Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTPS Tisderv Request 2


  • This topic is locked This topic is locked
21 replies to this topic

#1 RDUB4Q

RDUB4Q

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 17 June 2010 - 11:12 AM

I have been infected for approx 3 days. Malwarebytes and Norton IS has been

popping up blocking access from website attempting to access my computer.

XP Pro SP3

Norton IS - fully updated, ran scan.
Malwarebytes - paid version, fully updated, ran scan.

Thank you in advance!!!!!!!!!







Attached Files


Edited by RDUB4Q, 17 June 2010 - 02:26 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:15 PM

Posted 17 June 2010 - 02:33 PM

Good evening. smile.gif

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important.
  • You will then need to extract the file(s) from the zipped folder.

  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish


  • Close all open programs as a reboot may be required.
  • Go to Start > Run, copy and paste the following into the text box and hit OK:

    "%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt

  • A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped.
  • If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manually
Please post the contents of the log, report.txt, in your next reply.

So long, and thanks for all the fish.

 

 


#3 RDUB4Q

RDUB4Q
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 17 June 2010 - 03:00 PM

I have not had a pop up warning of intrusion attempt after running TDSSKiller.



14:54:35:241 3564 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:54:35:241 3564 ================================================================================
14:54:35:241 3564 SystemInfo:

14:54:35:241 3564 OS Version: 5.1.2600 ServicePack: 3.0
14:54:35:241 3564 Product type: Workstation
14:54:35:241 3564 ComputerName: RCW-09E9D6252C5
14:54:35:241 3564 UserName: Home
14:54:35:241 3564 Windows directory: C:\WINDOWS
14:54:35:241 3564 Processor architecture: Intel x86
14:54:35:241 3564 Number of processors: 2
14:54:35:241 3564 Page size: 0x1000
14:54:35:241 3564 Boot type: Normal boot
14:54:35:241 3564 ================================================================================
14:54:36:366 3564 Initialize success
14:54:36:366 3564
14:54:36:366 3564 Scanning Services ...
14:54:36:960 3564 Raw services enum returned 415 services
14:54:36:975 3564
14:54:36:975 3564 Scanning Drivers ...
14:54:37:647 3564 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
14:54:37:725 3564 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:54:37:772 3564 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:54:37:835 3564 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
14:54:37:897 3564 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:54:37:944 3564 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:54:38:006 3564 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:54:38:085 3564 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:54:38:178 3564 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:54:38:241 3564 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
14:54:38:272 3564 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:54:38:288 3564 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:54:38:428 3564 ati2mtag (3e6878df6cedcd36957cc5776335fcc5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:54:38:631 3564 ATIAVAIW (befb648d5a40b816d66283b571bbe38a) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
14:54:38:663 3564 AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys
14:54:38:725 3564 atinrvxx (74e104ada8a304774713e9a9a9cb3556) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
14:54:38:741 3564 ATITUNEP (a62cce73f05de24da5199c6befb2d95f) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
14:54:38:772 3564 ativraxx (ae002cc1bb5bcb8582b8795bab23d0a0) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
14:54:38:819 3564 ATIXSAudio (18761f67f8042f6f2ea78b1a81a37ab6) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
14:54:38:850 3564 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:54:38:897 3564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:54:38:944 3564 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
14:54:38:991 3564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:54:39:069 3564 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys
14:54:39:100 3564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:54:39:147 3564 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:54:39:225 3564 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
14:54:39:288 3564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:54:39:303 3564 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:54:39:335 3564 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:54:39:366 3564 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:54:39:413 3564 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
14:54:39:444 3564 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
14:54:39:491 3564 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
14:54:39:569 3564 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
14:54:39:631 3564 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
14:54:42:897 3564 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
14:54:42:975 3564 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
14:54:43:022 3564 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
14:54:43:038 3564 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
14:54:43:069 3564 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
14:54:43:116 3564 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\drivers\ctsfm2k.sys
14:54:43:178 3564 DCamUSBEMPIA (0a19c584251b794d06556db6a03972a4) C:\WINDOWS\system32\DRIVERS\emDevice.sys
14:54:43:225 3564 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:54:43:256 3564 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:54:43:319 3564 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:54:43:350 3564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:54:43:381 3564 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:54:43:428 3564 Dot4 HPH11 (02e5d9216994b7c77bbfe01adcb783a4) C:\WINDOWS\system32\DRIVERS\hphid411.sys
14:54:43:460 3564 Dot4Print HPH11 (0fcc3ed5a97260eec98ceae8167e940a) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
14:54:43:475 3564 Dot4Storage HPH11 (93c5582eb9a04cf25b29ca0f1fe57a87) C:\WINDOWS\system32\Drivers\hphs2k11.sys
14:54:43:506 3564 Dot4Usb HPH11 (08b9bf9c88867d3b70473657ae4307b3) C:\WINDOWS\system32\drivers\hphius11.sys
14:54:43:553 3564 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:54:43:600 3564 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:54:43:678 3564 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:54:43:725 3564 emAudio (8bff3ef6f480b2ba00c0af75b2c8fce1) C:\WINDOWS\system32\drivers\emAudio.sys
14:54:43:772 3564 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
14:54:43:803 3564 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:54:43:835 3564 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:54:43:866 3564 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:54:43:928 3564 FiltUSBEMPIA (1e37fc47e03e6717ac8f698c2fbf2d57) C:\WINDOWS\system32\DRIVERS\emFilter.sys
14:54:43:960 3564 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:54:43:975 3564 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:54:44:006 3564 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:54:44:038 3564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:54:44:069 3564 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:54:44:085 3564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:54:44:147 3564 GhPciScan (ddb5395d3c385b109b7d3ac57c9bd7a6) C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
14:54:44:178 3564 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:54:44:225 3564 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
14:54:44:303 3564 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:54:44:350 3564 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
14:54:44:397 3564 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:54:44:444 3564 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:54:44:506 3564 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:54:44:585 3564 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100617.001\IDSxpx86.sys
14:54:44:600 3564 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:54:44:663 3564 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:54:44:694 3564 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:54:44:741 3564 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:54:44:772 3564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:54:44:803 3564 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:54:44:835 3564 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:54:44:866 3564 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:54:44:897 3564 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:54:44:944 3564 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:54:44:975 3564 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:54:45:022 3564 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:54:45:053 3564 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:54:45:085 3564 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:54:45:116 3564 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:54:45:131 3564 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
14:54:45:163 3564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:54:45:210 3564 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:54:45:225 3564 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:54:45:256 3564 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:54:45:288 3564 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:54:45:350 3564 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:54:45:366 3564 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:54:45:397 3564 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:54:45:444 3564 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:54:45:491 3564 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
14:54:45:522 3564 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:54:45:553 3564 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:54:45:585 3564 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:54:45:616 3564 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:54:45:647 3564 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:54:45:678 3564 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:54:45:694 3564 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:54:45:725 3564 MVDCODEC (514829ed3e7f140aac16154106d04981) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
14:54:45:788 3564 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
14:54:45:819 3564 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:54:45:913 3564 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100617.003\NAVENG.SYS
14:54:45:975 3564 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100617.003\NAVEX15.SYS
14:54:46:053 3564 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:54:46:100 3564 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:54:46:147 3564 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:54:46:178 3564 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:54:46:194 3564 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:54:46:225 3564 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:54:46:241 3564 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:54:46:288 3564 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:54:46:303 3564 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:54:46:335 3564 NPDriver (f5812bcacbfdcfa9b8e849084d15a9e9) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
14:54:46:366 3564 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:54:46:413 3564 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:54:46:538 3564 ntk_dtv (8ad12622c7fa674cb9979e3448ab89c6) C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys
14:54:46:569 3564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:54:46:616 3564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:54:46:647 3564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:54:46:678 3564 ohci1394 (8edfc98e041926d0ed796a0c2b3239e6) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:54:46:678 3564 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ohci1394.sys. Real md5: 8edfc98e041926d0ed796a0c2b3239e6, Fake md5: ca33832df41afb202ee7aeb05145922f
14:54:46:678 3564 File "C:\WINDOWS\system32\DRIVERS\ohci1394.sys" infected by TDSS rootkit ... 14:54:48:116 3564 Backup copy found, using it..
14:54:49:256 3564 will be cured on next reboot
14:54:49:319 3564 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\drivers\ctoss2k.sys
14:54:49:366 3564 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:54:49:397 3564 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:54:49:428 3564 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:54:49:475 3564 PCDCODEC (4060fe5186e2e9e6f11382bbba7ce451) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
14:54:49:522 3564 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:54:49:553 3564 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
14:54:49:569 3564 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:54:49:631 3564 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys
14:54:49:694 3564 Pivot (943f840611d33832308ec5310b616b57) C:\WINDOWS\system32\drivers\pivot.sys
14:54:49:725 3564 pivotmou (998c58295288eedfbfe95e7f6cc94df4) C:\WINDOWS\system32\drivers\pivotmou.sys
14:54:49:772 3564 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:54:49:803 3564 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
14:54:49:819 3564 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:54:49:850 3564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:54:49:928 3564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:54:49:944 3564 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:54:49:960 3564 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:54:49:975 3564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:54:50:006 3564 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:54:50:022 3564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:54:50:053 3564 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:54:50:085 3564 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:54:50:116 3564 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:54:50:147 3564 ScanUSBEMPIA (f3853829589eda1f66afb3e6eda04c6c) C:\WINDOWS\system32\DRIVERS\emScan.sys
14:54:50:194 3564 SDdriver (491f052b8f1e05b396d15ec9bf36565a) C:\WINDOWS\system32\Drivers\sddriver.sys
14:54:50:241 3564 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:54:50:288 3564 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:54:50:319 3564 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:54:50:350 3564 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:54:50:397 3564 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
14:54:50:460 3564 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:54:50:506 3564 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:54:50:522 3564 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:54:50:569 3564 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
14:54:50:600 3564 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
14:54:50:647 3564 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:54:50:678 3564 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
14:54:50:710 3564 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
14:54:50:741 3564 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
14:54:50:788 3564 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
14:54:50:819 3564 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:54:50:835 3564 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:54:50:866 3564 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:54:50:960 3564 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
14:54:51:022 3564 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
14:54:51:069 3564 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:54:51:116 3564 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
14:54:51:163 3564 symlcbrd (993c0cb4bedddebf7254191ec8a3f67e) C:\WINDOWS\system32\drivers\symlcbrd.sys
14:54:51:194 3564 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
14:54:51:256 3564 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:54:51:319 3564 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:54:51:366 3564 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:54:51:397 3564 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:54:51:428 3564 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:54:51:491 3564 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:54:51:538 3564 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:54:51:600 3564 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:54:51:631 3564 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:54:51:678 3564 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:54:51:710 3564 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:54:51:756 3564 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:54:51:788 3564 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:54:51:803 3564 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:54:51:835 3564 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:54:51:866 3564 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:54:51:913 3564 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:54:51:960 3564 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:54:52:006 3564 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:54:52:053 3564 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:54:52:131 3564 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:54:52:178 3564 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:54:52:225 3564 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:54:52:241 3564 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:54:52:303 3564 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
14:54:52:303 3564 Reboot required for cure complete..
14:54:52:694 3564 Cure on reboot scheduled successfully
14:54:52:694 3564
14:54:52:694 3564 Completed
14:54:52:710 3564
14:54:52:710 3564 Results:
14:54:52:710 3564 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:54:52:710 3564 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:54:52:710 3564
14:54:52:772 3564 KLMD(ARK) unloaded successfully

Edited by RDUB4Q, 17 June 2010 - 08:11 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:15 PM

Posted 18 June 2010 - 01:33 PM

Good evening. smile.gif

Sounds promising. I'd like you to work through the following and post accordingly:

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log AND a description of how your PC is behaving.

So long, and thanks for all the fish.

 

 


#5 RDUB4Q

RDUB4Q
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 18 June 2010 - 03:18 PM

Browsing speed seems improved.
Total boot up time seems slow.
No pop up warnings from MB or Nortons.





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4213

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2010 3:05:04 PM
mbam-log-2010-06-18 (15-05-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 279734
Time elapsed: 1 hour(s), 27 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS (Ver_10-03-17.01) - NTFSx86
Run by Home at 15:05:51.45 on Fri 06/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1277 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Documents and Settings\Home\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.candystand.com/play/field-goal-3d"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
Trusted Zone: cnn.com\www
Trusted Zone: motive.com\patttbc.att
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256150297156
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\egn9k0mi.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://kb.mozillazine.org/Integrating_Firefox_and_Outlook_Express
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\home\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100522.001\BHDrvx86.sys [2010-5-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-20 501888]
R1 GhPciScan;GhostPciScanner;c:\program files\norton systemworks\norton ghost\GhPciScan.sys [2003-5-28 5632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-20 116784]
R2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [2009-9-17 75048]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-23 304464]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~2\NPROTECT.EXE [2003-9-10 81920]
R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-9-17 119792]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-10-21 585728]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-15 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100617.001\IDSXpx86.sys [2010-6-17 331640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-23 20952]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100617.051\NAVENG.SYS [2010-6-18 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100617.051\NAVEX15.SYS [2010-6-18 1347504]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-10 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2010-06-17 20:00:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-17 01:16:55 0 ----a-w- c:\documents and settings\home\defogger_reenable
2010-06-17 00:44:31 0 d-----w- c:\program files\Maxtor
2010-06-12 20:37:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Smith Micro
2010-06-12 20:36:54 0 d-----w- c:\docume~1\home\applic~1\Smith Micro
2010-06-12 20:34:33 0 d-----w- c:\program files\Smith Micro
2010-06-10 23:10:15 90112 ------w- c:\windows\Updreg.EXE
2010-06-10 23:10:04 53248 ------w- c:\windows\Ctregrun.exe
2010-06-10 20:10:32 788 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000005-00311102}.rfx
2010-06-10 20:10:32 54916 ----a-w- c:\windows\system32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000005-00311102}.rfx
2010-06-10 20:10:32 54916 ----a-w- c:\windows\system32\BMXState-{00000002-00000000-0000000B-00001102-00000005-00311102}.rfx
2010-06-10 20:09:00 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-06-10 20:08:41 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-06-10 20:08:15 0 d-----w- c:\program files\Creative
2010-06-10 20:07:51 102400 ----a-w- c:\windows\system32\cttele32.dll
2010-06-10 20:07:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-10 20:07:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-10 20:07:32 0 d-----w- c:\program files\OpenAL
2010-06-10 20:06:52 0 d-----w- c:\windows\system32\Data
2010-06-10 20:06:29 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2010-05-29 15:45:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-05-29 15:45:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-29 15:45:22 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-22 19:25:03 268 ----a-w- c:\windows\game.ini
2010-05-22 15:13:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-22 15:12:07 1784 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-05-22 15:02:59 444776 ----a-w- c:\windows\system32\d3dx10_36.dll

==================== Find3M ====================

2010-06-18 19:39:38 23784 ----a-w- c:\docume~1\home\applic~1\GDIPFONTCACHEV1.DAT
2010-06-17 19:56:15 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-05-14 01:34:54 62009 ----a-w- c:\windows\system32\wpfb_ati2dvag.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 15:07:17.56 ===============

Attached Files


Edited by Noviciate, 19 June 2010 - 01:49 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:15 PM

Posted 19 June 2010 - 01:50 PM

Good evening. smile.gif

The difficulty with speed issues is that it is hard to nail down the exact cause. The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download TFC by OldTimer from here and save it to your Desktop.
  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Defragment your hard drive. A tutorial for disc defragmentation is available here.

I happen to prefer a third-party defrag tool to the one that Windows offers. You can read about it, and find a linky, here - it's free too!

Let me know if this helps any.

So long, and thanks for all the fish.

 

 


#7 RDUB4Q

RDUB4Q
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 19 June 2010 - 03:47 PM

TFC locks up my computer. Non responsive. (Resolved) Used old trick.
Scan removed 859 MB

Check Disk and Defrag ran. Now for a test drive.

I also had a program that I couldn't remove, locked by system.


I did some hardware epgrades in the last 2 months and I noticed that I now have 45 processes running. Up from below 40 from what I can remember. Is that excessive?

Edited by RDUB4Q, 19 June 2010 - 05:50 PM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:15 PM

Posted 19 June 2010 - 09:34 PM

QUOTE
I also had a program that I couldn't remove, locked by system.
Which one?

So long, and thanks for all the fish.

 

 


#9 RDUB4Q

RDUB4Q
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 19 June 2010 - 09:51 PM

CuteFTP 8 Professional - Expired trial version

Message before failed delete is "not all user data may be deleted it may be locked by system". The uninstall never runs.



Computer performance is very good at this point.



I took some time to look around and see what is running on my computer. Basically looking for suspicius file names and unessesary services. I'm not scanning or making changes. Here is a list of files that got my attention. What drew my attention was the "file not found" in the location column.

Drivers

changer.sys
i2omgmt.sys
lbrtfdc.sys
mremp50a64.sys
mrempr5.sys
mrendis5.sys
mresp50a64.sys
PCIDump.sys
PDCOMP.sys
PDFRAME.sys
PDRELI.sys
PDRFRAME.sys
TMPassthruMP.sys
WDICA.sys

Non windows/microsoft services running.

GetPlusHelper from NOS Microsystems
X10nets

Edited by RDUB4Q, 20 June 2010 - 09:51 AM.


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:15 PM

Posted 20 June 2010 - 01:37 PM

Good evening. smile.gif

I suggest you contact the developers for the uninstall issue - you can find the site here.

QUOTE
. Here is a list of files that got my attention. What drew my attention was the "file not found" in the location column.
What location column are you referring to?

So long, and thanks for all the fish.

 

 


#11 RDUB4Q

RDUB4Q
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 20 June 2010 - 01:46 PM

I used Autoruns by Systernals. My mistake, they are in the Image path column under the Drivers and Services tabs.

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:15 PM

Posted 21 June 2010 - 01:39 PM

Good evening. smile.gif

Can you tell me what version of Autoruns you are using.

So long, and thanks for all the fish.

 

 


#13 RDUB4Q

RDUB4Q
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 21 June 2010 - 02:35 PM

Autoruns v10.01

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:15 PM

Posted 21 June 2010 - 04:06 PM

A little time spent with Google shows the following: http://forum.sysinternals.com/topic4719.html

So long, and thanks for all the fish.

 

 


#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:15 PM

Posted 22 June 2010 - 04:02 PM

Good evening. smile.gif

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):
Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***
  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once you've done the above, as I see that you have HijackThis on your system, i'd like you to run it and Do a system scan and save a logfile and let me have the contents in your next reply.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users