Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pc infected: Search Engine Hijacker and popups


  • This topic is locked This topic is locked
7 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 06 June 2010 - 04:24 PM

Hey all,

I would appreciate assistance with this malware problem. I'm getting search engine hijack redirects and random popups now. Here is the DDS.txt log. I've also attached ark.txt and attach.txt.

thank you!



DDS (Ver_10-03-17.01) - NTFSx86
Run by glindholm at 14:21:43.59 on Sun 06/06/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3573.1875 [GMT -7:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP2014MC.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\V0400Mon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe
C:\Program Files\Citrix\GoToMeeting\452\g2mcomm.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Citrix\GoToMeeting\452\g2mlauncher.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.TerminalServer.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\glindholm\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.drudgereport.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /fu "c:\windows\temp\E_S1A93.tmp" /EF "HKCU"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\452\g2mstart.exe" "/Trigger RunAtLogon"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OdTray.exe] c:\program files\juniper networks\odyssey access client\OdTray.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-explorer: MaxRecentDocs = 50 (0x32)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: training
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www.addonchat.com/404.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {AB4C9C92-7E05-40B7-99F2-7E14DF6C73E4} - hxxp://135.135.10.54/latitude/include/terminal/PathGuideTerminal.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.ellsworth.com/dana-cached/sc/JuniperSetupClient.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-4 64288]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2008-9-2 9856]
R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [2008-9-2 282496]
R2 LatitudeTS;Latitude Terminal Server;c:\program files\pathtech\latitude\bin\PathGuide.Latitude.TerminalServer.exe [2010-1-12 872448]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-4-4 2440120]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-3-31 54960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-2 102448]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2008-8-26 390528]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [2008-8-26 29312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S2 LatitudeMetrics;Latitude Metrics Engine;c:\program files\pathtech\latitude\bin\PathGuide.Latitude.MetricsEngine.exe [2010-1-12 52736]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-10-14 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-10-14 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-10-14 166720]
S4 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2008-9-2 116008]
S4 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2008-8-20 87416]

=============== Created Last 30 ================

2010-06-05 22:23:31 349004663 ----a-w- c:\windows\MEMORY.DMP
2010-06-05 20:01:10 0 d-----w- c:\program files\Trend Micro
2010-06-04 19:44:12 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-04 19:33:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-04 19:27:04 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-04 19:26:51 0 d-----w- c:\programdata\Lavasoft
2010-06-04 19:26:51 0 d-----w- c:\program files\Lavasoft
2010-06-04 08:47:08 0 d-----w- c:\program files\LimeWire
2010-06-03 00:55:20 0 d-----w- c:\program files\iPod
2010-06-03 00:55:17 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-03 00:55:17 0 d-----w- c:\program files\iTunes
2010-06-03 00:50:09 0 d-----w- c:\program files\Bonjour
2010-06-02 18:32:44 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-06-02 04:14:32 507392 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-06-02 03:27:37 0 d-----w- c:\programdata\Acronis
2010-06-01 23:22:15 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-05-26 12:05:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 20:09:08 13030 ----a-w- C:\PDOXUSRS.NET
2010-05-25 20:07:36 0 d-----w- c:\program files\common files\Borland Shared
2010-05-25 20:07:33 0 d-----w- c:\program files\Intermec
2010-05-22 15:36:11 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2010-05-22 15:36:11 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-05-20 17:30:23 0 d-----w- c:\program files\MSXML 4.0
2010-05-19 18:39:33 0 d-----w- c:\programdata\InstallShield
2010-05-12 00:32:17 0 d-----w- c:\programdata\WindowsSearch
2010-05-11 19:01:00 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 01:17:54 55856 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-11 01:17:54 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-11 01:17:47 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-11 01:17:42 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-05-11 01:17:41 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-05-11 01:17:37 50736 ----a-r- c:\windows\system32\vmnetbridge.dll
2010-05-11 01:17:37 31280 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-11 01:17:37 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-05-11 01:17:31 723504 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-11 01:17:06 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-05-11 01:07:20 0 d-----w- c:\program files\VMware

==================== Find3M ====================

2010-06-03 00:50:38 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-03 00:50:38 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-03 00:50:38 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-04 06:37:47 171404 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-16 15:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 15:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-01 01:41:38 252464 ----a-w- c:\windows\system32\vmnc.dll
2009-11-30 16:58:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-22 15:52:09 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-12 16:46:40 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-12 16:46:40 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-12 16:46:40 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:23:05.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:22 AM

Posted 10 June 2010 - 02:28 AM

Hi art_vandelay,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes.

Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

CODE
@ECHO OFF
if exist mbr.log del mbr.log
mbr.exe -t
ping 1.1.1.1 -n 1 -w 1500 >nul 2>&1
start mbr.log

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select Save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate look.bat on the desktop. It should look like this:
  • Right-click to run it as administrator.
  • A notepad opens, copy and paste the content (log.txt) to your reply.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:22 AM

Posted 15 June 2010 - 07:52 AM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:22 AM

Posted 16 June 2010 - 01:30 AM

The topic reopened due to this PM:

QUOTE
Greetings,

I didn't get your response to my thread ("pc infected: Search Engine Hijacker and popups") until today, but I see that it has already been closed due to lack of response.

Anyway, hopefully I can still get help for this problem. Here is the text from log.txt from running

mbr.exe as instructed:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85DD5EC5]<<
kernel: MBR read successfully
user & kernel MBR OK

Thanks. Let me know if you'd prefer to simply have my original thread reopened and i can post there.

Thanks!


In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replies.

We are going to run this special tool.
  • Please download TDSSKiller.exe and save it to your desktop.
  • Run TDSSKiller.exe.
  • When it finished press any key to continue.
  • Let reboot if needed and tell me if it needed a reboot.
  • Also it makes a txt file on the C:\ directory (like TDSSKiller.2.3.2.0_Date_Time_log.txt). Please attach it to your replay.


#5 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 June 2010 - 04:48 AM

Thank you! Here is the TDS log.


05:44:00:970 3368 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
05:44:00:970 3368 ================================================================================
05:44:00:970 3368 SystemInfo:

05:44:00:970 3368 OS Version: 6.0.6002 ServicePack: 2.0
05:44:00:971 3368 Product type: Workstation
05:44:00:971 3368 ComputerName: GEORGEL
05:44:00:971 3368 UserName: glindholm
05:44:00:971 3368 Windows directory: C:\Windows
05:44:00:971 3368 Processor architecture: Intel x86
05:44:00:971 3368 Number of processors: 2
05:44:00:971 3368 Page size: 0x1000
05:44:00:973 3368 Boot type: Normal boot
05:44:00:973 3368 ================================================================================
05:44:01:730 3368 Initialize success
05:44:01:731 3368
05:44:01:732 3368 Scanning Services ...
05:44:02:567 3368 Raw services enum returned 485 services
05:44:02:580 3368
05:44:02:580 3368 Scanning Drivers ...
05:44:03:320 3368 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
05:44:03:376 3368 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
05:44:03:513 3368 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
05:44:03:570 3368 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
05:44:03:606 3368 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
05:44:03:654 3368 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
05:44:03:681 3368 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
05:44:03:729 3368 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
05:44:03:765 3368 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
05:44:03:793 3368 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
05:44:03:851 3368 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
05:44:03:887 3368 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
05:44:03:930 3368 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
05:44:03:965 3368 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
05:44:03:995 3368 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
05:44:04:030 3368 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
05:44:04:065 3368 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
05:44:04:107 3368 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
05:44:04:242 3368 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
05:44:04:382 3368 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
05:44:04:408 3368 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
05:44:04:447 3368 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
05:44:04:485 3368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
05:44:04:520 3368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
05:44:04:567 3368 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
05:44:04:624 3368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
05:44:04:696 3368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
05:44:04:736 3368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
05:44:04:760 3368 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
05:44:04:818 3368 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
05:44:04:852 3368 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
05:44:04:881 3368 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
05:44:04:921 3368 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
05:44:05:025 3368 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
05:44:05:131 3368 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
05:44:05:191 3368 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
05:44:05:202 3368 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
05:44:05:220 3368 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
05:44:05:266 3368 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
05:44:05:340 3368 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
05:44:05:379 3368 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
05:44:05:443 3368 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
05:44:05:494 3368 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
05:44:05:552 3368 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
05:44:05:666 3368 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
05:44:05:714 3368 Ecache (0f5976e4fc56c137de349218bd76de83) C:\Windows\system32\drivers\ecache.sys
05:44:05:715 3368 Suspicious file (Forged): C:\Windows\system32\drivers\ecache.sys. Real md5: 0f5976e4fc56c137de349218bd76de83, Fake md5: 7f64ea048dcfac7acf8b4d7b4e6fe371
05:44:05:715 3368 File "C:\Windows\system32\drivers\ecache.sys" infected by TDSS rootkit ... 05:44:05:819 3368 Backup copy found, using it..
05:44:05:897 3368 will be cured on next reboot
05:44:05:972 3368 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
05:44:06:005 3368 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
05:44:06:043 3368 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
05:44:06:086 3368 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
05:44:06:112 3368 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
05:44:06:202 3368 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
05:44:06:265 3368 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
05:44:06:310 3368 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
05:44:06:348 3368 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
05:44:06:387 3368 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
05:44:06:423 3368 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
05:44:06:464 3368 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
05:44:06:527 3368 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
05:44:06:572 3368 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
05:44:06:640 3368 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
05:44:06:692 3368 hcmon (a0153680ae9f943cb381c0be1cfeb479) C:\Windows\system32\drivers\hcmon.sys
05:44:06:716 3368 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
05:44:06:776 3368 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
05:44:06:856 3368 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
05:44:06:894 3368 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
05:44:06:924 3368 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
05:44:06:957 3368 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
05:44:06:990 3368 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
05:44:07:033 3368 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
05:44:07:127 3368 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
05:44:07:180 3368 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
05:44:07:218 3368 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
05:44:07:418 3368 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\Windows\system32\DRIVERS\igxpmp32.sys
05:44:07:632 3368 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
05:44:07:682 3368 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
05:44:07:725 3368 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
05:44:07:760 3368 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
05:44:07:802 3368 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:44:07:845 3368 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
05:44:07:874 3368 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
05:44:07:900 3368 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
05:44:07:932 3368 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
05:44:07:997 3368 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
05:44:08:026 3368 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
05:44:08:050 3368 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
05:44:08:095 3368 jnprna (e16af6f74df835d990b98bee85084a59) C:\Windows\system32\DRIVERS\jnprna.sys
05:44:08:139 3368 JnprVaMgr (67db95b172b10ef8ed86ac2e366c2084) C:\Windows\system32\DRIVERS\jnprvamgr.sys
05:44:08:172 3368 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
05:44:08:202 3368 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
05:44:08:236 3368 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
05:44:08:302 3368 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
05:44:08:355 3368 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
05:44:08:401 3368 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
05:44:08:422 3368 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
05:44:08:462 3368 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
05:44:08:512 3368 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
05:44:08:575 3368 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
05:44:08:648 3368 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
05:44:08:687 3368 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
05:44:08:734 3368 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
05:44:08:771 3368 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
05:44:08:833 3368 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
05:44:08:869 3368 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
05:44:08:914 3368 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
05:44:08:941 3368 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
05:44:09:010 3368 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
05:44:09:045 3368 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
05:44:09:094 3368 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
05:44:09:126 3368 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:44:09:159 3368 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:44:09:200 3368 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:44:09:262 3368 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
05:44:09:318 3368 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
05:44:09:449 3368 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
05:44:09:463 3368 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
05:44:09:486 3368 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
05:44:09:523 3368 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
05:44:09:564 3368 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
05:44:09:623 3368 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
05:44:09:639 3368 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
05:44:09:687 3368 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
05:44:09:733 3368 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
05:44:09:765 3368 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
05:44:09:894 3368 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100608.032\NAVENG.SYS
05:44:09:971 3368 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100608.032\NAVEX15.SYS
05:44:10:094 3368 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
05:44:10:140 3368 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
05:44:10:178 3368 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
05:44:10:213 3368 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
05:44:10:294 3368 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
05:44:10:331 3368 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
05:44:10:371 3368 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
05:44:10:401 3368 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
05:44:10:434 3368 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
05:44:10:454 3368 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
05:44:10:511 3368 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
05:44:10:612 3368 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
05:44:10:648 3368 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
05:44:10:676 3368 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
05:44:10:729 3368 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
05:44:10:766 3368 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
05:44:10:841 3368 odFips (6f321ad76d33f8189cd65dee01caa0e0) C:\Windows\system32\drivers\odFips.sys
05:44:10:863 3368 odFips2 (569aafffc63a354f68b1eaf46d4891de) C:\Windows\system32\drivers\odFips2.sys
05:44:10:902 3368 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
05:44:10:926 3368 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
05:44:11:029 3368 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
05:44:11:060 3368 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
05:44:11:106 3368 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
05:44:11:126 3368 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
05:44:11:166 3368 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
05:44:11:210 3368 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
05:44:11:306 3368 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
05:44:11:350 3368 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
05:44:11:400 3368 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
05:44:11:448 3368 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
05:44:11:522 3368 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
05:44:11:625 3368 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
05:44:11:643 3368 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
05:44:11:663 3368 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:44:11:709 3368 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
05:44:11:772 3368 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
05:44:11:841 3368 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
05:44:11:855 3368 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:44:11:880 3368 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
05:44:11:968 3368 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
05:44:11:996 3368 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
05:44:12:059 3368 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
05:44:12:107 3368 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
05:44:12:134 3368 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
05:44:12:174 3368 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
05:44:12:201 3368 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
05:44:12:240 3368 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
05:44:12:288 3368 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
05:44:12:389 3368 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
05:44:12:430 3368 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
05:44:12:455 3368 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
05:44:12:473 3368 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
05:44:12:501 3368 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
05:44:12:529 3368 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
05:44:12:562 3368 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
05:44:12:611 3368 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
05:44:12:628 3368 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
05:44:12:706 3368 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
05:44:12:789 3368 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
05:44:12:828 3368 SRTSP (522651a0e7dc6415e083317370b609cc) C:\Windows\system32\Drivers\SRTSP.SYS
05:44:12:863 3368 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\Windows\system32\Drivers\SRTSPL.SYS
05:44:12:898 3368 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\Windows\system32\Drivers\SRTSPX.SYS
05:44:12:927 3368 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
05:44:12:961 3368 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
05:44:12:974 3368 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
05:44:12:993 3368 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
05:44:13:021 3368 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
05:44:13:119 3368 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
05:44:13:163 3368 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
05:44:13:204 3368 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
05:44:13:268 3368 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
05:44:13:350 3368 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
05:44:13:391 3368 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
05:44:13:424 3368 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
05:44:13:461 3368 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
05:44:13:492 3368 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
05:44:13:524 3368 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
05:44:13:578 3368 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:44:13:618 3368 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
05:44:13:690 3368 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
05:44:13:731 3368 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
05:44:13:774 3368 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
05:44:13:817 3368 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
05:44:13:869 3368 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
05:44:13:917 3368 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
05:44:13:948 3368 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
05:44:13:979 3368 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
05:44:14:033 3368 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
05:44:14:090 3368 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
05:44:14:142 3368 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
05:44:14:199 3368 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
05:44:14:220 3368 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
05:44:14:251 3368 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
05:44:14:293 3368 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
05:44:14:321 3368 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
05:44:14:375 3368 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
05:44:14:405 3368 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:44:14:448 3368 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
05:44:14:575 3368 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
05:44:14:722 3368 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
05:44:14:783 3368 VF0400Afx (e8532ccc886588219bceb3ea6f9f5339) C:\Windows\system32\Drivers\V0400Afx.sys
05:44:14:858 3368 VF0400Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\V0400VFx.sys
05:44:14:920 3368 VF0400Vid (53b99223a4d7c958fb82f6c989e9d98f) C:\Windows\system32\DRIVERS\V0400Vid.sys
05:44:14:974 3368 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
05:44:15:013 3368 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
05:44:15:034 3368 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
05:44:15:060 3368 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
05:44:15:088 3368 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
05:44:15:135 3368 vmci (4b3ee6f40339a119f046e9acd9685fc6) C:\Windows\system32\Drivers\vmci.sys
05:44:15:181 3368 vmkbd (7b7de6c0c2de2c9813f05ef8b961f0ae) C:\Windows\system32\drivers\VMkbd.sys
05:44:15:233 3368 VMnetAdapter (898706a05d20b706848a440961c52436) C:\Windows\system32\DRIVERS\vmnetadapter.sys
05:44:15:267 3368 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\Windows\system32\DRIVERS\vmnetbridge.sys
05:44:15:281 3368 VMnetuserif (f660cc30154185d5f2bb6b3ad03e296f) C:\Windows\system32\drivers\vmnetuserif.sys
05:44:15:340 3368 vmx86 (74a290d5354e1e0a568873b7f3ca42ee) C:\Windows\system32\Drivers\vmx86.sys
05:44:15:399 3368 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
05:44:15:446 3368 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
05:44:15:492 3368 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
05:44:15:525 3368 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
05:44:15:606 3368 vstor2-ws60 (e4fa7aff5046fc49de22e903b7e35add) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
05:44:15:669 3368 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
05:44:15:695 3368 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:44:15:699 3368 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:44:15:721 3368 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
05:44:15:753 3368 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
05:44:15:817 3368 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
05:44:15:912 3368 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
05:44:15:956 3368 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
05:44:16:006 3368 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
05:44:16:036 3368 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
05:44:16:069 3368 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
05:44:16:099 3368 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
05:44:16:116 3368 Reboot required for cure complete..
05:44:16:371 3368 Cure on reboot scheduled successfully
05:44:16:371 3368
05:44:16:371 3368 Completed
05:44:16:373 3368
05:44:16:373 3368 Results:
05:44:16:373 3368 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
05:44:16:374 3368 File objects infected / cured / cured on reboot: 1 / 0 / 1
05:44:16:375 3368
05:44:16:394 3368 KLMD(ARK) unloaded successfully


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:22 AM

Posted 16 June 2010 - 05:10 AM

The rootkit is taken care of. thumbup2.gif
  1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Download JavaRa from Javara for Java update or directly from here.
    Use the tool to remove old and redundant versions of the Java Runtime Environment. The latest version is Java 6 update 20. Please uninstall any version remaining versions if the tool could not uninstall them.

  2. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

  3. Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  4. Tell me also how is your computer running.


#7 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 16 June 2010 - 07:08 AM

Thank you so much for the help! Last time I had one of these I had to re-install Windows. I really appreciate it! Have a great day!

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:22 AM

Posted 16 June 2010 - 08:15 AM

You are most welcome. smile.gif

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users