Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TIDSERV Request 2


  • Please log in to reply
2 replies to this topic

#1 flyingsue

flyingsue

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 29 June 2010 - 06:15 PM

I am on my old laptop to get to the internet to talk to you.
My browser - exployer 8 - does not work on the main computer. I have internet connection for Norton does do updates!!?? So I feel that for some reason Norton is stopping it. I have a wireless network and that is how the laptop is working. I have Norton and it is on. My husband says he got mad and said yes to a question Norton sent about a download not being safe. (Our computer is old with only 512MB of memory and slow and locks up )
In the Norton logs there is a number of these errors:

2287jfda88.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE

HTTPS:TIDSERV Request 2


When I check task manager there is an explorer session which is up to 98 %. When I kill that session nothing happens and I still can not use the browser. Eventually the explorer session starts back up again. I have run Nortan scan and it can find nothing.

I am not sure how to go about loading the two programs over to the main computer and run them and get the logs to you. Anyhelp would be greatly appreciated.

Edited by Orange Blossom, 29 June 2010 - 08:15 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB


BC AdBot (Login to Remove)

 


#2 flyingsue

flyingsue
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 30 June 2010 - 08:40 AM

I have worked on the computer some more based on what was said to others. I now have the browser working. I did a safe mode scan and it did find backdoor.Tidserv!inf which said it had to be manually removed. I have downloaded the programs and here are the two logs:

09:14:20:140 3372 TDSS rootkit removing tool 2.3.2.1 Jun 30 2010 09:28:26
09:14:20:140 3372 ================================================================================
09:14:20:140 3372 SystemInfo:

09:14:20:140 3372 OS Version: 5.1.2600 ServicePack: 3.0
09:14:20:140 3372 Product type: Workstation
09:14:20:156 3372 ComputerName: SCOLE
09:14:20:156 3372 UserName: David L Cole
09:14:20:156 3372 Windows directory: C:\WINDOWS
09:14:20:156 3372 System windows directory: C:\WINDOWS
09:14:20:156 3372 Processor architecture: Intel x86
09:14:20:156 3372 Number of processors: 1
09:14:20:156 3372 Page size: 0x1000
09:14:20:156 3372 Boot type: Normal boot
09:14:20:156 3372 ================================================================================
09:14:21:750 3372 Initialize success
09:14:21:750 3372
09:14:21:750 3372 Scanning Services ...
09:14:22:359 3372 Raw services enum returned 351 services
09:14:22:375 3372
09:14:22:375 3372 Scanning Drivers ...
09:14:24:609 3372 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:14:24:687 3372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:14:24:875 3372 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:14:24:937 3372 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:14:25:734 3372 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:14:25:859 3372 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:14:25:953 3372 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:14:26:140 3372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:14:26:328 3372 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:14:26:546 3372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:14:27:187 3372 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
09:14:27:375 3372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:14:27:656 3372 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
09:14:27:906 3372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:14:28:031 3372 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:14:28:140 3372 Cdr4_xp (b9cff0a9ed63e9bd4931847284a33401) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
09:14:28:296 3372 Cdralw2k (bf09211c3fb1b6c93ecb58973f84ee23) C:\WINDOWS\system32\drivers\Cdralw2k.sys
09:14:28:484 3372 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
09:14:28:609 3372 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:14:28:765 3372 cdudf_xp (a19f8c660426e02aa99af1ed3d0dcb1c) C:\WINDOWS\system32\drivers\cdudf_xp.sys
09:14:29:140 3372 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:14:29:265 3372 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:14:29:500 3372 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:14:29:703 3372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:14:29:843 3372 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:14:30:000 3372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:14:30:078 3372 dvd_2K (943873bf94e372b78ab0b0631069ac2b) C:\WINDOWS\system32\drivers\dvd_2K.sys
09:14:30:546 3372 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:14:30:859 3372 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:14:31:046 3372 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:14:31:171 3372 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:14:31:265 3372 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:14:31:390 3372 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:14:31:484 3372 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:14:31:640 3372 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:14:31:734 3372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:14:31:843 3372 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:14:32:000 3372 GoProto (acc8d7fc0da793450f5f257d9ce4ff75) C:\WINDOWS\system32\DRIVERS\goprot51.sys
09:14:32:156 3372 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:14:32:250 3372 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
09:14:32:453 3372 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:14:32:625 3372 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
09:14:32:843 3372 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:14:33:046 3372 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:14:33:468 3372 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100625.001\IDSxpx86.sys
09:14:33:609 3372 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:14:33:765 3372 imhidusb (0836f03aa73ee78f1c884c4e9211aa72) C:\WINDOWS\system32\DRIVERS\imhidusb.sys
09:14:33:984 3372 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:14:34:046 3372 intelppm (bd0720561287f6f8bf5f3379db2c5a28) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:14:34:046 3372 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: bd0720561287f6f8bf5f3379db2c5a28, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
09:14:34:046 3372 File "C:\WINDOWS\system32\DRIVERS\intelppm.sys" infected by TDSS rootkit ... 09:14:37:734 3372 Backup copy found, using it..
09:14:38:312 3372 will be cured on next reboot
09:14:38:468 3372 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:14:38:671 3372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:14:38:843 3372 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:14:39:000 3372 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:14:39:046 3372 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:14:39:234 3372 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:14:39:359 3372 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:14:39:437 3372 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:14:39:562 3372 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
09:14:39:671 3372 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:14:39:921 3372 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:14:40:171 3372 mdmxsdk (108ba086b1c7647400ba2c55a23129aa) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:14:40:375 3372 mmc_2K (18032034b88c7f9e9068df91ab3ae968) C:\WINDOWS\system32\drivers\mmc_2K.sys
09:14:40:531 3372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:14:40:640 3372 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:14:40:765 3372 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:14:40:859 3372 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:14:41:000 3372 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:14:41:171 3372 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:14:41:375 3372 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:14:41:546 3372 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:14:41:609 3372 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:14:41:734 3372 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:14:41:875 3372 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:14:42:031 3372 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:14:42:140 3372 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:14:42:546 3372 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100627.003\NAVENG.SYS
09:14:43:062 3372 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100627.003\NAVEX15.SYS
09:14:43:296 3372 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:14:43:937 3372 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:14:44:390 3372 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:14:44:593 3372 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:14:44:718 3372 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:14:44:796 3372 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:14:44:937 3372 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:14:45:078 3372 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:14:45:156 3372 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:14:45:328 3372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:14:45:453 3372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:14:45:609 3372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:14:45:718 3372 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:14:45:828 3372 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:14:45:968 3372 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:14:46:062 3372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:14:46:140 3372 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:14:46:281 3372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:14:46:437 3372 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:14:46:906 3372 Point32 (f6210e1e4818dfb0d5d90b6bb659b513) C:\WINDOWS\system32\DRIVERS\point32.sys
09:14:47:125 3372 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:14:47:250 3372 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:14:47:390 3372 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:14:47:578 3372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:14:47:734 3372 pwd_2k (4f1948a73db89ee4b34feeedd6745ee1) C:\WINDOWS\system32\drivers\pwd_2k.sys
09:14:48:171 3372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:14:48:578 3372 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:14:49:328 3372 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:14:50:093 3372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:14:50:953 3372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:14:51:250 3372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:14:51:609 3372 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:14:52:281 3372 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:14:52:875 3372 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:14:53:531 3372 SaiNtHid (a007103ef0e50fb0e0ed08b511d721d7) C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys
09:14:54:187 3372 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
09:14:55:421 3372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:14:56:437 3372 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:14:57:625 3372 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:14:58:484 3372 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:14:59:312 3372 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:15:01:078 3372 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
09:15:02:437 3372 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:15:02:531 3372 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:15:02:718 3372 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
09:15:03:046 3372 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
09:15:03:218 3372 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
09:15:03:343 3372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:15:03:500 3372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:15:03:765 3372 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
09:15:04:125 3372 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:15:04:500 3372 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
09:15:04:890 3372 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
09:15:05:234 3372 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
09:15:05:343 3372 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
09:15:05:734 3372 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
09:15:06:468 3372 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
09:15:09:062 3372 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:15:10:000 3372 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:15:10:468 3372 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:15:10:812 3372 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:15:12:187 3372 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:15:12:406 3372 UdfReadr_xp (37148e648e0f3a6694040fd9f80941b7) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
09:15:12:546 3372 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:15:12:781 3372 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:15:12:984 3372 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:15:13:218 3372 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:15:13:390 3372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:15:13:500 3372 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:15:13:593 3372 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:15:13:781 3372 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:15:13:906 3372 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:15:14:046 3372 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:15:14:250 3372 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:15:14:312 3372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:15:14:484 3372 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:15:14:656 3372 Winacusb (b2e8642fbc814987a0bdf12ead182a6e) C:\WINDOWS\system32\DRIVERS\winacusb.sys
09:15:14:859 3372 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:15:15:000 3372 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:15:15:140 3372 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
09:15:15:375 3372 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
09:15:15:406 3372 Reboot required for cure complete..
09:15:16:093 3372 Cure on reboot scheduled successfully
09:15:16:093 3372
09:15:16:093 3372 Completed
09:15:16:093 3372
09:15:16:093 3372 Results:
09:15:16:093 3372 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:15:16:093 3372 File objects infected / cured / cured on reboot: 1 / 0 / 1
09:15:16:093 3372
09:15:16:109 3372 KLMD(ARK) unloaded successfully



and MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4260

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2010 10:09:54 AM
mbam-log-2010-06-30 (10-09-54).txt

Scan type: Quick scan
Objects scanned: 165586
Time elapsed: 28 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{700016cf-23e4-16cb-9f2e-730a000091e1} (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gzipmod (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SWNXT (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Nuker (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AXPSHOOK11 (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AxPsHook11 (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AXPSHOOK11 (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AxPsHook11 (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Spyware Nuker (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\backup (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\lang (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Nuker XT (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Spyware Nuker\au.dll (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\augui.dll (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\avcore.dll (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\AvHelp.dll (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\delfile.exe (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\hlib.dll (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\install.log (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\reg2.dll (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\shields.dat (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\Spyware Nuker Log File.txt (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\swnxt.chm (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\swnxt.da2 (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\swnxt.dat (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\unicows.dll (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\uninstall.exe (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Nuker\lang\master_es.lx (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Nuker XT\Spyware Nuker XT.lnk (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Nuker XT\Uninstall Spyware Nuker XT.lnk (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Spyware Nuker XT.LNK (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\pshook11.sys (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kcopt.dll (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ksvcl.dll (Stolen.data) -> Quarantined and deleted successfully.

Edited by flyingsue, 30 June 2010 - 10:24 AM.


#3 flyingsue

flyingsue
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 02 July 2010 - 09:49 AM

Is this all I need to do??????




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users