Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated Intrusion Attempts from HTTP Tidserv Request and HTTPS Tidserv Request 2


  • This topic is locked This topic is locked
11 replies to this topic

#1 trice1082

trice1082

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 25 May 2010 - 02:13 PM

I keep getting an alert from Norton saying an Intrusion Attempt has been blocked. How do I stop this thing from attacking in the first place. From other forums I've seen, it may some something to do with a rootkit.

"An intrusion attempt by m01n83kf7.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE"

"An intrusion attempt by 202.157.171.207 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"

"An intrusion attempt by 91.212.226.59 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"

etc..

Here is the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Trice at 9:02:51.75 on Tue 05/25/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2356 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ASRock\WiFi-802.11n\WiFi-80211n.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\FPL Remote Access Service\netcfgsvr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\MCUI32.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\MCUI32.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\MCUI32.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\MCUI32.EXE
C:\Documents and Settings\Trice\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [NetSP - restore settings on power failure] "c:\program files\fpl remote access service\NetSP.exe" -show
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\trice\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asrock~1.lnk - c:\program files\asrock\wifi-802.11n\WiFi-80211n.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235338415101
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\trice\applic~1\mozilla\firefox\profiles\744cd2o6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-23 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-23 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-23 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100518.002\IDSXpx86.sys [2010-5-24 331640]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-23 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-1 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100524.048\NAVENG.SYS [2010-5-25 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100524.048\NAVEX15.SYS [2010-5-25 1347504]

=============== Created Last 30 ================

2010-05-25 13:00:51 0 ----a-w- c:\documents and settings\trice\defogger_reenable
2010-05-25 02:25:17 0 d-----w- c:\docume~1\trice\applic~1\SafeReturner
2010-05-25 02:25:15 0 d-----w- c:\program files\Safe Returner
2010-05-25 01:31:39 0 d-----w- c:\docume~1\trice\applic~1\Malwarebytes
2010-05-25 01:31:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 01:31:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-25 01:31:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 01:31:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 12:49:50 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ------w- c:\windows\system32\ieencode.dll

============= FINISH: 9:03:18.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 AM

Posted 25 May 2010 - 02:20 PM

Good evening. smile.gif

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important.
  • You will then need to extract the file(s) from the zipped folder.

  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish


  • Close all open programs as a reboot may be required.
  • Go to Start > Run, copy and paste the following into the text box and hit OK:

    "%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt

  • A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped.
  • If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manually
Please post the contents of the log, report.txt, in your next reply.

So long, and thanks for all the fish.

 

 


#3 trice1082

trice1082
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 25 May 2010 - 02:35 PM

Here are the contents of the log file:

15:27:51:406 0776 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
15:27:51:406 0776 ================================================================================
15:27:51:406 0776 SystemInfo:

15:27:51:406 0776 OS Version: 5.1.2600 ServicePack: 3.0
15:27:51:406 0776 Product type: Workstation
15:27:51:406 0776 ComputerName: PATRICE
15:27:51:406 0776 UserName: Trice
15:27:51:406 0776 Windows directory: C:\WINDOWS
15:27:51:406 0776 Processor architecture: Intel x86
15:27:51:406 0776 Number of processors: 2
15:27:51:406 0776 Page size: 0x1000
15:27:51:421 0776 Boot type: Normal boot
15:27:51:421 0776 ================================================================================
15:27:51:640 0776 Initialize success
15:27:51:640 0776
15:27:51:640 0776 Scanning Services ...
15:27:52:046 0776 Raw services enum returned 342 services
15:27:52:046 0776 Exact detect hjgruindjwoiat (h: 0, b: 1)
15:27:52:046 0776 RegNode HKLM\SYSTEM\ControlSet001\services\hjgruindjwoiat infected by TDSS rootkit ... 15:27:52:046 0776 will be deleted on reboot
15:27:52:046 0776 RegNode HKLM\SYSTEM\ControlSet002\services\hjgruindjwoiat infected by TDSS rootkit ... 15:27:52:046 0776 will be deleted on reboot
15:27:52:093 0776 File C:\WINDOWS\system32\drivers\hjgruiaiorqkmw.sys infected by TDSS rootkit ... 15:27:52:093 0776 will be deleted on reboot
15:27:52:093 0776 File C:\WINDOWS\system32\hjgruitryrmnen.dll infected by TDSS rootkit ... 15:27:52:093 0776 will be deleted on reboot
15:27:52:093 0776 File C:\WINDOWS\system32\hjgruirdlolxum.dat infected by TDSS rootkit ... 15:27:52:093 0776 will be deleted on reboot
15:27:52:093 0776 File C:\WINDOWS\system32\hjgruiovaceoul.dll infected by TDSS rootkit ... 15:27:52:093 0776 will be deleted on reboot
15:27:52:093 0776 File C:\WINDOWS\system32\hjgruijogcsxpn.dat infected by TDSS rootkit ... 15:27:52:093 0776 will be deleted on reboot
15:27:52:093 0776
15:27:52:093 0776 Scanning Drivers ...
15:27:52:656 0776 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:27:52:687 0776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:27:52:750 0776 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:27:52:796 0776 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:27:52:859 0776 agnfilt (e40f1f658c70bc5fe9a70dd82c255080) C:\WINDOWS\system32\DRIVERS\agnfilt.sys
15:27:52:890 0776 agnwifi (685443afa5d1a94c5f47e4846b0e4c3d) C:\WINDOWS\system32\DRIVERS\agnwifi.sys
15:27:52:953 0776 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:27:53:000 0776 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:27:53:031 0776 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:27:53:046 0776 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:27:53:156 0776 ati2mtag (3b23691e9eef04de3364d9271371bbde) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:27:53:187 0776 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:27:53:218 0776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:27:53:234 0776 avpnnic (ca91a96e5e24799c551216a70072f979) C:\WINDOWS\system32\DRIVERS\avpnnic.sys
15:27:53:281 0776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:27:53:359 0776 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
15:27:53:390 0776 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
15:27:53:453 0776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:27:53:484 0776 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:27:53:546 0776 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
15:27:53:593 0776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:27:53:640 0776 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:27:53:656 0776 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:27:53:687 0776 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:27:53:718 0776 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:27:53:765 0776 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:27:53:796 0776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:27:53:812 0776 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:27:53:828 0776 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:27:53:937 0776 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:27:53:953 0776 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:27:53:953 0776 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:27:53:984 0776 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:27:54:000 0776 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:27:54:015 0776 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:27:54:031 0776 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:27:54:062 0776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:27:54:078 0776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:27:54:109 0776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:27:54:125 0776 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:27:54:140 0776 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:27:54:156 0776 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:27:54:187 0776 hjgruindjwoiat (de5093366dfce48e575c7d36b634877f) C:\WINDOWS\system32\drivers\hjgruiaiorqkmw.sys
15:27:54:250 0776 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:27:54:265 0776 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:27:54:484 0776 IDSxpx86 (1ca8e9bd3cb6d16e54d08240dd3a4f66) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100518.002\IDSxpx86.sys
15:27:54:484 0776 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:27:54:640 0776 IntcAzAudAddService (c282875880df189c64c465fc54a0150a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:27:54:703 0776 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:27:54:765 0776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:27:54:812 0776 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:27:54:843 0776 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:27:54:843 0776 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:27:54:875 0776 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:27:54:906 0776 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:27:54:921 0776 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:27:54:937 0776 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:27:54:968 0776 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
15:27:54:984 0776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:27:55:000 0776 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:27:55:031 0776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:27:55:046 0776 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:27:55:062 0776 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:27:55:093 0776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:27:55:125 0776 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:27:55:140 0776 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:27:55:187 0776 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:27:55:187 0776 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:27:55:218 0776 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:27:55:234 0776 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:27:55:250 0776 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:27:55:265 0776 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:27:55:281 0776 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:27:55:296 0776 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:27:55:328 0776 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:27:55:531 0776 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100525.003\NAVENG.SYS
15:27:55:578 0776 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100525.003\NAVEX15.SYS
15:27:55:609 0776 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:27:55:656 0776 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:27:55:687 0776 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:27:55:703 0776 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:27:55:703 0776 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:27:55:734 0776 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:27:55:859 0776 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:27:55:921 0776 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:27:56:046 0776 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:27:56:046 0776 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:27:56:125 0776 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:27:56:187 0776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:27:56:234 0776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:27:56:234 0776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:27:56:250 0776 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:27:56:281 0776 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:27:56:281 0776 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:27:56:328 0776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:27:56:359 0776 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:27:56:390 0776 PCIIde (e80539573cbf5879505e2e5cb8068d3d) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:27:56:390 0776 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: e80539573cbf5879505e2e5cb8068d3d, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0
15:27:56:390 0776 File "C:\WINDOWS\system32\DRIVERS\pciide.sys" infected by TDSS rootkit ... 15:27:57:640 0776 Backup copy found, using it..
15:27:57:718 0776 will be cured on next reboot
15:27:57:812 0776 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:27:57:875 0776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:27:57:890 0776 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:27:57:906 0776 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:27:57:937 0776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:27:57:953 0776 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:27:57:984 0776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:27:58:015 0776 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:27:58:015 0776 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:27:58:015 0776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:27:58:031 0776 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:27:58:046 0776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:27:58:046 0776 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:27:58:078 0776 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:27:58:125 0776 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:27:58:171 0776 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:27:58:203 0776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:27:58:218 0776 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:27:58:234 0776 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:27:58:281 0776 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:27:58:312 0776 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:27:58:343 0776 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:27:58:375 0776 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:27:58:437 0776 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
15:27:58:437 0776 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
15:27:58:468 0776 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
15:27:58:484 0776 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:27:58:500 0776 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:27:58:515 0776 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:27:58:578 0776 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
15:27:58:609 0776 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
15:27:58:609 0776 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
15:27:58:625 0776 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
15:27:58:671 0776 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
15:27:58:671 0776 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
15:27:58:687 0776 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
15:27:58:718 0776 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
15:27:58:765 0776 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:27:58:906 0776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:27:58:921 0776 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:27:58:937 0776 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:27:58:984 0776 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:27:59:015 0776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:27:59:125 0776 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:27:59:156 0776 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:27:59:171 0776 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:27:59:187 0776 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:27:59:203 0776 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:27:59:234 0776 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:27:59:265 0776 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:27:59:312 0776 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:27:59:359 0776 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:27:59:406 0776 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:27:59:421 0776 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:27:59:515 0776 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\WINDOWS\system32\DRIVERS\VX3000.sys
15:27:59:531 0776 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:27:59:562 0776 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:27:59:562 0776 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:27:59:593 0776 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:27:59:609 0776 Reboot required for cure complete..
15:28:00:156 0776 Cure on reboot scheduled successfully
15:28:00:156 0776
15:28:00:156 0776 Completed
15:28:00:156 0776
15:28:00:156 0776 Results:
15:28:00:156 0776 Registry objects infected / cured / cured on reboot: 2 / 0 / 2
15:28:00:156 0776 File objects infected / cured / cured on reboot: 6 / 0 / 6
15:28:00:156 0776
15:28:00:156 0776 KLMD(ARK) unloaded successfully


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 AM

Posted 25 May 2010 - 05:16 PM

Ensure that you reboot the PC before you follow these instructions and then post accordingly:

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log AND a description of how your PC is behaving.

So long, and thanks for all the fish.

 

 


#5 trice1082

trice1082
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 25 May 2010 - 07:36 PM

MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4143

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/25/2010 8:26:50 PM
mbam-log-2010-05-25 (20-26-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 187099
Time elapsed: 34 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


new DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Trice at 20:29:24.56 on Tue 05/25/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2492 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ASRock\WiFi-802.11n\WiFi-80211n.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\FPL Remote Access Service\netcfgsvr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Trice\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [NetSP - restore settings on power failure] "c:\program files\fpl remote access service\NetSP.exe" -show
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\trice\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asrock~1.lnk - c:\program files\asrock\wifi-802.11n\WiFi-80211n.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235338415101
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\trice\applic~1\mozilla\firefox\profiles\744cd2o6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-23 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-23 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-23 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100518.002\IDSXpx86.sys [2010-5-24 331640]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-23 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-1 102448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-24 38224]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100525.003\NAVENG.SYS [2010-5-25 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100525.003\NAVEX15.SYS [2010-5-25 1347504]

=============== Created Last 30 ================

2010-05-25 13:00:51 0 ----a-w- c:\documents and settings\trice\defogger_reenable
2010-05-25 02:25:17 0 d-----w- c:\docume~1\trice\applic~1\SafeReturner
2010-05-25 02:25:15 0 d-----w- c:\program files\Safe Returner
2010-05-25 01:31:39 0 d-----w- c:\docume~1\trice\applic~1\Malwarebytes
2010-05-25 01:31:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 01:31:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-25 01:31:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 01:31:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 12:49:50 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-05-25 19:29:26 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ------w- c:\windows\system32\ieencode.dll

============= FINISH: 20:29:40.29 ===============


My PC is behaving well. The performance is back to normal. I haven't received any alerts of Intrusion Attempts since running TDSS Killer.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 AM

Posted 26 May 2010 - 02:42 PM

Good evening. smile.gif

Download Sec-Info.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see a folder with a .vbs file in it. Double click Sec-info.vbs to run it and a text file called Sec-Info.txt should be created in the same folder - either that or you'll get an error message.
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

So long, and thanks for all the fish.

 

 


#7 trice1082

trice1082
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 26 May 2010 - 07:08 PM

The text file was created but it was blank.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 AM

Posted 27 May 2010 - 01:55 PM

Good evening. smile.gif

Never mind. I'd like you to run one last scan and then we can wrap things up. Pay a visit to the ESET Online Scanner.
  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you uncheck the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#9 trice1082

trice1082
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 27 May 2010 - 05:18 PM

Contents of file from ESET:

C:\Documents and Settings\Trice\My Documents\Downloads\Marvin Sapp - Thirsty\03 - Possess The Land.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 AM

Posted 29 May 2010 - 01:39 PM

Good evening. smile.gif

I can't tell from the above whether the file is actually malicious or a false-positive detection. Given that you should know where the file came from, if you trust the source keep it; if you don't lose it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.

So long, and thanks for all the fish.

 

 


#11 trice1082

trice1082
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 30 May 2010 - 07:22 PM

Ok!! Thanks for all your help!! smile.gif

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 AM

Posted 04 June 2010 - 01:32 PM

As this issue appears to have been resolved the thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users