Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware removal help


  • This topic is locked This topic is locked
3 replies to this topic

#1 fvttest

fvttest

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 26 April 2010 - 09:52 AM

Hi All,

I'm not able to run cmd.exe , regedit.exe or most of the exe file from my win xp sp3 pc. I have norton internet security 2010, which reported a trojan.fakeAV attack. Since then I have been experiencing all sorts of issues with running programs. This laptop is not able to go into the safe mode and it is not able to run the gmer.exe file. I'm able to open command.com file and were able to run few utilities. The gmer.exe file was able to run from command.com but caused a blue death screen soon after starting the scan. It happend twice and therefore I can't attach the awr.txt file. I can't tunoff the system restore folder either.

Here is the dds.txt and the attach.zip. Any help you can provide will be greatly appreciated.

Thanks,

DDS (Ver_10-03-17.01) - NTFSx86
Run by Saks at 17:59:40.67 on Sun 04/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3066.2096 [GMT -5:00]


============== Running Processes ===============

C:WINDOWSsystem32ibmpmsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesTortoiseSVNbinTSVNCache.exe
svchost.exe
C:Program FilesLENOVOHOTKEYTPHKSVC.exe
C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesIntelWiFibinEvtEng.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesJavajre6binjqs.exe
C:Program FilesIntelAMTLMS.exe
C:Program FilesAT&T Network ClientNetCfgSv.EXE
C:Program FilesNorton Internet SecurityEngine17.6.0.32ccSvcHst.exe
c:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe
C:Program FilesNorton Internet SecurityEngine17.6.0.32ccSvcHst.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
c:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
C:WINDOWSSystem32TPHDEXLG.exe
C:WINDOWSsystem32TpKmpSVC.exe
C:Program FilesLenovoRescue and Recoveryrrservice.exe
c:Program FilesCommon FilesLenovoSchedulertvtsched.exe
C:Program FilesLenovoRescue and RecoveryUpdateMonitor.exe
C:Program FilesCommon FilesIntelPrivacy IconUNSUNS.exe
C:WINDOWSsystem32SearchIndexer.exe
C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE
C:WINDOWSsystem32SearchProtocolHost.exe
C:WINDOWSsystem32ntvdm.exe
C:Program FilesLenovoRescue and Recoveryrrpservice.exe
C:WINDOWSsystem32taskmgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveToolbarwltuser.exe
C:WINDOWSsystem32SearchProtocolHost.exe
C:Documents and SettingsSanjay SaksenaDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:windowssystem32Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:program filesnorton internet securityengine17.6.0.32coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:program filesnorton internet securityengine17.6.0.32IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:program fileslenovoclient security solutiontvtpwm_ie_com.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:program filesask.comGenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:program filesask.comGenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:program filesnorton internet securityengine17.6.0.32coIEPlg.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [NetSP - restore settings on power failure] "c:program filesat&t network clientNetSP.exe" -show
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [SmartAudio] c:program filesconexantsaiiSAIICpl.exe /t
mRun: [WinampAgent] "c:program fileswinampwinampa.exe"
mRun: [w32msgr] c:sdworkw32main2.exe /log c:sdworkmsgr.txt ospdb.pok.ibm.com
mRun: [UserFaultCheck] %systemroot%system32dumprep 0 -u
mRun: [TVT Scheduler Proxy] c:program filescommon fileslenovoschedulerscheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:program filesthinkpadutilitiesTpKmapAp.exe -helper
mRun: [TPHOTKEY] c:program fileslenovohotkeyTPOSDSVC.exe
mRun: [TPFNF7] c:progra~1lenovonpdirectTPFNF7SP.exe /r
mRun: [SynTPLpr] c:program filessynapticssyntpSynTPLpr.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [stgclean] c:sdworkw32main2.exe /cleanup
mRun: [StartCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun
mRun: [PWRMGRTR] rundll32 c:progra~1thinkpadutilit~1PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [picon] "c:program filescommon filesintelprivacy iconPrivacyIconClient.exe" -startup
mRun: [LPManager] c:progra~1thinkv~1prdctrLPMGR.exe
mRun: [LPMailChecker] c:progra~1thinkv~1prdctrLPMLCHK.exe
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [EZEJMNAP] c:progra~1thinkpadutilit~1EzEjMnAp.Exe
mRun: [cssauth] "c:program fileslenovoclient security solutioncssauth.exe" silent
mRun: [CameraApplicationLauncher] c:program fileslenovocamera centerbinCameraApplicationLaunchpadLauncher.exe
mRun: [BLOG] rundll32 c:progra~1thinkpadutilit~1BatLogEx.DLL,StartBattLog
mRun: [AT&T Communication Manager] "c:program filesat&tcommunication managerATTCM.exe" -a
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [Message Center Plus] c:program fileslenovomessage center plusMCPLaunch.exe /start
mRun: [LENOVO.TPFNF6R] c:program fileslenovohotkeyTPFNF6R.exe
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 9.0acrobatAcrotray.exe"
mRun: [hpqSRMon] c:program fileshpdigital imagingbinhpqSRMon.exe
mRun: [HotSync] "c:program filespalmsourcedesktopHotSync.exe" -AllUsers
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [AmazonGSDownloaderTray] c:program filesamazonamazon games & software downloaderAmazonGSDownloaderTray.exe
mRun: [Intuit SyncManager] c:program filescommon filesintuitsyncIntuitSyncManager.exe startup
mRun: [ewrgetuj] c:docume~1sanjay~1locals~1tempgeurge.exe
mRun: [61369833] c:docume~1alluse~1applic~16136983361369833.exe
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:docume~1alluse~1startm~1programsstartupblueto~1.lnk - c:program filesthinkpadbluetooth softwareBTTray.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphotsyn~1.lnk - c:program filespalmHotsync.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupquickb~1.lnk - c:program filescommon filesintuitquickbooksqbupdateqbupdate.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:program filesthinkpadbluetooth softwarebtsendto_ie_ctx.htm
IE: Send To Bluetooth - c:program filesthinkpadbluetooth softwarebtsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:program filesthinkpadbluetooth softwarebtsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:program fileslenovoclient security solutiontvtpwm_ie_com.dll
LSP: bmnet.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://hdvpn2.harley-davidson.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://dattagample.webs.com/D-Live.ocx
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vjage.com/download/vjocx-en.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:program filesintuitquickbooks 2010HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:windowssystem32mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: tpfnf2 - c:program fileslenovohotkeynotifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:docume~1sanjay~1applic~1mozillafirefoxprofileshij3chib.default
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:documents and settingssanjay saksenaapplication datamozillafirefoxprofileshij3chib.defaultextensionsfirefox@tvunetworks.compluginsnpTVUAx.dll
FF - plugin: c:progra~1palmpackag~1NPInstal.dll
FF - plugin: c:program filesgoogleupdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program fileshpdigital imagingsmart web printingmozillaaddon3pluginsnphpclipbook.dll
FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:windowssystem32driversnis1106000.020symds.sys [2010-4-22 328752]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversnis1106000.020symefa.sys [2010-4-22 172592]
R0 TPDIGIMN;TPDIGIMN;c:windowssystem32driversApsHM86.sys [2009-1-28 20520]
R1 BHDrvx86;BHDrvx86;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nis_17.5.0.127definitionsbashdefs20100324.001BHDrvx86.sys [2010-3-24 536112]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversnis1106000.020cchpx86.sys [2010-4-22 501888]
R1 SymIRON;Symantec Iron Driver;c:windowssystem32driversnis1106000.020ironx86.sys [2010-4-22 116784]
R1 tvtumon;tvtumon;c:windowssystem32driverstvtumon.sys [2008-5-9 46144]
R2 NIS;Norton Internet Security;c:program filesnorton internet securityengine17.6.0.32ccsvchst.exe [2010-4-22 126392]
R2 Power Manager DBC Service;Power Manager DBC Service;c:program filesthinkpadutilitiesPWMDBSVC.exe [2009-2-7 53248]
R2 TPHKSVC;On Screen Display;c:program fileslenovohotkeyTPHKSVC.exe [2008-5-19 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:program fileslenovorescue and recoveryrrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:program fileslenovorescue and recoveryUpdateMonitor.exe [2008-5-9 360448]
R2 UNS;Intel® Active Management Technology User Notification Service;c:program filescommon filesintelprivacy iconunsUNS.exe [2009-2-7 2058776]
R3 5U875UVC;Integrated Camera;c:windowssystem32drivers5U875.sys [2009-2-7 72320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filescommon filessymantec sharedeengineEraserUtilRebootDrv.sys [2010-4-22 102448]
R3 IDSxpx86;IDSxpx86;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nis_17.5.0.127definitionsipsdefs20100415.001IDSXpx86.sys [2010-4-22 329592]
R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:windowssystem32driverslnvobus.sys [2009-2-7 282880]
R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:windowssystem32driverslnvocard.sys [2009-2-7 356480]
R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:windowssystem32driverslnvogps.sys [2009-2-7 77864]
R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:windowssystem32driverslnvomdfl.sys [2009-2-7 15104]
R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:windowssystem32driverslnvomdfl2.sys [2009-2-7 15104]
R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:windowssystem32driverslnvomdm.sys [2009-2-7 365056]
R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:windowssystem32driverslnvomdm2.sys [2009-2-7 408960]
R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:windowssystem32driverslnvounic.sys [2009-2-7 375424]
R3 NAVENG;NAVENG;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nis_17.5.0.127definitionsvirusdefs20100425.005NAVENG.SYS [2010-4-25 84912]
R3 NAVEX15;NAVEX15;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nis_17.5.0.127definitionsvirusdefs20100425.005NAVEX15.SYS [2010-4-25 1324720]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:windowssystem32driverslnvoscard.sys [2009-2-7 24232]
R3 TVTI2C;Lenovo SM bus driver;c:windowssystem32driverstvti2c.sys [2008-2-22 37312]
S2 gupdate1c9ac9836bfc034;Google Update Service (gupdate1c9ac9836bfc034);c:program filesgoogleupdateGoogleUpdate.exe [2009-3-24 133104]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:program fileslenovohotkeymicmute.exe [2009-5-21 45424]
S2 SessionLauncher;SessionLauncher;c:docume~1admini~1locals~1tempdx9sessionlauncher.exe --> c:docume~1admini~1locals~1tempdx9SessionLauncher.exe [?]
S3 Amazon Download Agent;Amazon Download Agent;c:program filesamazonamazon games & software downloaderAmazonGSDownloaderService.exe [2010-1-7 401920]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:program filesat&tcommunication managerRcAppSvc.exe [2008-11-20 113152]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:windowssystem32driverse1y5132.sys [2009-2-7 243856]
S3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:windowssystem32driverslnvond5.sys [2009-2-7 25984]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:program filesmicrosoft sql servermssql10_50.mssqlservermssqlbinnfdlauncher.exe [2009-10-31 28520]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:windowssystem32driversPTUMWBus.sys [2009-10-22 54416]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:windowssystem32driversPTUMWCSP.sys [2009-10-22 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:windowssystem32driversPTUMWFLT.sys [2009-10-22 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:windowssystem32driversPTUMWMdm.sys [2009-10-22 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:windowssystem32driversPTUMWNET.sys [2009-10-22 114192]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:windowssystem32driversPTUMWNSP.sys [2009-10-22 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:windowssystem32driversPTUMWVsp.sys [2009-10-22 160400]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:program filesmicrosoft sql servermsrs10_50.mssqlserverreporting servicesreportserverbinReportingServicesService.exe [2009-10-31 1138024]
S3 RoxMediaDB10;RoxMediaDB10;c:program filescommon filesroxio shared10.0sharedcomRoxMediaDB10.exe [2008-4-25 1120752]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesmicrosoft sql server100sharedsqladhlp.exe [2009-10-31 44904]
S4 RsFx0150;RsFx0150 Driver;c:windowssystem32driversRsFx0150.sys [2009-10-31 240600]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-25 21:49:54 0 d-----w- c:program filesTrend Micro
2010-04-25 20:26:43 5918776 ----a-w- C:mbam-setup-1.45.exe
2010-04-23 14:23:25 0 d-----w- c:docume~1alluse~1applic~1Applications
2010-04-22 05:14:21 805 ----a-w- c:windowssystem32driversSYMEVENT.INF
2010-04-22 05:14:21 7443 ----a-w- c:windowssystem32driversSYMEVENT.CAT
2010-04-22 05:14:21 60808 ----a-w- c:windowssystem32S32EVNT1.DLL
2010-04-22 05:14:21 124976 ----a-w- c:windowssystem32driversSYMEVENT.SYS
2010-04-22 05:14:21 0 d-----w- c:program filescommon filesSymantec Shared
2010-04-22 05:13:52 0 d-----w- c:windowssystem32driversNIS
2010-04-22 05:13:49 0 d-----w- c:program filesNorton Internet Security
2010-04-22 05:13:41 0 d-----w- c:program filesNortonInstaller
2010-04-21 16:09:27 0 d-----w- c:program filesiPod
2010-04-21 16:08:58 0 d-----w- c:docume~1alluse~1applic~1{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 15:55:10 0 d-----w- c:program filesBonjour
2010-04-21 12:47:16 552 ----a-w- c:windowssystem32d3d8caps.dat
2010-04-14 17:14:50 0 d-----w- c:tempe8072405771639876079_out
2010-04-14 16:48:34 0 d-----w- c:docume~1sanjay~1applic~1.oit
2010-04-14 16:48:19 0 d-----w- C:temp
2010-04-08 15:04:11 0 d-----w- c:docume~1alluse~1applic~161369833
2010-04-07 22:14:01 47960 ----a-w- c:windowssystem32perf-ReportServer-rsctr.dll
2010-04-07 22:13:21 47464 ----a-w- c:windowssystem32perf-MSSQL10_50.MSSQLSERVER-sqlagtctr.dll
2010-04-07 22:13:07 73576 ----a-w- c:windowssystem32perf-MSSQLSERVER-sqlctr10.50.1352.12.dll
2010-04-07 21:53:12 0 d-----w- c:windowssystem32RsFx
2010-04-07 21:46:15 0 d-----w- c:program filesMicrosoft Analysis Services
2010-04-07 21:34:24 0 d-----w- c:program filesMicrosoft Synchronization Services
2010-04-07 21:32:45 0 d-----w- c:program filesMicrosoft SQL Server Compact Edition
2010-04-07 21:19:48 0 d-----w- c:program filesMicrosoft SQL Server
2010-04-05 18:05:02 0 d-----w- c:documents and settingssanjay saksenaSametimeMeetings

==================== Find3M ====================

2010-04-25 19:24:55 89440 ----a-w- c:windowssystem32GDIPFONTCACHEV1.DAT
2010-04-22 20:19:09 77568 ----a-w- c:windowssystem32driversWudfPf.sys
2010-03-10 06:15:52 420352 ------w- c:windowssystem32vbscript.dll
2010-03-10 06:15:52 420352 ------w- c:windowssystem32dllcachevbscript.dll
2010-02-25 16:54:36 11070976 ------w- c:windowssystem32dllcacheieframe.dll
2010-02-24 13:11:07 455680 ------w- c:windowssystem32dllcachemrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:windowssystem32dllcacheie4uinit.exe
2010-02-17 14:10:28 2189952 ------w- c:windowssystem32dllcachentoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:windowssystem32ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:windowssystem32dllcachentkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:windowssystem32dllcachentkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:windowssystem32ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:windowssystem32dllcachentkrpamp.exe
2010-02-12 16:46:14 91424 ----a-w- c:windowssystem32dnssd.dll
2010-02-12 16:46:14 107808 ----a-w- c:windowssystem32dns-sd.exe
2010-02-12 04:33:11 100864 ------w- c:windowssystem32dllcache6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:windowssystem326to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:windowssystem32dllcachetcpip6.sys
2010-01-26 19:17:52 23113 ----a-w- c:windowshpqins15.dat
2009-02-07 06:13:29 32768 --sh--w- c:windowssystem32configsystemprofilelocal settingsapplication datamicrosoftfeeds cacheindex.dat
2009-02-07 06:38:27 32768 --sh--w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009020620090207index.dat
2009-02-07 18:43:08 32768 --sh--w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009020720090208index.dat
2009-02-07 06:38:28 16384 --sha-w- c:windowstempcookiesindex.dat
2009-02-07 06:38:28 16384 --sha-w- c:windowstemphistoryhistory.ie5index.dat
2009-02-07 06:38:28 16384 --sha-w- c:windowstemptemporary internet filescontent.ie5index.dat

============= FINISH: 18:02:04.71 ===============

Norton Internet security is reporting Wudfpf.sys as a Backdoor.Tidserv.I!inf threat but it is not able to remove it.

2010-04-25 19:24:55 89440 ----a-w- c:windowssystem32GDIPFONTCACHEV1.DAT
2010-04-22 20:19:09 77568 ----a-w- c:windowssystem32driversWudfPf.sys

thanks

Attached Files


Edited by Budapest, 26 April 2010 - 04:44 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:32 AM

Posted 30 April 2010 - 06:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please try and run Gmer by checking only the SECTIONS option
Posted Image
m0le is a proud member of UNITE

#3 fvttest

fvttest
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 01 May 2010 - 02:07 PM

Thanks for your reply. I have resolved this issue. Please go ahead and close this thread.

Thanks for your help.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:32 AM

Posted 01 May 2010 - 03:36 PM

Thanks for letting me know thumbup2.gif

--------------------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users