Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: The Week in Ransomware - April 20th 2018 - Reveton Charges, GandCrab, and More

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Infected and under attack

Started by Mark889 , Jun 06 2010 11:14 AM

Please log in to reply

11 replies to this topic

#1 Mark889

Members
23 posts
OFFLINE

Gender:Male
Location:Southern NJ
Local time:10:22 AM

Posted 06 June 2010 - 11:14 AM

Hi everyone,
I've been attempting to work my way through this mess on my own, but have failed miserably :trumpet:

I believe I have picked up some sort of bug from one of the other websites I visit. I'll try to be a brief as possible.
The problem started 2 days ago, while on the website that night, I started receiving warnings from Norton Security saying that an intrusion attempt was blocked. Based on the warning info the attacks had come from: 19js810300z.com and zz87jhfda88.com. When I attempted to do a google search of those locations, the results displayed normally (one of which included this website) however when I attempted to navigate here, I was redirected to to other websites that had nothing to do with my search. After a couple of failed attempts I disconnected from the internet/network. Yesterday I attempted to clean my system using Norton Antivirus, SuperAntispyware and Malwarebytes AM. Norton found nothing. The others found a trojan.dropper and rootkit.dropper. Those were cleaned, but as soon as I went back on the internet, the "attacks" started again, though from different .com locations than before :flowers:

Unplugged form the internet again and went back to the scans, but this time.....nothing. This morning I went back on the internet again with my computer and the attacks started, and soon after was being redirected to other websites again. :thumbsup:

I'm definitely at a brickwall now, so I'm using my wifes computer since it doesn't appear to have been affected.
My OS is Windows XP Home SP3 current updates; Internet Explorer 8; Norton Security (AV and Firewall), Spywareblaster, SuperAntiSpyware, and MBAM.

Thank you very much for any help you can offer.
Mark

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:10:22 AM

Posted 06 June 2010 - 04:13 PM

Hello and welcome.. Was the intrusio a Tidserve request?? If so... Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer.

Now run TDDS Killer
Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
It may ask you to reboot the computer to complete the process. Allow it to do so.
When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Mark889

Topic Starter

Members
23 posts
OFFLINE

Gender:Male
Location:Southern NJ
Local time:10:22 AM

Posted 06 June 2010 - 08:48 PM

Here is the txt log when I ran TDSS killer. It found 1 file that the other programs couldn't find.
When I ran MBAM afterwards, it didn't find anything else. So far, so good, I've been on the internet for a couple of hours now and haven't gotten any intrusion warnings or had any problems with my browser getting redirected to other sites. :flowers:

Thanks so much for your help, I really appreciate it. :thumbsup:

16:54:41:968 1980 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
16:54:41:968 1980 ================================================================================
16:54:41:968 1980 SystemInfo:

16:54:41:968 1980 OS Version: 5.1.2600 ServicePack: 3.0
16:54:41:968 1980 Product type: Workstation
16:54:41:968 1980 ComputerName: COMPUTER1
16:54:41:968 1980 UserName: USER
16:54:41:968 1980 Windows directory: C:\WINDOWS
16:54:41:968 1980 Processor architecture: Intel x86
16:54:41:968 1980 Number of processors: 2
16:54:41:968 1980 Page size: 0x1000
16:54:41:968 1980 Boot type: Normal boot
16:54:41:968 1980 ================================================================================
16:54:42:062 1980 Initialize success
16:54:42:062 1980
16:54:42:062 1980 Scanning Services ...
16:54:42:125 1980 Raw services enum returned 355 services
16:54:42:125 1980
16:54:42:125 1980 Scanning Drivers ...
16:54:42:703 1980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:54:42:734 1980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:54:42:765 1980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:54:42:796 1980 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
16:54:42:843 1980 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:54:42:875 1980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:54:42:890 1980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:54:42:906 1980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:54:42:921 1980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:54:42:953 1980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:54:43:000 1980 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
16:54:43:015 1980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:54:43:046 1980 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
16:54:43:062 1980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:54:43:078 1980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:54:43:078 1980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:54:43:125 1980 COMMONFX (12a4291c1853ad2d857a49940e02c597) C:\WINDOWS\system32\drivers\COMMONFX.SYS
16:54:43:125 1980 COMMONFX.SYS (12a4291c1853ad2d857a49940e02c597) C:\WINDOWS\System32\drivers\COMMONFX.SYS
16:54:43:218 1980 ctac32k (6828e496c441298a599b778da37e02ee) C:\WINDOWS\system32\drivers\ctac32k.sys
16:54:43:250 1980 ctaud2k (ddea4817005cdea3831dc6916ed7d377) C:\WINDOWS\system32\drivers\ctaud2k.sys
16:54:43:296 1980 CTAUDFX (97f388eb52f19e149f9cdab405c53fa7) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
16:54:43:312 1980 CTAUDFX.SYS (97f388eb52f19e149f9cdab405c53fa7) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
16:54:43:343 1980 ctdvda2k (b48be5615619b360e71d6d06f7b0648d) C:\WINDOWS\system32\drivers\ctdvda2k.sys
16:54:43:359 1980 CTERFXFX (547f1e690a5994091665a1fcd2bfc091) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
16:54:43:375 1980 CTERFXFX.SYS (547f1e690a5994091665a1fcd2bfc091) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
16:54:43:390 1980 ctprxy2k (e5bbad0a8f9b2965af4b3fbc24098fc9) C:\WINDOWS\system32\drivers\ctprxy2k.sys
16:54:43:406 1980 CTSBLFX (b40b38463c9747f5614bd8982d212dae) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
16:54:43:437 1980 CTSBLFX.SYS (b40b38463c9747f5614bd8982d212dae) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
16:54:43:437 1980 ctsfm2k (4881087b083f7dbf7a1eca63ccae3696) C:\WINDOWS\system32\drivers\ctsfm2k.sys
16:54:43:468 1980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:54:43:515 1980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:54:43:546 1980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:54:43:562 1980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:54:43:578 1980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:54:43:593 1980 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:54:43:625 1980 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:54:43:640 1980 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:54:43:656 1980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:54:43:734 1980 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:54:43:750 1980 emupia (e74433ad1b95d96f4ef6516ff8963c0b) C:\WINDOWS\system32\drivers\emupia2k.sys
16:54:43:765 1980 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
16:54:43:781 1980 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:54:43:796 1980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:54:43:812 1980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:54:43:812 1980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:54:43:828 1980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:54:43:843 1980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:54:43:859 1980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:54:43:875 1980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:54:43:875 1980 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:54:43:890 1980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:54:43:890 1980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:54:43:937 1980 ha10kx2k (703dd73e366d5b926c4f2011d01c69ce) C:\WINDOWS\system32\drivers\ha10kx2k.sys
16:54:43:953 1980 hap16v2k (a94f6783447660573507728af42079ee) C:\WINDOWS\system32\drivers\hap16v2k.sys
16:54:43:968 1980 hap17v2k (156d19c5cf8cc40378dbd7deb6c7ee5c) C:\WINDOWS\system32\drivers\hap17v2k.sys
16:54:43:984 1980 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:54:44:015 1980 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:54:44:046 1980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:54:44:078 1980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:54:44:171 1980 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100528.003\IDSxpx86.sys
16:54:44:171 1980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:54:44:203 1980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:54:44:218 1980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:54:44:250 1980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:54:44:265 1980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:54:44:281 1980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:54:44:281 1980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:54:44:296 1980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:54:44:312 1980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:54:44:312 1980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:54:44:328 1980 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:54:44:343 1980 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
16:54:44:375 1980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:54:44:390 1980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:54:44:406 1980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:54:44:421 1980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:54:44:437 1980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:54:44:437 1980 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:54:44:453 1980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:54:44:468 1980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:54:44:515 1980 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:54:44:531 1980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:54:44:546 1980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:54:44:546 1980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:54:44:546 1980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:54:44:562 1980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:54:44:578 1980 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:54:44:609 1980 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100606.003\NAVENG.SYS
16:54:44:671 1980 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100606.003\NAVEX15.SYS
16:54:44:687 1980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:54:44:703 1980 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:54:44:718 1980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:54:44:718 1980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:54:44:734 1980 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:54:44:734 1980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:54:44:750 1980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:54:44:765 1980 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:54:44:765 1980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:54:44:796 1980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:54:44:812 1980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:54:45:015 1980 nv (406ddab2b05d94d4818e97ff050d1bc6) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:54:45:187 1980 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:54:45:203 1980 nvgts (332f341f8fc3196499e61464355fea41) C:\WINDOWS\system32\DRIVERS\nvgts.sys
16:54:45:218 1980 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:54:45:218 1980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:54:45:250 1980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:54:45:250 1980 ohci1394 (32ca6b91bcc4cb85885ee15c4f6105a3) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:54:45:250 1980 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ohci1394.sys. Real md5: 32ca6b91bcc4cb85885ee15c4f6105a3, Fake md5: ca33832df41afb202ee7aeb05145922f
16:54:45:250 1980 File "C:\WINDOWS\system32\DRIVERS\ohci1394.sys" infected by TDSS rootkit ... 16:54:45:625 1980 Backup copy found, using it..
16:54:45:640 1980 will be cured on next reboot
16:54:45:656 1980 ossrv (d6003739f989a63461dec3e9d670b691) C:\WINDOWS\system32\drivers\ctoss2k.sys
16:54:45:687 1980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:54:45:718 1980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:54:45:734 1980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:54:45:750 1980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:54:45:765 1980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:54:45:796 1980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:54:45:828 1980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:54:45:828 1980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:54:45:843 1980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:54:45:843 1980 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:54:45:890 1980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:54:45:890 1980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:54:45:890 1980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:54:45:906 1980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:54:45:921 1980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:54:45:937 1980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:54:45:953 1980 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:54:45:968 1980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:54:46:000 1980 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:54:46:015 1980 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
16:54:46:015 1980 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
16:54:46:046 1980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:54:46:046 1980 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:54:46:062 1980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:54:46:062 1980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:54:46:093 1980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:54:46:140 1980 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
16:54:46:140 1980 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
16:54:46:156 1980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:54:46:203 1980 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
16:54:46:234 1980 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
16:54:46:265 1980 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
16:54:46:265 1980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:54:46:296 1980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:54:46:328 1980 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
16:54:46:359 1980 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:54:46:390 1980 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
16:54:46:421 1980 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
16:54:46:437 1980 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
16:54:46:437 1980 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
16:54:46:453 1980 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
16:54:46:468 1980 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
16:54:46:500 1980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:54:46:531 1980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:54:46:562 1980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:54:46:578 1980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:54:46:593 1980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:54:46:625 1980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:54:46:656 1980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:54:46:687 1980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:54:46:703 1980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:54:46:718 1980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:54:46:718 1980 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:54:46:734 1980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:54:46:734 1980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:54:46:750 1980 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:54:46:750 1980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:54:46:765 1980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:54:46:781 1980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:54:46:796 1980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:54:46:812 1980 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
16:54:46:828 1980 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
16:54:46:843 1980 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
16:54:46:843 1980 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
16:54:46:859 1980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:54:46:875 1980 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:54:46:875 1980 Reboot required for cure complete..
16:54:46:921 1980 Cure on reboot scheduled successfully
16:54:46:921 1980
16:54:46:921 1980 Completed
16:54:46:921 1980
16:54:46:921 1980 Results:
16:54:46:921 1980 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:54:46:921 1980 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:54:46:921 1980
16:54:46:921 1980 KLMD(ARK) unloaded successfully
----------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2010 5:11:15 PM
mbam-log-2010-06-06 (17-11-15).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 164619
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:10:22 AM

Posted 06 June 2010 - 09:24 PM

Yep,that was it . Good to go now.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
Click the "More Options" tab, then click the "Clean up" button under System Restore.
Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
Click Yes, then click Ok.
Click Yes again when prompted with "Are you sure you want to perform these actions?"
Disk Cleanup will remove the files and close automatically.

Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

#5 Mark889

Topic Starter

Members
23 posts
OFFLINE

Gender:Male
Location:Southern NJ
Local time:10:22 AM

Posted 07 June 2010 - 09:38 AM

I see you are from the Garden State also :trumpet:

I've made a new restore point and removed the old ones as you instructed. Looks like I'm good to go now :flowers:

I can't thank you enough for your help, I was really frustrated with this infection. Thanks again! :thumbsup:

#6 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:10:22 AM

Posted 07 June 2010 - 01:15 PM

Hi yes I am just on the west side of the Hudson atop the Big cliff LOL.

You're welcome from all of us here at BC. We are glad to have helped.
Please take a few minutes to read our quietman7's excellent Tips to protect yourself against malware and reduce the potential for re-infection:,in post 17. :thumbsup:

#7 bethy238

Members
3 posts
OFFLINE

Local time:10:22 AM

Posted 07 June 2010 - 04:58 PM

I did as you said in this topic can here are my logs:
TDSSKiller:
17:19:33:906 5424 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
17:19:33:906 5424 ================================================================================
17:19:33:906 5424 SystemInfo:

17:19:33:906 5424 OS Version: 5.1.2600 ServicePack: 3.0
17:19:33:906 5424 Product type: Workstation
17:19:33:906 5424 ComputerName: BEDROOM
17:19:33:906 5424 UserName: James
17:19:33:906 5424 Windows directory: C:\WINDOWS
17:19:33:906 5424 Processor architecture: Intel x86
17:19:33:906 5424 Number of processors: 1
17:19:33:906 5424 Page size: 0x1000
17:19:33:906 5424 Boot type: Normal boot
17:19:33:906 5424 ================================================================================
17:19:34:250 5424 Initialize success
17:19:34:250 5424
17:19:34:250 5424 Scanning Services ...
17:19:34:718 5424 Raw services enum returned 411 services
17:19:34:734 5424
17:19:34:734 5424 Scanning Drivers ...
17:19:35:421 5424 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
17:19:35:500 5424 Achernar (4848abf6d2f38c8a1f2138d4fe8f9455) C:\WINDOWS\system32\Drivers\Achernar.sys
17:19:35:562 5424 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:19:35:625 5424 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:19:35:718 5424 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
17:19:35:812 5424 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:19:35:890 5424 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:19:36:046 5424 Aldebaran (03a26904786d78552b93bb4d64f0b72f) C:\WINDOWS\System32\Drivers\Aldebaran.sys
17:19:36:203 5424 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
17:19:36:265 5424 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:19:36:343 5424 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:19:36:578 5424 ati2mtag (e69b295083419e13521f01df76f35db0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:19:36:796 5424 AtiHdmiService (f661f01e990b84c58519c1ff43c2108f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:19:36:859 5424 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:19:36:937 5424 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:19:36:984 5424 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:19:37:062 5424 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
17:19:37:125 5424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:19:37:203 5424 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:19:37:265 5424 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
17:19:37:343 5424 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:19:37:359 5424 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:19:37:406 5424 Cdrom (0abd80ec8f8bddce0991b5768b8b27f9) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:19:37:406 5424 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 0abd80ec8f8bddce0991b5768b8b27f9, Fake md5: 4e963e3bbeaf499b9d5f7cd97c22dd0a
17:19:37:406 5424 File "C:\WINDOWS\system32\DRIVERS\cdrom.sys" infected by TDSS rootkit ... 17:19:39:625 5424 Backup copy found, using it..
17:19:39:687 5424 will be cured on next reboot
17:19:39:828 5424 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
17:19:39:968 5424 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:19:40:015 5424 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:19:40:062 5424 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:19:40:093 5424 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:19:40:125 5424 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:19:40:171 5424 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
17:19:40:218 5424 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:19:40:265 5424 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:19:40:328 5424 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:19:40:531 5424 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:19:40:593 5424 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:19:40:609 5424 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:19:40:656 5424 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
17:19:40:703 5424 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS
17:19:40:734 5424 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:19:40:765 5424 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:19:40:812 5424 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:19:40:859 5424 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:19:40:890 5424 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:19:40:921 5424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:19:40:968 5424 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:19:41:000 5424 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:19:41:031 5424 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:19:41:078 5424 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:19:41:125 5424 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:19:41:171 5424 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:19:41:218 5424 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:19:41:281 5424 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:19:41:375 5424 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:19:41:437 5424 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:19:41:515 5424 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:19:41:812 5424 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100528.003\IDSxpx86.sys
17:19:41:953 5424 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:19:42:015 5424 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:19:42:078 5424 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:19:42:140 5424 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:19:42:296 5424 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:19:42:359 5424 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:19:42:421 5424 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:19:42:453 5424 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:19:42:515 5424 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:19:42:578 5424 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:19:42:671 5424 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:19:42:734 5424 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
17:19:42:796 5424 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:19:42:859 5424 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:19:42:968 5424 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
17:19:43:078 5424 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
17:19:43:156 5424 lvselsus (8b022db3549797965a64968bd282d5ac) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
17:19:43:218 5424 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
17:19:43:468 5424 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
17:19:43:718 5424 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
17:19:43:812 5424 MDC8021X (8fee53c104223973ed9919936d9cd156) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
17:19:43:875 5424 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:19:43:953 5424 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:19:44:015 5424 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:19:44:046 5424 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:19:44:093 5424 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:19:44:156 5424 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:19:44:218 5424 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:19:44:312 5424 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys
17:19:44:375 5424 MR97310_VGA_DUAL_CAMERA (15a7769df62938c56318ed8f95376001) C:\WINDOWS\system32\DRIVERS\mr97310v.sys
17:19:44:437 5424 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:19:44:484 5424 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:19:44:500 5424 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:19:44:531 5424 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:19:44:562 5424 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:19:44:593 5424 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:19:44:640 5424 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:19:44:671 5424 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:19:44:703 5424 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:19:44:968 5424 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:19:45:296 5424 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100607.006\NAVENG.SYS
17:19:45:484 5424 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100607.006\NAVEX15.SYS
17:19:45:765 5424 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:19:45:812 5424 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:19:45:843 5424 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:19:45:875 5424 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:19:45:890 5424 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:19:45:921 5424 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:19:45:953 5424 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:19:45:968 5424 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:19:46:015 5424 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:19:46:031 5424 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:19:46:078 5424 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:19:46:125 5424 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:19:46:156 5424 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:19:46:187 5424 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:19:46:234 5424 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:19:46:296 5424 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:19:46:328 5424 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:19:46:375 5424 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:19:46:390 5424 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:19:46:437 5424 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
17:19:46:453 5424 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:19:46:546 5424 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:19:46:562 5424 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:19:46:593 5424 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:19:46:640 5424 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:19:46:703 5424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:19:46:718 5424 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:19:46:750 5424 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:19:46:765 5424 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:19:46:796 5424 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:19:46:812 5424 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:19:46:828 5424 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:19:46:875 5424 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:19:46:906 5424 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:19:46:968 5424 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:19:47:031 5424 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
17:19:47:062 5424 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:19:47:093 5424 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:19:47:109 5424 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:19:47:156 5424 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:19:47:203 5424 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
17:19:47:234 5424 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:19:47:265 5424 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:19:47:328 5424 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
17:19:47:359 5424 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
17:19:47:390 5424 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
17:19:47:421 5424 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:19:47:453 5424 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:19:47:484 5424 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:19:47:531 5424 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:19:47:625 5424 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
17:19:47:671 5424 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:19:47:703 5424 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
17:19:47:734 5424 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
17:19:47:781 5424 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
17:19:47:796 5424 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
17:19:47:796 5424 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
17:19:47:843 5424 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
17:19:47:921 5424 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:19:47:953 5424 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:19:48:015 5424 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
17:19:48:109 5424 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:19:48:140 5424 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:19:48:171 5424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:19:48:234 5424 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:19:48:281 5424 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:19:48:328 5424 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:19:48:375 5424 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:19:48:437 5424 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:19:48:484 5424 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:19:48:546 5424 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:19:48:593 5424 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:19:48:640 5424 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:19:48:656 5424 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:19:48:687 5424 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:19:48:703 5424 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:19:48:750 5424 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:19:48:781 5424 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:19:48:812 5424 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:19:48:828 5424 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:19:48:890 5424 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
17:19:48:953 5424 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:19:49:000 5424 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:19:49:062 5424 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:19:49:140 5424 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:19:49:187 5424 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:19:49:218 5424 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:19:49:218 5424 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:19:49:265 5424 zumbus (763ac56e714907e9d420b9ab694f7b18) C:\WINDOWS\system32\DRIVERS\zumbus.sys
17:19:49:281 5424 Reboot required for cure complete..
17:19:49:750 5424 Cure on reboot scheduled successfully
17:19:49:750 5424
17:19:49:750 5424 Completed
17:19:49:750 5424
17:19:49:750 5424 Results:
17:19:49:750 5424 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:19:49:750 5424 File objects infected / cured / cured on reboot: 1 / 0 / 1
17:19:49:750 5424
17:19:49:750 5424 KLMD(ARK) unloaded successfully

MBAM LOG:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4176

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/7/2010 5:42:20 PM
mbam-log-2010-06-07 (17-42-20).txt

Scan type: Quick scan
Objects scanned: 166198
Time elapsed: 12 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{0fbc3efb-fc98-4b32-bf10-bde9aa4dea5a} (Adware.Comet) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6a4b7d17-1de9-4c14-8adf-eb4c07060519} (Adware.Comet) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{abf441b2-9b57-4838-96a0-34b1cecd4aa5} (Adware.Comet) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{74278296-0ec7-4f7a-ad55-eb7a2f35f311} (Adware.Comet) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> No action taken.
C:\Program Files\Screensavers.com (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\SSSInstaller (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\bin (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\Ready (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\temp (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\SSSInstaller\Upload (Adware.Comet) -> No action taken.

Files Infected:
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Application Data\avdrn.dat (Malware.Trace) -> No action taken.

My internet seems to be okay for now-but do you suggest I do anything else to make sure my computer is clean?

#8 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:10:22 AM

Posted 07 June 2010 - 07:45 PM

Need to check that you've clicked "Removed Selected" after the scan,. Sometimes that is what this (No action taken) means in the log.

Please run an online scan next with ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Check Remove found threats and Scan potentially unwanted applications.
Click Scan to start. (please be patient as the scan could take some time to complete)
If offered the option to get information or buy software. Just close the window.
When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
folder.
Click > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.

Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

#9 bethy238

Members
3 posts
OFFLINE

Local time:10:22 AM

Posted 08 June 2010 - 04:02 PM

Thank you so much for helping me. Here is the log from ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3e3ed639ac63b6499997fdc33196f213
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-08 02:56:13
# local_time=2010-06-08 10:56:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 105162336 105162336 0 0
# compatibility_mode=3589 16777173 80 100 2738248 11801581 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=188248
# found=8
# cleaned=8
# scan_time=16939
C:\Documents and Settings\James\My Documents\FrostWire\Saved\call of duty 4 rap hammerhead .mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dealio Toolbar\SearchSettings.dll Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dealio Toolbar\SearchSettings.exe Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dealio Toolbar\SearchSettingsRes409.dll Win32/Adware.Toolbar.Dealio application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dealio Toolbar\WidgiHelper.exe Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\RECYCLER\S-1-5-21-436374069-602609370-725345543-1009\Dc27.avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\RECYCLER\S-1-5-21-436374069-602609370-725345543-1009\Dc31.avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Thanks again!
Beth

#10 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:10:22 AM

Posted 08 June 2010 - 04:18 PM

hi Beth you're welcome. looking better how is it running now?
Let's get one more MBAm.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

#11 bethy238

Members
3 posts
OFFLINE

Local time:10:22 AM

Posted 08 June 2010 - 05:13 PM

YEE HAW!!! Free at last!! I will create a new point and wish me luck. Thanks so much for your help!
Beth

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4181

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/8/2010 5:56:39 PM
mbam-log-2010-06-08 (17-56-39).txt

Scan type: Quick scan
Objects scanned: 166975
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:10:22 AM

Posted 08 June 2010 - 07:46 PM

This is great!! :thumbsup:

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
Click the "More Options" tab, then click the "Clean up" button under System Restore.
Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
Click Yes, then click Ok.
Click Yes again when prompted with "Are you sure you want to perform these actions?"
Disk Cleanup will remove the files and close automatically.

Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

• Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read: