I was told to post here because my GMER log was "suspicious"

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

6 Pages
1
2
3
→
Last »

You cannot start a new topic
This topic is locked

I was told to post here because my GMER log was "suspicious"

#1 elybeit09

Member

Group: Members
Posts: 75
Joined: 20-July 11

Posted 21 July 2011 - 12:54 AM

Ive backed up everything and have my logs done from the prep guide.
I have been suffering from bsod from "eaglextn.sys" "DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS"
which I googled and said it was a a part of maple story anlab hack shield
I wasnt too sure of it but I removed it since it seemed to be the cause of the stop errors
and more info at my previous forum posting below.
Was not specified exactly if something was wrong but I was referred here, thanx for help in advance.

http://www.bleepingcomputer.com/forums/topic410437.html

also I installed the program audacity, which just caused me more issues, it froze after recording and got a few errors
and then some mp3 files i downloaded wouldnt play on windows media player saying the file was not found
but I know for fact I didnt delete it.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by elyse at 23:14:46 on 2011-07-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.84 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\DOCUME~1\elyse\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Documents and Settings\elyse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\elyse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\elyse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\elyse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\elyse\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0711&m=aspire_one
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0711&m=aspire_one
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\documents and settings\all users\application data\partner\partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\elyse\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [NotificationCenterLauncher] c:\program files\acer\acer erecovery management\NotificationLauncher.exe
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: GIDLogonXP - GIDLogonXP.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R? EagleXNt;EagleXNt
R? GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? Partner Service;Partner Service
R? RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader
R? Rts516xIR;Realtek IR Driver
S? BHDrvx86;BHDrvx86
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? GIDv2;GIDv2
S? IDSxpx86;IDSxpx86
S? IDVaultSvc;CGPS Service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? N360;Norton Security Suite
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? RS_Service;Raw Socket Service
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
.
=============== Created Last 30 ================
.
2011-07-21 01:30:42 -------- d-----w- c:\documents and settings\elyse\application data\Malwarebytes
2011-07-21 01:30:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 01:30:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-21 01:30:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 01:30:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-19 12:38:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-19 12:38:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-18 23:19:14 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-07-18 05:30:58 -------- d-----w- c:\documents and settings\elyse\local settings\application data\Identities
2011-07-18 04:50:25 -------- d-----w- c:\documents and settings\elyse\application data\TeamViewer
2011-07-18 00:50:13 215920 ----a-w- c:\windows\system32\muweb.dll
2011-07-18 00:50:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-07-18 00:50:12 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-07-17 23:43:43 -------- d-----w- c:\documents and settings\elyse\local settings\application data\WMTools Downloaded Files
2011-07-17 23:06:14 -------- d-----w- c:\program files\PhotoScape
2011-07-17 20:46:38 -------- d-----w- C:\Nexon
2011-07-17 20:46:28 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
2011-07-17 20:02:46 -------- d-----w- c:\program files\Pando Networks
2011-07-17 09:27:07 -------- d-sh--w- c:\documents and settings\elyse\IECompatCache
2011-07-17 09:00:39 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys
2011-07-17 09:00:39 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-07-17 09:00:39 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys
2011-07-17 09:00:39 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys
2011-07-17 09:00:39 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-07-17 09:00:39 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-07-17 09:00:38 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-07-17 09:00:38 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys
2011-07-17 09:00:11 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-07-17 08:29:56 -------- d-----w- C:\0fde0505caf4a510381b8e11eee60b06
2011-07-17 08:17:07 -------- d-sh--w- c:\documents and settings\elyse\IETldCache
2011-07-17 08:13:57 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-07-17 08:13:40 -------- d-----w- c:\windows\ie8updates
2011-07-17 08:13:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-17 08:13:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-17 08:13:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-17 08:12:09 -------- dc-h--w- c:\windows\ie8
2011-07-17 07:50:09 -------- d-----w- c:\windows\ServicePackFiles
2011-07-17 07:34:42 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-17 07:34:39 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-17 07:34:39 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-17 07:34:39 -------- d-----w- c:\program files\Symantec
2011-07-17 07:34:39 -------- d-----w- c:\program files\common files\Symantec Shared
2011-07-17 07:34:24 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-17 07:34:09 -------- d-----w- c:\windows\system32\drivers\N360
2011-07-17 07:34:06 -------- d-----w- c:\program files\Norton Security Suite
2011-07-17 07:34:00 -------- d-----w- c:\documents and settings\elyse\local settings\application data\Temp
2011-07-17 07:33:49 -------- d-----w- c:\program files\NortonInstaller
2011-07-17 07:33:49 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-07-17 07:32:00 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-07-17 07:29:54 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-07-17 07:29:47 -------- d-----w- c:\documents and settings\elyse\local settings\application data\ID Vault
2011-07-17 07:29:06 -------- d-----w- c:\documents and settings\elyse\application data\ID Vault
2011-07-17 07:28:57 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-07-17 07:28:53 -------- d-----w- c:\documents and settings\all users\GID
2011-07-17 07:28:51 -------- d-----w- c:\program files\SFT
2011-07-17 07:28:41 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-07-17 07:20:05 -------- d-----w- c:\windows\system32\XPSViewer
2011-07-17 07:19:06 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-17 07:18:55 14048 ------w- c:\windows\system32\spmsg2.dll
2011-07-17 07:16:54 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2011-07-17 07:14:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-17 07:08:29 -------- d-----w- c:\windows\system32\PreInstall
2011-07-17 07:04:10 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-07-17 06:57:20 -------- d-----w- c:\documents and settings\all users\application data\Partner
2011-07-17 06:53:59 -------- d---a-w- c:\windows\BTW
2011-07-17 06:51:43 94208 ----a-w- c:\windows\PLFSetL.exe
2011-07-17 06:51:43 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll
2011-07-17 06:51:43 28160 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2011-07-17 06:51:43 196608 ----a-w- c:\windows\system32\csnp2uvc.dll
2011-07-17 06:51:43 1769984 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2011-07-17 06:51:39 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll
2011-07-17 06:51:38 -------- d-----w- c:\windows\SUYIN NB Cam
2011-07-17 06:51:38 -------- d-----w- c:\program files\common files\SNP2UVC
2011-07-17 06:51:14 -------- d---a-w- c:\windows\Dev1
2011-07-17 06:51:10 -------- d-----w- c:\windows\3G
2011-07-05 15:25:38 66328 ----a-w- c:\windows\system32\SysEventMenu.dll
2011-07-05 15:25:12 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
2011-07-05 15:24:42 380696 ----a-w- c:\windows\system32\GIDHookLogon.dll
2011-07-05 15:24:32 398608 ----a-w- c:\windows\system32\GIDHook.dll
2011-07-05 15:23:48 102160 ----a-w- c:\windows\system32\GIDBIN3.dll
2011-07-05 15:23:30 173840 ----a-w- c:\windows\system32\GIDBIN1.dll
.
==================== Find3M ====================
.
2011-07-17 06:54:01 2422 ----a-w- c:\windows\CLEANUP.CMD
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
user != kernel MBR !!!
.
============= FINISH: 23:22:16.06 ===============

Attached File(s)

IMG00601-20110717-2301.jpg (140.81K)
Number of downloads: 5

This post has been edited by elybeit09: 21 July 2011 - 08:40 AM

#2 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,857
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 22 July 2011 - 08:45 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#3 elybeit09

Member

Group: Members
Posts: 75
Joined: 20-July 11

Posted 23 July 2011 - 03:54 AM

ComboFix 11-07-23.01 - elyse 07/23/2011 3:38.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.276 [GMT -5:00]
Running from: c:\documents and settings\elyse\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-22 07:16 . 2011-07-22 07:16 -------- d-----w- c:\program files\Microsoft
2011-07-22 07:13 . 2011-07-22 07:13 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc885.tmp
2011-07-21 08:59 . 2011-07-21 08:59 -------- d-----w- c:\program files\Lame For Audacity
2011-07-21 08:57 . 2011-07-21 08:57 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-07-21 01:30 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 01:30 . 2011-07-21 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-21 01:30 . 2011-07-21 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 01:30 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 00:06 . 2011-07-21 00:06 -------- d-----w- c:\windows\Sun
2011-07-19 12:46 . 2011-07-19 12:46 -------- d-----w- c:\program files\Common Files\Java
2011-07-19 12:38 . 2011-07-19 12:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-19 12:38 . 2011-07-19 12:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 12:38 . 2011-07-19 12:38 -------- d-----w- c:\program files\Java
2011-07-18 23:19 . 2008-04-14 12:00 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-07-18 00:50 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-07-18 00:50 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-07-17 23:06 . 2011-07-17 23:06 -------- d-----w- c:\program files\PhotoScape
2011-07-17 20:46 . 2011-07-18 04:31 -------- d-----w- C:\Nexon
2011-07-17 20:46 . 2011-07-18 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2011-07-17 20:17 . 2011-07-17 20:17 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-17 20:02 . 2011-07-17 20:02 -------- d-----w- c:\program files\Pando Networks
2011-07-17 09:50 . 2011-07-23 08:46 -------- d-----w- c:\documents and settings\elyse
2011-07-17 09:49 . 2009-01-17 01:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Acer
2011-07-17 09:49 . 2009-01-17 00:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2011-07-17 08:29 . 2011-07-17 08:30 -------- d-----w- C:\0fde0505caf4a510381b8e11eee60b06
2011-07-17 08:18 . 2011-07-17 08:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-17 08:13 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-07-17 08:13 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-17 08:13 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-17 08:13 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-17 08:12 . 2011-07-17 08:13 -------- dc-h--w- c:\windows\ie8
2011-07-17 07:55 . 2011-07-17 07:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault
2011-07-17 07:50 . 2011-07-17 07:50 -------- d-----w- c:\windows\ServicePackFiles
2011-07-17 07:34 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-17 07:34 . 2011-07-17 09:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-17 07:34 . 2011-07-17 09:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-17 07:34 . 2011-07-17 09:00 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-17 07:34 . 2011-07-17 09:00 -------- d-----w- c:\program files\Symantec
2011-07-17 07:34 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-17 07:34 . 2011-07-17 19:43 -------- d-----w- c:\windows\system32\drivers\N360
2011-07-17 07:34 . 2011-07-17 07:34 -------- d-----w- c:\program files\Norton Security Suite
2011-07-17 07:34 . 2011-07-17 07:34 -------- d-----w- c:\program files\Windows Sidebar
2011-07-17 07:34 . 2011-07-17 07:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-07-17 07:33 . 2011-07-17 07:33 -------- d-----w- c:\program files\NortonInstaller
2011-07-17 07:32 . 2011-07-17 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-07-17 07:29 . 2011-07-17 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2011-07-17 07:29 . 2011-07-17 07:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-07-17 07:28 . 2011-07-05 15:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-07-17 07:28 . 2011-07-17 07:28 -------- d-----w- c:\documents and settings\All Users\GID
2011-07-17 07:28 . 2011-07-17 07:28 -------- d-----w- c:\program files\SFT
2011-07-17 07:28 . 2011-07-21 01:51 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-07-17 07:27 . 2011-07-17 07:27 -------- d-----w- c:\program files\MSBuild
2011-07-17 07:20 . 2011-07-17 08:31 -------- d-----w- c:\windows\system32\XPSViewer
2011-07-17 07:19 . 2011-07-17 07:19 -------- d-----w- c:\program files\Reference Assemblies
2011-07-17 07:19 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-17 07:18 . 2006-06-29 20:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-07-17 07:16 . 2011-07-17 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2011-07-17 07:14 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-17 07:03 . 2011-07-17 07:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2011-07-17 06:57 . 2011-07-17 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Partner
2011-07-17 06:53 . 2011-07-18 05:13 -------- d---a-w- c:\windows\BTW
2011-07-17 06:51 . 2008-11-04 02:00 196608 ----a-w- c:\windows\system32\csnp2uvc.dll
2011-07-17 06:51 . 2008-07-03 22:58 94208 ----a-w- c:\windows\PLFSetL.exe
2011-07-17 06:51 . 2007-10-01 21:59 1769984 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2011-07-17 06:51 . 2007-05-09 22:16 28160 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2011-07-17 06:51 . 2006-11-07 16:17 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll
2011-07-17 06:51 . 2007-04-02 19:40 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll
2011-07-17 06:51 . 2011-07-17 06:51 -------- d-----w- c:\windows\SUYIN NB Cam
2011-07-17 06:51 . 2011-07-17 06:51 -------- d-----w- c:\program files\Common Files\SNP2UVC
2011-07-17 06:51 . 2011-07-17 06:51 -------- d---a-w- c:\windows\Dev1
2011-07-17 06:51 . 2011-07-17 06:51 -------- d-----w- c:\windows\3G
2011-07-05 15:25 . 2011-07-05 15:25 66328 ----a-w- c:\windows\system32\SysEventMenu.dll
2011-07-05 15:25 . 2011-07-05 15:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
2011-07-05 15:24 . 2011-07-05 15:24 380696 ----a-w- c:\windows\system32\GIDHookLogon.dll
2011-07-05 15:24 . 2011-07-05 15:24 398608 ----a-w- c:\windows\system32\GIDHook.dll
2011-07-05 15:23 . 2011-07-05 15:23 102160 ----a-w- c:\windows\system32\GIDBIN3.dll
2011-07-05 15:23 . 2011-07-05 15:23 173840 ----a-w- c:\windows\system32\GIDBIN1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 06:54 . 2008-09-09 10:51 2422 ----a-w- c:\windows\CLEANUP.CMD
2011-06-02 14:02 . 2009-01-16 23:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2009-01-16 23:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2009-01-16 23:18 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2009-01-16 23:18 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2009-01-16 23:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2009-01-16 23:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2009-01-16 23:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2009-01-16 23:18 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2009-01-16 23:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2009-01-16 23:18 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-07-17 06:57 157168 ----a-w- c:\documents and settings\All Users\Application Data\Partner\partner.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}]
2011-06-14 19:24 99912 ----a-w- c:\program files\Constant Guard Protection Suite\NativeBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-17 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-20 1398056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-17 24064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-04 196608]
"NotificationCenterLauncher"="c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe" [2008-12-22 225280]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-7-18 3307080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 15:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [7/17/2011 4:00 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [7/17/2011 4:00 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [7/1/2011 3:11 AM 810616]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [7/17/2011 2:28 AM 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [7/17/2011 4:00 AM 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [7/18/2011 4:57 PM 62536]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2011 8:30 PM 366640]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [7/17/2011 4:00 AM 130008]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [1/16/2009 8:02 PM 237568]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110722.031\IDSXpx86.sys [7/23/2011 2:03 AM 355256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2011 8:30 PM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2011 2:29 AM 135664]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/16/2009 7:37 PM 24064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2011 2:29 AM 135664]
S3 Partner Service;Partner Service;c:\documents and settings\All Users\Application Data\Partner\partner.exe [7/17/2011 1:57 AM 110576]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-17 07:29]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-17 07:29]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376078148-2020637620-97400744-1005Core.job
- c:\documents and settings\elyse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 07:34]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376078148-2020637620-97400744-1005UA.job
- c:\documents and settings\elyse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-17 07:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0711&m=aspire_one
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 03:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\GIDLogonXP.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\elyse\LOCALS~1\Temp\RtkBtMnt.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-07-23 03:51:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 08:51
.
Pre-Run: 133,565,992,960 bytes free
Post-Run: 133,525,704,704 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7558D48C5DA319DE5EE732D465695918

#4 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,857
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 23 July 2011 - 05:55 AM

Hi,

Please do the following:

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#5 elybeit09

Member

Group: Members
Posts: 75
Joined: 20-July 11

Posted 23 July 2011 - 06:07 AM

2011/07/23 06:05:56.0843 4032 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 06:05:58.0859 4032 ================================================================================
2011/07/23 06:05:58.0859 4032 SystemInfo:
2011/07/23 06:05:58.0859 4032
2011/07/23 06:05:58.0859 4032 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/23 06:05:58.0859 4032 Product type: Workstation
2011/07/23 06:05:58.0859 4032 ComputerName: ACER-36D0BD61CF
2011/07/23 06:05:58.0859 4032 UserName: elyse
2011/07/23 06:05:58.0859 4032 Windows directory: C:\WINDOWS
2011/07/23 06:05:58.0859 4032 System windows directory: C:\WINDOWS
2011/07/23 06:05:58.0859 4032 Processor architecture: Intel x86
2011/07/23 06:05:58.0859 4032 Number of processors: 2
2011/07/23 06:05:58.0859 4032 Page size: 0x1000
2011/07/23 06:05:58.0859 4032 Boot type: Normal boot
2011/07/23 06:05:58.0859 4032 ================================================================================
2011/07/23 06:06:00.0609 4032 Initialize success
2011/07/23 06:06:06.0171 1340 ================================================================================
2011/07/23 06:06:06.0171 1340 Scan started
2011/07/23 06:06:06.0171 1340 Mode: Manual;
2011/07/23 06:06:06.0171 1340 ================================================================================
2011/07/23 06:06:07.0000 1340 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/23 06:06:07.0093 1340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/23 06:06:07.0140 1340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/23 06:06:07.0218 1340 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/23 06:06:07.0390 1340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/23 06:06:07.0484 1340 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/23 06:06:07.0671 1340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/23 06:06:07.0718 1340 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/23 06:06:07.0765 1340 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/23 06:06:07.0828 1340 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/23 06:06:07.0890 1340 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/23 06:06:08.0000 1340 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/23 06:06:08.0062 1340 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/23 06:06:08.0109 1340 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/23 06:06:08.0140 1340 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/23 06:06:08.0265 1340 AR5416 (2774b0607acdad6e76f577ac85fa077d) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/07/23 06:06:08.0437 1340 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/23 06:06:08.0484 1340 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/23 06:06:08.0531 1340 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/23 06:06:08.0625 1340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/23 06:06:08.0671 1340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/23 06:06:08.0734 1340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/23 06:06:08.0828 1340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/23 06:06:08.0953 1340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/23 06:06:09.0125 1340 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys
2011/07/23 06:06:09.0359 1340 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/23 06:06:09.0390 1340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/23 06:06:09.0500 1340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/23 06:06:09.0546 1340 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/23 06:06:09.0593 1340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/23 06:06:09.0750 1340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/23 06:06:09.0796 1340 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\drivers\Cdrom.sys
2011/07/23 06:06:09.0953 1340 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/23 06:06:10.0093 1340 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/23 06:06:10.0125 1340 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/23 06:06:10.0218 1340 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/23 06:06:10.0281 1340 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/23 06:06:10.0328 1340 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/23 06:06:10.0406 1340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/23 06:06:10.0468 1340 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/07/23 06:06:10.0578 1340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/23 06:06:10.0750 1340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/23 06:06:10.0812 1340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/23 06:06:10.0890 1340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/23 06:06:10.0984 1340 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/23 06:06:11.0078 1340 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/07/23 06:06:11.0234 1340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/23 06:06:11.0437 1340 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/23 06:06:11.0531 1340 EraserUtilDrvI11 (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys
2011/07/23 06:06:11.0750 1340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/23 06:06:11.0828 1340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/23 06:06:11.0875 1340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/23 06:06:11.0921 1340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/23 06:06:12.0093 1340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/23 06:06:12.0140 1340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/23 06:06:12.0218 1340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/23 06:06:12.0296 1340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/23 06:06:12.0453 1340 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys
2011/07/23 06:06:12.0546 1340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/23 06:06:12.0671 1340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/23 06:06:12.0859 1340 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/23 06:06:12.0968 1340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/23 06:06:13.0062 1340 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/23 06:06:13.0203 1340 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/23 06:06:13.0296 1340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/23 06:06:13.0703 1340 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/23 06:06:14.0140 1340 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/07/23 06:06:14.0328 1340 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110722.031\IDSxpx86.sys
2011/07/23 06:06:14.0546 1340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/07/23 06:06:14.0656 1340 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/23 06:06:14.0937 1340 IntcAzAudAddService (662b65eeb8d070bd1162a7b63859afcf) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/23 06:06:15.0265 1340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/23 06:06:15.0328 1340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/23 06:06:15.0390 1340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/23 06:06:15.0515 1340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/23 06:06:15.0562 1340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/23 06:06:15.0625 1340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/23 06:06:15.0734 1340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/23 06:06:15.0859 1340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/23 06:06:15.0937 1340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/23 06:06:16.0000 1340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/23 06:06:16.0078 1340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/23 06:06:16.0250 1340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/23 06:06:16.0328 1340 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/07/23 06:06:16.0468 1340 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/23 06:06:16.0656 1340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/23 06:06:16.0718 1340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/23 06:06:16.0781 1340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/23 06:06:16.0828 1340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/23 06:06:16.0921 1340 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/23 06:06:16.0984 1340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/23 06:06:17.0046 1340 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/23 06:06:17.0125 1340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/23 06:06:17.0203 1340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/23 06:06:17.0328 1340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/23 06:06:17.0375 1340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/23 06:06:17.0468 1340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/23 06:06:17.0515 1340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/23 06:06:17.0578 1340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/23 06:06:17.0718 1340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/23 06:06:17.0843 1340 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110722.040\NAVENG.SYS
2011/07/23 06:06:18.0000 1340 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110722.040\NAVEX15.SYS
2011/07/23 06:06:18.0187 1340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/23 06:06:18.0250 1340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/23 06:06:18.0312 1340 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/23 06:06:18.0437 1340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/23 06:06:18.0500 1340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/23 06:06:18.0593 1340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/23 06:06:18.0640 1340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/23 06:06:18.0812 1340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/23 06:06:18.0968 1340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/23 06:06:19.0062 1340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/23 06:06:19.0281 1340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/23 06:06:19.0343 1340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/23 06:06:19.0390 1340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/23 06:06:19.0500 1340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/23 06:06:19.0671 1340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/23 06:06:19.0734 1340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/23 06:06:19.0765 1340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/23 06:06:19.0843 1340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/23 06:06:19.0906 1340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/23 06:06:20.0187 1340 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/23 06:06:20.0218 1340 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/23 06:06:20.0375 1340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/23 06:06:20.0437 1340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/23 06:06:20.0546 1340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/23 06:06:20.0593 1340 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/23 06:06:20.0625 1340 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/23 06:06:20.0718 1340 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/23 06:06:20.0812 1340 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/23 06:06:20.0906 1340 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/23 06:06:20.0984 1340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/23 06:06:21.0046 1340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/23 06:06:21.0109 1340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/23 06:06:21.0156 1340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/23 06:06:21.0218 1340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/23 06:06:21.0296 1340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/23 06:06:21.0421 1340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/23 06:06:21.0484 1340 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/23 06:06:21.0828 1340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/23 06:06:21.0921 1340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/23 06:06:22.0000 1340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/23 06:06:22.0140 1340 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/23 06:06:22.0203 1340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/23 06:06:22.0375 1340 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/07/23 06:06:22.0500 1340 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/23 06:06:22.0625 1340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/23 06:06:22.0687 1340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/23 06:06:22.0843 1340 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
2011/07/23 06:06:23.0031 1340 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
2011/07/23 06:06:23.0093 1340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/23 06:06:23.0203 1340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/23 06:06:23.0359 1340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/23 06:06:23.0437 1340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/23 06:06:23.0515 1340 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/23 06:06:23.0656 1340 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/23 06:06:23.0781 1340 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
2011/07/23 06:06:23.0953 1340 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
2011/07/23 06:06:24.0062 1340 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/07/23 06:06:24.0234 1340 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
2011/07/23 06:06:24.0328 1340 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
2011/07/23 06:06:24.0468 1340 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/23 06:06:24.0500 1340 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/23 06:06:24.0593 1340 SynTP (a4ee086cb6c3c56e1d95863979a35bb0) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/23 06:06:24.0671 1340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/23 06:06:24.0906 1340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/23 06:06:24.0968 1340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/23 06:06:25.0015 1340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/23 06:06:25.0156 1340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/23 06:06:25.0265 1340 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/23 06:06:25.0343 1340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/23 06:06:25.0375 1340 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/23 06:06:25.0453 1340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/23 06:06:25.0640 1340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/23 06:06:25.0765 1340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/23 06:06:25.0843 1340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/23 06:06:25.0984 1340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/23 06:06:26.0062 1340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/23 06:06:26.0140 1340 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/23 06:06:26.0218 1340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/23 06:06:26.0359 1340 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/23 06:06:26.0390 1340 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/23 06:06:26.0437 1340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/23 06:06:26.0531 1340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/23 06:06:26.0625 1340 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/23 06:06:26.0812 1340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/23 06:06:26.0984 1340 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/23 06:06:27.0093 1340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/23 06:06:27.0234 1340 MBR (0x1B8) (7c733682f68536c7604cc415181ad466) \Device\Harddisk0\DR0
2011/07/23 06:06:27.0515 1340 Boot (0x1200) (c03d7e79c5f817ec987ee822877cfdff) \Device\Harddisk0\DR0\Partition0
2011/07/23 06:06:27.0531 1340 ================================================================================
2011/07/23 06:06:27.0531 1340 Scan finished
2011/07/23 06:06:27.0531 1340 ================================================================================
2011/07/23 06:06:27.0578 3636 Detected object count: 0
2011/07/23 06:06:27.0578 3636 Actual detected object count: 0

#6 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,857
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 23 July 2011 - 06:11 AM

Please run the following:

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

NEXT

Scan With RootKitUnHooker

Please Download Rootkit Unhooker and save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#7 elybeit09

Member

Group: Members
Posts: 75
Joined: 20-July 11

Posted 23 July 2011 - 06:20 AM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7248

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/23/2011 6:19:29 AM
mbam-log-2011-07-23 (06-19-29).txt

Scan type: Quick scan
Objects scanned: 146102
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 elybeit09

Member

Group: Members
Posts: 75
Joined: 20-July 11

Posted 23 July 2011 - 07:37 AM

no threats from eset

#9 elybeit09

Member

Group: Members
Posts: 75
Joined: 20-July 11

Posted 23 July 2011 - 07:42 AM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB2144000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA18A5000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5140480 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA12D4000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1773568 bytes (-, UVC Camera Streaming Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0x9FEC3000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110722.040\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
0xB1FC6000 C:\WINDOWS\system32\DRIVERS\athw.sys 1318912 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xA1206000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 843776 bytes
0xF73FC000 iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xA1485000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys 827392 bytes (Symantec Corporation, BASH Driver)
0xF725B000 SYMEFA.SYS 765952 bytes
0xF71B7000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA003A000 C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
0xB1EF5000 C:\WINDOWS\System32\Drivers\wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA15AD000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA154F000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB1E4C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA16B6000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110722.031\IDSxpx86.sys 368640 bytes (Symantec Corporation, IDS Core Driver)
0xA175C000 C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xA17B5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA1039000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF7328000 SYMDS.SYS 356352 bytes
0xBF47A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA04B3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB1F71000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 200704 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF7512000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA1139000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF718A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF739F000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x9FD70000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA161D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB2108000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA168E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA1736000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA1710000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0xA1648000 C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0xA1881000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB1FA2000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB1EAA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA166C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF737F000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74E2000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x9FE66000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF7170000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73CB000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF73E4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF74CA000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7244000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB1EDE000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA0B4C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0x9FEAF000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110722.040\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB2130000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA180E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7316000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7501000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB1ECD000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7631000 Combo-Fix.sys 61440 bytes
0xB2E58000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA0CE1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB2E68000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75C1000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF7591000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xB3640000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 57344 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver)
0xF7621000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB3630000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB3610000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB2AF9000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7581000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB3620000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF7601000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75F1000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xB2EB8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7681000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7691000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7661000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7671000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xB2B49000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7571000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB3600000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB2B89000 C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0xF7651000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7561000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB2E88000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF75E1000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75B1000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF7641000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xB2E98000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9FDBB000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7611000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB3650000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB2B69000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB2EA8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB2E28000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF75A1000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75D1000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF7701000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB2DBE000 C:\ComboFix\catchme.sys 32768 bytes
0xB2C95000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7811000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7821000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xB37AA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77F9000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF7849000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF77E1000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7841000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xEFFCA000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xF7819000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7829000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7831000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xB2DF6000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB2DEE000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB37B2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB2DB6000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB37A2000 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 20480 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0xF7839000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xB2DFE000 C:\WINDOWS\System32\Drivers\GIDv2.SYS 20480 bytes (StrikeForce Technologies, Inc., GuardedID v2 Keyboard Filter)
0xF7809000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7801000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xB2C9D000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77E9000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB2DDE000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB2DD6000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77F1000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xB2DE6000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78A9000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7985000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF7995000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF7979000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF799D000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xB3D3D000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7981000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF798D000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF5AD0000 C:\PROGRA~1\LAUNCH~1\DPortIO.sys 16384 bytes (Dritek System Inc., General Port I/O)
0xF7999000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF713C000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xB3D2D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB76CD000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7989000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF797D000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7991000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7971000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7975000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB676A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB2893000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB3D35000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB288F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB3D39000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7A65000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7AF5000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A6F000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7A6D000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7AF3000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A67000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A61000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AF7000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A71000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xEFE85000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xB4F5A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AE9000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A69000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7AE7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A6B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A63000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB356D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BC2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB2AF8000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B2A000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B29000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#10 elybeit09

Member

Group: Members
Posts: 75
Joined: 20-July 11

Posted 23 July 2011 - 08:21 AM

so i was looking around and i was wondering are perflib_perfdata dat files that cant be deleted an issue?

#11 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,857
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 23 July 2011 - 08:22 AM

How is the computer running? Are there any outstanding issues?

Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011