scotty\My Documents\MBR.dat"
15:30:55.890 The log file has been saved successfully to "C:\Documents and Settings\Scotty\My Documents\aswMBR.txt"



I have heard no ads since reboot after TDSS..

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 27 June 2012 - 05:35 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 S.c0tty

S.c0tty
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 June 2012 - 06:03 PM

ComboFix 12-06-27.01 - Scotty 06/27/2012 18:50:27.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1249 [GMT -4:00]
Running from: c:\documents and settings\Scotty\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Scotty\Application Data\Adobe\plugs
c:\documents and settings\Scotty\Application Data\Adobe\shed
c:\documents and settings\Scotty\Application Data\Toolbar4
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\windows\system32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_JIHG4TRD_CAOR316H.HTM
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 19:07 . 2012-06-27 19:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 18:30 . 2012-06-25 18:30 388096 ----a-r- c:\documents and settings\Scotty\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-25 18:30 . 2012-06-25 18:30 -------- d-----w- c:\program files\Trend Micro
2012-06-25 15:18 . 2012-06-27 00:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-25 15:18 . 2012-06-27 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-06-25 00:54 . 2012-06-25 00:54 81984 ----a-w- c:\windows\system32\bdod.bin
2012-06-25 00:26 . 2012-06-25 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2012-06-25 00:14 . 2012-06-25 15:09 -------- d-----w- c:\program files\Common Files\BitDefender
2012-06-21 21:39 . 2012-06-21 21:39 -------- d-----w- c:\documents and settings\Scotty\Local Settings\Application Data\Sun
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-06-21 21:23 . 2012-06-21 21:23 -------- d-----w- c:\program files\QuickTime
2012-06-21 21:18 . 2012-06-21 21:18 -------- d-----w- c:\program files\Common Files\Java
2012-06-21 21:17 . 2012-06-21 21:17 -------- d-----w- c:\program files\Oracle
2012-06-21 21:17 . 2012-06-21 21:17 -------- d-----w- c:\documents and settings\Scotty\Application Data\Oracle
2012-06-19 20:27 . 2012-06-19 20:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-19 17:24 . 2012-06-19 17:24 447 ----a-w- C:\user.js
2012-06-12 23:42 . 2012-06-14 20:46 -------- d-----w- c:\program files\Microsoft
2012-06-12 23:40 . 2012-06-20 15:32 -------- dc-h--w- c:\windows\ie8
2012-06-12 23:40 . 2012-06-12 23:43 -------- d--h--w- c:\windows\msdownld.tmp
2012-06-12 21:41 . 2012-06-12 21:41 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-12 21:41 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 04:41 . 2012-04-29 18:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-27 04:41 . 2011-07-18 15:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2004-08-10 16:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-04 23:29 . 2010-05-05 17:37 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:14 . 2004-08-10 16:51 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-10 16:51 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2011-06-15 12:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 22:20 . 2012-06-19 20:27 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-16 162584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-25 1392640]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-16 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-16 142104]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\symds.sys [4/23/2012 10:32 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\symefa.sys [4/23/2012 10:32 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 8:01 PM 821920]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\ironx86.sys [4/23/2012 10:32 PM 136312]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 5:13 PM 226624]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [4/23/2012 10:32 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2012 10:00 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120626.001\IDSXpx86.sys [6/26/2012 9:05 PM 369632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys --> c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/29/2012 2:35 PM 250056]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/30/2011 1:53 PM 6016]
S3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [3/9/2004 8:48 PM 108032]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [10/30/2011 1:53 PM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/30/2011 1:53 PM 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/30/2011 1:53 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/30/2011 1:53 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/30/2011 1:53 PM 9472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/19/2012 4:27 PM 113120]
S3 Normandy;Normandy SR2; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 04:41]
.
2012-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-06-27 c:\windows\Tasks\User_Feed_Synchronization-{DE69CFB2-1CFA-40C4-AA63-950E0EB44A23}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Scotty\Application Data\Mozilla\Firefox\Profiles\mm6vlnz7.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-27 18:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-06-27 19:00:42
ComboFix-quarantined-files.txt 2012-06-27 23:00
.
Pre-Run: 204,145,565,696 bytes free
Post-Run: 204,962,488,320 bytes free
.
- - End Of File - - 49A267E70E94D24173320E2EA7C73817



-No Problems
-Computer seems to be running normal again :)
-Also donated, sir. Wasn't much but it's better than nothing I guess.(9YP75570LY242071H)
-Anything else I need to do?

Edited by S.c0tty, 27 June 2012 - 06:12 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 27 June 2012 - 08:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 S.c0tty

S.c0tty
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 28 June 2012 - 07:53 AM

ComboFix 12-06-28.01 - Scotty 06/28/2012 3:40.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.999 [GMT -4:00]
Running from: c:\documents and settings\Scotty\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Scotty\Desktop\CFScript.txt.lnk
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 07:18 . 2012-06-28 07:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-28 07:18 . 2012-06-28 07:18 -------- d-----w- c:\windows\LastGood
2012-06-28 07:17 . 2012-06-28 07:17 -------- d-----w- c:\program files\Bonjour
2012-06-27 23:51 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-27 19:07 . 2012-06-27 19:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 18:30 . 2012-06-25 18:30 388096 ----a-r- c:\documents and settings\Scotty\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-25 18:30 . 2012-06-25 18:30 -------- d-----w- c:\program files\Trend Micro
2012-06-25 15:18 . 2012-06-27 00:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-25 15:18 . 2012-06-27 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-06-25 00:54 . 2012-06-25 00:54 81984 ----a-w- c:\windows\system32\bdod.bin
2012-06-25 00:26 . 2012-06-25 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2012-06-25 00:14 . 2012-06-25 15:09 -------- d-----w- c:\program files\Common Files\BitDefender
2012-06-21 21:39 . 2012-06-21 21:39 -------- d-----w- c:\documents and settings\Scotty\Local Settings\Application Data\Sun
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-06-21 21:23 . 2012-06-21 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-06-21 21:23 . 2012-06-21 21:23 -------- d-----w- c:\program files\QuickTime
2012-06-21 21:18 . 2012-06-21 21:18 -------- d-----w- c:\program files\Common Files\Java
2012-06-21 21:17 . 2012-06-21 21:17 -------- d-----w- c:\program files\Oracle
2012-06-21 21:17 . 2012-06-21 21:17 -------- d-----w- c:\documents and settings\Scotty\Application Data\Oracle
2012-06-19 20:27 . 2012-06-19 20:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-19 17:24 . 2012-06-19 17:24 447 ----a-w- C:\user.js
2012-06-12 23:42 . 2012-06-14 20:46 -------- d-----w- c:\program files\Microsoft
2012-06-12 23:40 . 2012-06-20 15:32 -------- dc-h--w- c:\windows\ie8
2012-06-12 23:40 . 2012-06-12 23:43 -------- d--h--w- c:\windows\msdownld.tmp
2012-06-12 21:41 . 2012-06-12 21:41 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-12 21:41 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 04:41 . 2012-04-29 18:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-27 04:41 . 2011-07-18 15:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 19:19 . 2007-07-30 23:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-10 17:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-10 17:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-10 17:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-07-30 23:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-10 17:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-10 17:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-10 16:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-30 23:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-10 17:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-10 17:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-12-23 16:52 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2009-12-23 16:52 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2009-12-23 16:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 16:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 16:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 16:51 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:29 . 2010-05-05 17:37 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16 . 2004-08-10 16:51 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 17:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 16:11 . 2009-04-08 20:41 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 16:11 . 2009-04-08 20:41 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 19:56 . 2011-06-15 12:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 22:20 . 2012-06-19 20:27 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_22.59.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-28 00:39 . 2012-06-28 00:39 16384 c:\windows\Temp\Perflib_Perfdata_7dc.dat
+ 2012-06-28 00:38 . 2012-06-28 00:38 16384 c:\windows\Temp\Perflib_Perfdata_78c.dat
+ 2012-06-27 23:49 . 2012-06-02 19:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-27 23:49 . 2012-06-02 19:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2012-06-28 07:18 . 2010-04-20 00:47 41984 c:\windows\system32\ReinstallBackups\0022\DriverFiles\usbaapl.sys
+ 2004-08-10 16:51 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 16:51 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 16:51 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05 50536 c:\windows\system32\jdns_sd.dll
+ 2012-06-28 07:18 . 2012-04-25 16:11 43520 c:\windows\system32\DRVSTORE\usbaapl_B97845F10E79901A09404408F15C6BE616AF6019\usbaapl.sys
+ 2012-06-28 07:18 . 2012-03-26 18:50 18432 c:\windows\system32\DRVSTORE\netaapl_1F790C9610312AF553B3EA281673A397475297FA\netaapl.sys
+ 2011-08-31 03:05 . 2011-08-31 03:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05 83816 c:\windows\system32\dns-sd.exe
+ 2009-06-10 03:45 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-10 03:45 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-10 17:02 . 2012-06-02 19:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2004-08-10 17:02 . 2012-06-02 19:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-05-15 02:30 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2009-07-28 18:12 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-07-28 18:12 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 08:34 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-05-15 02:30 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-05-15 02:30 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 16:50 . 2012-06-02 19:19 97304 c:\windows\system32\dllcache\cdm.dll
- 2012-06-14 15:17 . 2012-05-15 13:56 30208 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\w32ksign.dll
- 2012-06-14 15:17 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\spcustom.dll
- 2012-06-14 15:17 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\spmsg.dll
- 2012-06-14 15:18 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\spcustom.dll
- 2012-06-14 15:18 . 2012-05-05 03:16 16896 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\mpsyschk.dll
- 2012-06-14 15:18 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spmsg.dll
+ 2012-06-28 07:18 . 2010-04-20 00:47 41984 c:\windows\LastGood\System32\Drivers\usbaapl.sys
+ 2012-06-28 00:15 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll
+ 2012-06-28 00:15 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll
+ 2012-06-28 00:15 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll
+ 2012-06-28 00:15 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll
+ 2012-06-28 00:15 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2544521-IE8\spmsg.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2544521-IE8\spcustom.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
+ 2004-08-10 16:51 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
+ 2004-08-10 16:51 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
- 2004-08-10 16:51 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2004-08-10 16:51 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2004-08-10 16:51 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
- 2004-08-10 16:51 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2004-08-10 16:51 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2004-08-10 16:51 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-10 16:51 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 16:51 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 16:51 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 16:57 . 2012-06-28 00:38 247904 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 16:57 . 2012-05-11 07:14 247904 c:\windows\system32\FNTCACHE.DAT
+ 2011-08-31 03:05 . 2011-08-31 03:05 178536 c:\windows\system32\dnssdX.dll
+ 2004-08-10 17:02 . 2012-06-02 19:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-10 17:02 . 2012-06-02 19:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-10 17:02 . 2012-06-02 19:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2008-05-15 02:30 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-05-15 02:31 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2007-12-18 14:40 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 08:34 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
- 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-10 09:12 . 2012-05-02 13:46 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2009-03-08 08:34 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
- 2008-05-15 02:30 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-05-15 02:30 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-07-28 18:12 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2008-05-15 02:30 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-15 02:30 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-06-10 03:45 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-10 03:45 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-05-15 02:30 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-09 20:26 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-09 20:26 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 18:09 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2012-06-14 15:17 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\updspapi.dll
- 2012-06-14 15:17 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\update.exe
- 2012-06-14 15:17 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\spuninst.exe
- 2012-06-14 15:18 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\updspapi.dll
- 2012-06-14 15:18 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\update.exe
- 2012-06-14 15:18 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spuninst.exe
+ 2012-06-28 00:15 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB2699988-IE8\wininet.dll
+ 2012-06-28 00:15 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll
+ 2012-06-28 00:15 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe
+ 2012-06-28 00:15 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB2699988-IE8\occache.dll
+ 2012-06-28 00:15 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll
+ 2012-06-28 00:15 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll
+ 2012-06-28 00:15 . 2009-03-08 08:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll
+ 2012-06-28 00:15 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll
+ 2012-06-28 00:15 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll
+ 2012-06-28 00:15 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll
+ 2012-06-28 00:15 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll
+ 2012-06-28 00:15 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe
+ 2012-06-28 00:15 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-06-28 00:15 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\updspapi.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2544521-IE8\update.exe
+ 2012-06-28 00:15 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-06-28 00:15 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst.exe
+ 2012-06-28 00:15 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-06-28 00:15 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
+ 2012-06-28 00:15 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-06-28 00:15 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-06-28 00:15 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
+ 2012-06-28 00:15 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2004-08-10 16:51 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2012-06-28 07:18 . 2010-04-20 00:47 3062048 c:\windows\system32\ReinstallBackups\0022\DriverFiles\usbaaplrc.dll
+ 2004-08-10 16:51 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2012-06-28 07:18 . 2012-04-25 16:11 4547944 c:\windows\system32\DRVSTORE\usbaapl_B97845F10E79901A09404408F15C6BE616AF6019\usbaaplrc.dll
+ 2012-06-28 07:18 . 2010-04-20 00:29 1461992 c:\windows\system32\DRVSTORE\netaapl_1F790C9610312AF553B3EA281673A397475297FA\wdfcoinstaller01009.dll
+ 2004-08-10 17:02 . 2012-06-02 19:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2008-12-03 03:42 . 2012-05-15 13:20 1863168 c:\windows\system32\dllcache\win32k.sys
+ 2008-05-15 02:30 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2009-04-15 09:21 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-15 09:21 . 2012-05-04 13:12 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-15 09:21 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-04-15 09:21 . 2012-05-04 12:32 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-07 23:02 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2012-05-04 12:32 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-15 09:21 . 2012-05-04 13:16 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-04-15 09:21 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-12-08 00:07 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-10 03:45 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2009-06-10 03:45 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-06-28 07:18 . 2010-04-20 00:47 3062048 c:\windows\LastGood\System32\usbaaplrc.dll
+ 2012-06-28 07:18 . 2012-06-28 07:18 1718784 c:\windows\Installer\16c0e14.msi
+ 2012-06-28 07:17 . 2012-06-28 07:17 2002432 c:\windows\Installer\16c0d97.msi
+ 2012-06-28 07:16 . 2012-06-28 07:16 1530368 c:\windows\Installer\16c0d5d.msi
+ 2012-06-28 00:15 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll
+ 2012-06-28 00:15 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
+ 2012-06-28 00:15 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll
+ 2009-04-15 09:21 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-15 09:21 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-15 09:21 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-15 09:21 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-07 23:02 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-15 09:21 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-15 09:21 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-03-08 08:39 . 2012-05-12 00:12 11111424 c:\windows\system32\ieframe.dll
+ 2009-06-10 03:45 . 2012-05-12 00:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-06-28 00:15 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-16 162584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-25 1392640]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-16 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-16 142104]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\symds.sys [4/23/2012 10:32 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\symefa.sys [4/23/2012 10:32 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 8:01 PM 821920]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\ironx86.sys [4/23/2012 10:32 PM 136312]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 5:13 PM 226624]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [4/23/2012 10:32 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2012 10:00 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120627.001\IDSXpx86.sys [6/28/2012 12:26 AM 369632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys --> c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/29/2012 2:35 PM 250056]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/30/2011 1:53 PM 6016]
S3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [3/9/2004 8:48 PM 108032]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [10/30/2011 1:53 PM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/30/2011 1:53 PM 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/30/2011 1:53 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/30/2011 1:53 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/30/2011 1:53 PM 9472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/19/2012 4:27 PM 113120]
S3 Normandy;Normandy SR2; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BONJOUR_SERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 04:41]
.
2012-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{DE69CFB2-1CFA-40C4-AA63-950E0EB44A23}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Scotty\Application Data\Mozilla\Firefox\Profiles\mm6vlnz7.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 03:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-28 03:50:58
ComboFix-quarantined-files.txt 2012-06-28 07:50
ComboFix2.txt 2012-06-27 23:00
.
Pre-Run: 204,441,239,552 bytes free
Post-Run: 204,419,723,264 bytes free
.
- - End Of File - - 130DE594FD356FB81D10D8EF7D130E76


-Still running fine! :)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 28 June 2012 - 08:03 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

FrostWire 4.21.8
Java™ 6 Update 33
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 S.c0tty

S.c0tty
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 28 June 2012 - 09:53 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Scotty :: SCOTT [administrator]

6/28/2012 10:47:04 AM
mbam-log-2012-06-28 (10-47-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214572
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:22 AM, on 6/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7492 bytes


Computer is running just right. Didn't find any results to show under MBAB though.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 PM

Posted 28 June 2012 - 12:26 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
      O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 S.c0tty

S.c0tty
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 28 June 2012 - 02:40 PM

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Documents and Settings\Scotty\Application Data\B5FBFDC7CA0712315894BC50592C0097\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\Scotty\Application Data\B5FBFDC7CA0712315894BC50592C0097\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\Scotty\My Documents\frostwire-4.21.8.windows.exe Win32/OpenCandy application
C:\Documents and Settings\Scotty\My Documents\FrostWire\Torrent Data\frostwire-4.21.5.windows.exe Win32/OpenCandy application
C:\Documents and Settings\Scotty\My Documents\FrostWire\Torrent Data\frostwire-5.0.8.windows.exe Win32/OpenCandy application
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0041981.exe Win32/OpenCandy application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP291\A0045349.exe Win32/OpenCandy application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0051641.dll a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP305\A0055924.dll Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0057183.exe Win32/OpenCandy application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0057184.exe Win32/OpenCandy application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0057185.exe Win32/OpenCandy application
C:\TDSSKiller_Quarantine\27.06.2012_15.06.31\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\27.06.2012_15.06.31\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\27.06.2012_15.06.31\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\27.06.2012_15.06.31\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan


How we lookin now?!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users