Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continuos Infection Message High 34jh7alm94.asia was blocked.,Blocked,No Action Required,HTTPS Tidserv Request


  • This topic is locked This topic is locked
15 replies to this topic

#1 paula3zz

paula3zz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 July 2010 - 04:43 PM

I am constantly getting these pop up messages from Norton:
High,An intrusion attempt by 34jh7alm94.asia was blocked.,Blocked,No Action Required,HTTPS Tidserv Request
High,An intrusion attempt by zI09lkhale44.com was blocked.,Blocked,No Action Required,HTTPS Tidserv Request

I guess Norton is able to block them but not remove the virus.
I've done all the prep required but now I cannot open the notebook file for the dds text doc, so I attached it.

Any help is appreciated!
thanks in advance,
paula

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:25 AM

Posted 28 July 2010 - 05:19 PM

Good evening. smile.gif

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.
  • You will then need to extract the file(s) from the zipped folder.

  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish


  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool detects anything the default action is Cure - please click on that and change it to Skip.
  • Finally, click on Report and let me have the contents of the text file that will open.

So long, and thanks for all the fish.

 

 


#3 paula3zz

paula3zz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 July 2010 - 06:57 PM

2010/07/28 19:51:52.0031 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/28 19:51:52.0031 ================================================================================
2010/07/28 19:51:52.0031 SystemInfo:
2010/07/28 19:51:52.0031
2010/07/28 19:51:52.0031 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/28 19:51:52.0031 Product type: Workstation
2010/07/28 19:51:52.0031 ComputerName: D65FKG21
2010/07/28 19:51:52.0031 UserName: paula small
2010/07/28 19:51:52.0031 Windows directory: C:\WINDOWS
2010/07/28 19:51:52.0031 System windows directory: C:\WINDOWS
2010/07/28 19:51:52.0031 Processor architecture: Intel x86
2010/07/28 19:51:52.0031 Number of processors: 1
2010/07/28 19:51:52.0031 Page size: 0x1000
2010/07/28 19:51:52.0031 Boot type: Normal boot
2010/07/28 19:51:52.0031 ================================================================================
2010/07/28 19:51:52.0843 Initialize success
2010/07/28 19:51:55.0687 ================================================================================
2010/07/28 19:51:55.0687 Scan started
2010/07/28 19:51:55.0687 Mode: Manual;
2010/07/28 19:51:55.0687 ================================================================================
2010/07/28 19:51:57.0062 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/07/28 19:51:57.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/28 19:51:57.0453 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/28 19:51:57.0718 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/07/28 19:51:57.0859 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/07/28 19:51:58.0031 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/28 19:51:58.0203 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/07/28 19:51:58.0375 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/28 19:51:58.0593 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
2010/07/28 19:51:58.0750 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/07/28 19:51:58.0906 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/07/28 19:51:59.0046 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/07/28 19:51:59.0265 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/07/28 19:51:59.0515 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/07/28 19:51:59.0687 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/07/28 19:51:59.0843 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/07/28 19:52:00.0015 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/07/28 19:52:00.0312 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/07/28 19:52:00.0484 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
2010/07/28 19:52:00.0640 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/07/28 19:52:00.0781 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/07/28 19:52:00.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/07/28 19:52:01.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/28 19:52:01.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/28 19:52:01.0828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/28 19:52:02.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/28 19:52:02.0421 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/07/28 19:52:02.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/28 19:52:02.0921 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys
2010/07/28 19:52:03.0421 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/07/28 19:52:03.0765 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/28 19:52:04.0062 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/28 19:52:04.0796 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
2010/07/28 19:52:05.0406 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/07/28 19:52:05.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/28 19:52:06.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/28 19:52:06.0968 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/07/28 19:52:07.0593 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/07/28 19:52:07.0859 Cdrom (547ad9b842acb6dafe999dc581059a87) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/28 19:52:07.0875 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 547ad9b842acb6dafe999dc581059a87, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/07/28 19:52:07.0875 Cdrom - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/07/28 19:52:08.0046 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/07/28 19:52:08.0390 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/07/28 19:52:08.0515 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/07/28 19:52:08.0671 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/07/28 19:52:08.0843 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/07/28 19:52:09.0000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/28 19:52:09.0265 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/28 19:52:09.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/28 19:52:09.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/28 19:52:09.0875 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/28 19:52:10.0046 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/07/28 19:52:10.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/28 19:52:10.0406 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/07/28 19:52:10.0578 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/07/28 19:52:10.0812 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/07/28 19:52:10.0984 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/07/28 19:52:11.0218 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/07/28 19:52:11.0375 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/07/28 19:52:11.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/28 19:52:11.0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/28 19:52:11.0984 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS
2010/07/28 19:52:12.0281 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/28 19:52:12.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/28 19:52:12.0703 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/28 19:52:13.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/28 19:52:13.0281 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/28 19:52:13.0500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/28 19:52:13.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/28 19:52:13.0890 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/28 19:52:14.0031 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/07/28 19:52:14.0171 HSFHWBS2 (96fae6dc24574b1cb08dcf9d984a5be4) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/07/28 19:52:14.0406 HSF_DP (2efa8dd8b0270a3a7202ce5f4da465b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/07/28 19:52:14.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/28 19:52:14.0828 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/28 19:52:14.0984 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/07/28 19:52:15.0203 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/28 19:52:15.0390 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/07/28 19:52:15.0578 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/07/28 19:52:15.0765 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/07/28 19:52:15.0953 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/07/28 19:52:16.0093 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/07/28 19:52:16.0234 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/07/28 19:52:16.0375 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/07/28 19:52:16.0562 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/07/28 19:52:16.0812 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/07/28 19:52:16.0953 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/07/28 19:52:17.0171 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/07/28 19:52:17.0625 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100726.001\IDSxpx86.sys
2010/07/28 19:52:17.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/28 19:52:18.0031 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/07/28 19:52:18.0281 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/07/28 19:52:18.0578 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/28 19:52:18.0765 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/28 19:52:18.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/28 19:52:19.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/28 19:52:19.0437 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/28 19:52:19.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/28 19:52:20.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/28 19:52:20.0281 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/28 19:52:20.0546 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/28 19:52:20.0796 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/28 19:52:21.0078 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/28 19:52:21.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/28 19:52:21.0656 MASPINT (98312c9eab656053be1aca3a8a5912b3) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/07/28 19:52:21.0812 mdmxsdk (aeb54ef22cb7c7e3f405f69f048d696c) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/07/28 19:52:21.0937 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/07/28 19:52:22.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/28 19:52:22.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/28 19:52:22.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/28 19:52:22.0609 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/28 19:52:22.0765 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/28 19:52:22.0921 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/07/28 19:52:23.0125 mrtRate (a7566da7aa8b74f1cebc18afd6b6cfa0) C:\WINDOWS\system32\drivers\mrtRate.sys
2010/07/28 19:52:23.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/28 19:52:23.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/28 19:52:24.0031 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/28 19:52:24.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/28 19:52:24.0359 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/28 19:52:24.0546 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/28 19:52:24.0687 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/28 19:52:24.0859 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/28 19:52:25.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/28 19:52:25.0203 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/28 19:52:25.0609 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100728.021\NAVENG.SYS
2010/07/28 19:52:25.0718 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100728.021\NAVEX15.SYS
2010/07/28 19:52:25.0953 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/28 19:52:26.0171 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/28 19:52:26.0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/28 19:52:26.0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/28 19:52:26.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/28 19:52:26.0890 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/28 19:52:27.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/28 19:52:27.0218 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/28 19:52:27.0390 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2010/07/28 19:52:27.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/28 19:52:27.0765 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/28 19:52:27.0937 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/28 19:52:28.0171 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/28 19:52:28.0625 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/28 19:52:28.0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/28 19:52:29.0187 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/07/28 19:52:29.0359 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/07/28 19:52:29.0546 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/28 19:52:29.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/28 19:52:29.0890 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/28 19:52:30.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/28 19:52:30.0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/28 19:52:30.0515 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/28 19:52:30.0750 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/07/28 19:52:30.0984 pctgntdi (da309323debad2469efdb99286afff9f) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
2010/07/28 19:52:31.0375 pctplsg (bee7bb9ad170e3f1b061ead66edd90e3) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
2010/07/28 19:52:32.0109 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/07/28 19:52:32.0265 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/07/28 19:52:32.0406 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
2010/07/28 19:52:32.0578 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/28 19:52:32.0750 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/07/28 19:52:33.0000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/28 19:52:33.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/28 19:52:33.0312 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/07/28 19:52:33.0468 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/07/28 19:52:33.0671 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/07/28 19:52:33.0875 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/07/28 19:52:34.0031 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/07/28 19:52:34.0171 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/07/28 19:52:34.0562 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/07/28 19:52:34.0687 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/28 19:52:34.0843 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/28 19:52:35.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/28 19:52:35.0156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/28 19:52:35.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/28 19:52:35.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/28 19:52:35.0656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/28 19:52:35.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/28 19:52:36.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/28 19:52:36.0218 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/07/28 19:52:36.0296 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/07/28 19:52:36.0359 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/07/28 19:52:36.0531 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/28 19:52:36.0703 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/28 19:52:36.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/28 19:52:37.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/28 19:52:37.0265 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/07/28 19:52:37.0437 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/28 19:52:37.0640 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys
2010/07/28 19:52:38.0062 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/07/28 19:52:38.0656 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/07/28 19:52:39.0062 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/28 19:52:39.0703 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/28 19:52:40.0671 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
2010/07/28 19:52:41.0468 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
2010/07/28 19:52:41.0750 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/28 19:52:42.0015 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/07/28 19:52:42.0187 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/28 19:52:42.0343 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/28 19:52:42.0515 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/28 19:52:42.0640 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/07/28 19:52:42.0781 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/07/28 19:52:43.0000 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
2010/07/28 19:52:43.0359 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
2010/07/28 19:52:43.0546 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/07/28 19:52:43.0734 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
2010/07/28 19:52:43.0953 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
2010/07/28 19:52:44.0156 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/07/28 19:52:44.0281 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/07/28 19:52:44.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/28 19:52:44.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/28 19:52:44.0765 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/28 19:52:44.0937 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/28 19:52:45.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/28 19:52:45.0359 TfFsMon (60c691d36d6fdd3e8790a3961545dbc5) C:\WINDOWS\system32\drivers\TfFsMon.sys
2010/07/28 19:52:45.0531 TfNetMon (578b7fa51887f9a99cc38bbc60af62b2) C:\WINDOWS\system32\drivers\TfNetMon.sys
2010/07/28 19:52:45.0890 TfSysMon (e70ebc84588ec0ecd817947dc6db995d) C:\WINDOWS\system32\drivers\TfSysMon.sys
2010/07/28 19:52:46.0062 tj2knd5 (7ac7b68bf741ed62dd476e314345a1a5) C:\WINDOWS\system32\DRIVERS\tj2knd5.sys
2010/07/28 19:52:46.0234 tj2kunic (e7017af2bc8f6eaef9fc7bdfb4b6c253) C:\WINDOWS\system32\DRIVERS\tj2kunic.sys
2010/07/28 19:52:46.0375 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/07/28 19:52:46.0531 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/07/28 19:52:46.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/28 19:52:46.0921 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/07/28 19:52:47.0062 UnlockerDriver4 (8a7a7a346437685fe1baf327d1804c09) C:\Program Files\Unlocker\UnlockerDriver4.sys
2010/07/28 19:52:47.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/28 19:52:47.0546 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/28 19:52:47.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/28 19:52:47.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/28 19:52:48.0046 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/28 19:52:48.0187 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/28 19:52:48.0359 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/28 19:52:48.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/28 19:52:48.0671 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/07/28 19:52:48.0843 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/28 19:52:49.0015 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/07/28 19:52:49.0203 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/07/28 19:52:49.0312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/28 19:52:49.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/28 19:52:49.0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/28 19:52:50.0015 winachsf (b3133dc158e59e80f5498484b0c2d558) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/07/28 19:52:50.0265 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/07/28 19:52:50.0421 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/07/28 19:52:50.0703 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/28 19:52:51.0171 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/28 19:52:51.0468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/28 19:52:51.0625 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/07/28 19:52:51.0921 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/07/28 19:52:51.0968 ================================================================================
2010/07/28 19:52:51.0968 Scan finished
2010/07/28 19:52:51.0968 ================================================================================
2010/07/28 19:52:52.0031 Detected object count: 1
2010/07/28 19:56:19.0078 Rootkit.Win32.TDSS.tdl3(Cdrom) - User select action: Skip


#4 paula3zz

paula3zz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 29 July 2010 - 11:37 AM

Hope I'm not a pest but did I do this right?

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:25 AM

Posted 29 July 2010 - 02:11 PM

Good evening. smile.gif

QUOTE
Hope I'm not a pest but did I do this right?

No, and you PC is going to self destruct very shortly as a result - ARGGHHH! wacko.gif Or I could just be lying and everything went to plan and the log looks like I hoped it would - i'll leave you to wonder which! whistling.gif

Will you run TDSSKiller again, but this time allow it to carry out it's default behaviour - it will Cure infected files and Skip suspicious ones. You will need to click Continue where appropriate.
If it prompts you to reboot your machine, please click Reboot Now - obviously it would be a good idea to shut down any open programs before you begin.

Once the PC has rebooted i'd like a copy of the report that the tool created. The text file will be found in the root of you hard drive: C:\TDSSKiller.Version_Date_Time_log.txt.
Please check that you get the one with the right date and time. smile.gif

Edited by Noviciate, 29 July 2010 - 02:14 PM.
Made an oops - now sorted.

So long, and thanks for all the fish.

 

 


#6 paula3zz

paula3zz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 29 July 2010 - 02:50 PM

ok...done, here is the new report:


2010/07/29 15:41:16.0843 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/29 15:41:16.0843 ================================================================================
2010/07/29 15:41:16.0843 SystemInfo:
2010/07/29 15:41:16.0843
2010/07/29 15:41:16.0843 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/29 15:41:16.0843 Product type: Workstation
2010/07/29 15:41:16.0859 ComputerName: D65FKG21
2010/07/29 15:41:16.0859 UserName: paula small
2010/07/29 15:41:16.0859 Windows directory: C:\WINDOWS
2010/07/29 15:41:16.0859 System windows directory: C:\WINDOWS
2010/07/29 15:41:16.0859 Processor architecture: Intel x86
2010/07/29 15:41:16.0859 Number of processors: 1
2010/07/29 15:41:16.0859 Page size: 0x1000
2010/07/29 15:41:16.0859 Boot type: Normal boot
2010/07/29 15:41:16.0859 ================================================================================
2010/07/29 15:41:19.0796 Initialize success


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:25 AM

Posted 29 July 2010 - 02:58 PM

The log doesn't look like the tool was run - did you follow my instructions above?

So long, and thanks for all the fish.

 

 


#8 paula3zz

paula3zz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 29 July 2010 - 03:08 PM

sorry...sent the report from the program ...I think this is it...




2010/07/29 15:20:51.0625 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/29 15:20:51.0625 ================================================================================
2010/07/29 15:20:51.0625 SystemInfo:
2010/07/29 15:20:51.0625
2010/07/29 15:20:51.0625 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/29 15:20:51.0625 Product type: Workstation
2010/07/29 15:20:51.0625 ComputerName: D65FKG21
2010/07/29 15:20:51.0656 UserName: paula small
2010/07/29 15:20:51.0656 Windows directory: C:\WINDOWS
2010/07/29 15:20:51.0656 System windows directory: C:\WINDOWS
2010/07/29 15:20:51.0656 Processor architecture: Intel x86
2010/07/29 15:20:51.0656 Number of processors: 1
2010/07/29 15:20:51.0656 Page size: 0x1000
2010/07/29 15:20:51.0656 Boot type: Normal boot
2010/07/29 15:20:51.0656 ================================================================================
2010/07/29 15:20:52.0562 Initialize success
2010/07/29 15:21:03.0843 ================================================================================
2010/07/29 15:21:03.0843 Scan started
2010/07/29 15:21:03.0843 Mode: Manual;
2010/07/29 15:21:03.0843 ================================================================================
2010/07/29 15:21:04.0906 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/07/29 15:21:05.0078 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/29 15:21:05.0250 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/29 15:21:05.0546 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/07/29 15:21:05.0703 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/07/29 15:21:05.0890 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/29 15:21:06.0062 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/07/29 15:21:06.0281 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/29 15:21:06.0546 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
2010/07/29 15:21:06.0734 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/07/29 15:21:06.0906 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/07/29 15:21:07.0078 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/07/29 15:21:07.0234 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/07/29 15:21:07.0406 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/07/29 15:21:07.0578 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/07/29 15:21:07.0734 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/07/29 15:21:07.0906 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/07/29 15:21:08.0062 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/07/29 15:21:08.0234 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
2010/07/29 15:21:08.0390 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/07/29 15:21:08.0546 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/07/29 15:21:08.0687 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/07/29 15:21:08.0843 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/29 15:21:09.0031 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/29 15:21:09.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/29 15:21:09.0437 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/29 15:21:09.0593 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/07/29 15:21:09.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/29 15:21:10.0328 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys
2010/07/29 15:21:10.0640 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/07/29 15:21:10.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/29 15:21:10.0937 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/29 15:21:11.0156 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
2010/07/29 15:21:11.0343 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/07/29 15:21:11.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/29 15:21:11.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/29 15:21:11.0953 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/07/29 15:21:12.0125 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/07/29 15:21:12.0296 Cdrom (547ad9b842acb6dafe999dc581059a87) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/29 15:21:12.0296 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 547ad9b842acb6dafe999dc581059a87, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/07/29 15:21:12.0296 Cdrom - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/07/29 15:21:12.0453 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/07/29 15:21:12.0671 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/07/29 15:21:12.0812 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/07/29 15:21:12.0937 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/07/29 15:21:13.0078 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/07/29 15:21:13.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/29 15:21:13.0562 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/29 15:21:13.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/29 15:21:13.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/29 15:21:14.0062 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/29 15:21:14.0234 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/07/29 15:21:14.0390 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/29 15:21:14.0531 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/07/29 15:21:14.0671 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/07/29 15:21:14.0843 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/07/29 15:21:15.0296 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/07/29 15:21:15.0484 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/07/29 15:21:15.0703 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/07/29 15:21:15.0890 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/29 15:21:16.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/29 15:21:16.0234 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS
2010/07/29 15:21:16.0468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/29 15:21:16.0609 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/29 15:21:16.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/29 15:21:17.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/29 15:21:17.0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/29 15:21:17.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/29 15:21:17.0515 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/29 15:21:17.0687 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/29 15:21:17.0843 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/07/29 15:21:18.0000 HSFHWBS2 (96fae6dc24574b1cb08dcf9d984a5be4) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/07/29 15:21:18.0203 HSF_DP (2efa8dd8b0270a3a7202ce5f4da465b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/07/29 15:21:18.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/29 15:21:18.0687 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/29 15:21:18.0843 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/07/29 15:21:19.0015 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/29 15:21:19.0187 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/07/29 15:21:19.0359 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/07/29 15:21:19.0593 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/07/29 15:21:19.0796 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/07/29 15:21:20.0031 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/07/29 15:21:20.0234 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/07/29 15:21:20.0640 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/07/29 15:21:21.0000 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/07/29 15:21:21.0265 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/07/29 15:21:21.0578 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/07/29 15:21:21.0781 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/07/29 15:21:22.0578 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100728.001\IDSxpx86.sys
2010/07/29 15:21:23.0203 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/29 15:21:23.0750 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/07/29 15:21:24.0125 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/07/29 15:21:24.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/29 15:21:24.0937 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/29 15:21:25.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/29 15:21:25.0984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/29 15:21:26.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/29 15:21:27.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/29 15:21:28.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/29 15:21:28.0437 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/29 15:21:28.0937 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/29 15:21:29.0500 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/29 15:21:30.0750 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/29 15:21:31.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/29 15:21:32.0343 MASPINT (98312c9eab656053be1aca3a8a5912b3) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/07/29 15:21:33.0296 mdmxsdk (aeb54ef22cb7c7e3f405f69f048d696c) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/07/29 15:21:34.0140 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/07/29 15:21:35.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/29 15:21:36.0265 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/29 15:21:37.0109 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/29 15:21:38.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/29 15:21:39.0671 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/29 15:21:41.0000 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/07/29 15:21:41.0656 mrtRate (a7566da7aa8b74f1cebc18afd6b6cfa0) C:\WINDOWS\system32\drivers\mrtRate.sys
2010/07/29 15:21:42.0140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/29 15:21:42.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/29 15:21:43.0687 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/29 15:21:44.0484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/29 15:21:45.0171 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/29 15:21:45.0781 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/29 15:21:46.0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/29 15:21:47.0515 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/29 15:21:48.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/29 15:21:48.0593 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/29 15:21:49.0156 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100729.002\NAVENG.SYS
2010/07/29 15:21:49.0968 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100729.002\NAVEX15.SYS
2010/07/29 15:21:51.0031 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/29 15:21:51.0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/29 15:21:52.0765 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/29 15:21:54.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/29 15:21:54.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/29 15:21:55.0593 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/29 15:21:56.0281 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/29 15:21:57.0171 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/29 15:21:58.0281 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2010/07/29 15:21:59.0234 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/29 15:22:00.0421 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/29 15:22:02.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/29 15:22:05.0531 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/29 15:22:07.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/29 15:22:08.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/29 15:22:08.0906 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/07/29 15:22:09.0937 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/07/29 15:22:10.0750 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/29 15:22:11.0453 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/29 15:22:12.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/29 15:22:12.0968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/29 15:22:14.0406 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/29 15:22:15.0234 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/29 15:22:16.0406 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/07/29 15:22:18.0093 pctgntdi (da309323debad2469efdb99286afff9f) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
2010/07/29 15:22:19.0312 pctplsg (bee7bb9ad170e3f1b061ead66edd90e3) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
2010/07/29 15:22:22.0109 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/07/29 15:22:22.0546 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/07/29 15:22:22.0859 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
2010/07/29 15:22:23.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/29 15:22:23.0234 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/07/29 15:22:23.0750 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/29 15:22:23.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/29 15:22:24.0156 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/07/29 15:22:24.0656 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/07/29 15:22:25.0015 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/07/29 15:22:25.0343 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/07/29 15:22:25.0546 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/07/29 15:22:25.0796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/07/29 15:22:25.0937 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/07/29 15:22:26.0125 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/29 15:22:26.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/29 15:22:26.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/29 15:22:26.0703 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/29 15:22:26.0890 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/29 15:22:27.0031 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/29 15:22:27.0218 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/29 15:22:27.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/29 15:22:27.0593 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/29 15:22:27.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/29 15:22:28.0078 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/29 15:22:28.0265 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/29 15:22:28.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/29 15:22:28.0718 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/07/29 15:22:29.0046 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/29 15:22:29.0218 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys
2010/07/29 15:22:29.0421 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/07/29 15:22:29.0562 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/07/29 15:22:29.0734 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/29 15:22:29.0906 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/29 15:22:30.0140 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
2010/07/29 15:22:30.0390 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
2010/07/29 15:22:30.0578 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/29 15:22:30.0812 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/07/29 15:22:30.0984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/29 15:22:31.0234 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/29 15:22:31.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/29 15:22:31.0593 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/07/29 15:22:31.0734 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/07/29 15:22:31.0968 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
2010/07/29 15:22:32.0234 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
2010/07/29 15:22:32.0421 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/07/29 15:22:32.0718 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
2010/07/29 15:22:33.0000 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
2010/07/29 15:22:33.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/07/29 15:22:33.0437 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/07/29 15:22:33.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/29 15:22:33.0765 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/29 15:22:33.0968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/29 15:22:34.0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/29 15:22:34.0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/29 15:22:34.0656 TfFsMon (60c691d36d6fdd3e8790a3961545dbc5) C:\WINDOWS\system32\drivers\TfFsMon.sys
2010/07/29 15:22:34.0828 TfNetMon (578b7fa51887f9a99cc38bbc60af62b2) C:\WINDOWS\system32\drivers\TfNetMon.sys
2010/07/29 15:22:35.0031 TfSysMon (e70ebc84588ec0ecd817947dc6db995d) C:\WINDOWS\system32\drivers\TfSysMon.sys
2010/07/29 15:22:35.0328 tj2knd5 (7ac7b68bf741ed62dd476e314345a1a5) C:\WINDOWS\system32\DRIVERS\tj2knd5.sys
2010/07/29 15:22:35.0500 tj2kunic (e7017af2bc8f6eaef9fc7bdfb4b6c253) C:\WINDOWS\system32\DRIVERS\tj2kunic.sys
2010/07/29 15:22:35.0656 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/07/29 15:22:35.0828 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/07/29 15:22:36.0015 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/29 15:22:36.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/07/29 15:22:36.0343 UnlockerDriver4 (8a7a7a346437685fe1baf327d1804c09) C:\Program Files\Unlocker\UnlockerDriver4.sys
2010/07/29 15:22:36.0593 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/29 15:22:36.0843 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/29 15:22:37.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/29 15:22:37.0187 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/29 15:22:37.0359 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/29 15:22:37.0562 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/29 15:22:37.0718 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/29 15:22:37.0906 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/29 15:22:38.0093 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/07/29 15:22:38.0265 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/29 15:22:38.0500 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/07/29 15:22:38.0671 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/07/29 15:22:38.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/29 15:22:39.0062 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/29 15:22:39.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/29 15:22:39.0796 winachsf (b3133dc158e59e80f5498484b0c2d558) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/07/29 15:22:40.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/07/29 15:22:40.0156 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/07/29 15:22:40.0328 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/29 15:22:40.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/29 15:22:40.0750 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/29 15:22:40.0953 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/07/29 15:22:41.0109 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/07/29 15:22:41.0203 ================================================================================
2010/07/29 15:22:41.0203 Scan finished
2010/07/29 15:22:41.0203 ================================================================================
2010/07/29 15:22:41.0250 Detected object count: 1
2010/07/29 15:25:21.0093 Cdrom (547ad9b842acb6dafe999dc581059a87) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/29 15:25:21.0093 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 547ad9b842acb6dafe999dc581059a87, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/07/29 15:25:28.0437 Backup copy found, using it..
2010/07/29 15:25:28.0765 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot
2010/07/29 15:25:28.0765 Rootkit.Win32.TDSS.tdl3(Cdrom) - User select action: Cure
2010/07/29 15:25:40.0437 Deinitialize success


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:25 AM

Posted 29 July 2010 - 03:18 PM

Looks more like it. Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log AND a description of how your PC is behaving.

So long, and thanks for all the fish.

 

 


#10 paula3zz

paula3zz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 29 July 2010 - 07:31 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4367

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2010 8:07:57 PM
mbam-log-2010-07-29 (20-07-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 266744
Time elapsed: 3 hour(s), 18 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5b24b16-23f2-41ad-f4e4-00abc39c0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5b24b16-23f2-41ad-f4e4-00abc39c0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5b24b16-23f2-41ad-f4e4-00abc39c0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lapotebiv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5b24b16-23f2-41ad-f4e4-00abc39c0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\paula small\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\paula small\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\paula small\Application Data\FunWebProducts\Data\paula small (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\bokasedi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kifezamo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files\Common\_helper.sig (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\paula small\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

Attached Files



#11 paula3zz

paula3zz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 29 July 2010 - 07:33 PM

Forgot the description of how my computer is running. It is definately better, so far no pop ups from norton and things are alittle faster!


DDS (Ver_10-03-17.01) - NTFSx86
Run by paula small at 20:26:11.28 on Thu 07/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.172 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\ndis_events.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\paula small\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~2.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
{7339df72-14b2-4e5d-a9d9-386ba7de8611}
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
c:\documents and settings\paula small\local settings\temp\4.tmp\temp00
StartupFolder: c:\docume~1\paulas~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
mPolicies-system: EnableLUA = 0 (0x0)
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265491327125
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.143/code/PWActiveXImgCtl.CAB
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} - hxxp://www.callwave.com/include/cab/CWDL_DownLoad.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} - hxxp://expressit.broderbund.com/plugin/Download.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4288/mcfscan.cab
Notify: geBuVOfe - geBuVOfe.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: vozesevus - {9a23ff0c-faa5-47d7-bb1a-c9490e7793bc} - No File
STS: {9a23ff0c-faa5-47d7-bb1a-c9490e7793bc}: jugezatag
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\\windows\\system32\\ljJYOhGa
LSA: Notification Packages = scecli c:\windows\system32\hejafuvo.dll c:\windows\system32\wivevevi.dll jowotizu.dll yenojupa.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-07-29 21:48:50 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-29 21:48:49 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-29 21:48:49 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-07-29 20:42:43 0 d-----w- c:\docume~1\paulas~1\applic~1\Malwarebytes
2010-07-29 20:42:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-29 20:42:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-29 20:42:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 20:42:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 11:31:20 0 ----a-w- c:\documents and settings\paula small\defogger_reenable
2010-07-27 20:32:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-07-27 19:16:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-07-16 00:01:22 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2010-07-16 00:00:56 61440 ----a-w- c:\windows\system32\wanpacket.dll
2010-07-16 00:00:56 57395 ----a-w- c:\windows\system32\pthreadVC.dll
2010-07-16 00:00:56 32512 ----a-w- c:\windows\system32\drivers\npf.sys
2010-07-16 00:00:56 233472 ----a-w- c:\windows\system32\wpcap.dll
2010-07-16 00:00:55 81920 ----a-w- c:\windows\system32\packet.dll
2010-07-16 00:00:54 0 d-----w- c:\program files\WinPcap
2010-07-16 00:00:45 0 d-----w- c:\program files\Belkin
2010-07-16 00:00:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Affinegy
2010-07-14 07:32:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-03 22:48:33 0 d-----w- c:\program files\support.com

==================== Find3M ====================

2010-07-29 19:28:01 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-18 12:58:42 20 -c-h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2010-06-18 12:58:42 20 -c-h--w- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2010-06-09 23:01:10 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2006-10-04 15:00:49 108703 -c--a-w- c:\program files\grinched.exe
2003-02-22 16:24:10 207759 -c--a-w- c:\program files\INSTALL.LOG
2002-07-31 23:55:12 208 -csh--w- c:\windows\WSYS049.SYS
2009-01-23 11:33:56 423179 -csha-w- c:\windows\system32\aGhOYJjl.ini2
2009-12-15 07:46:22 2713 --sh--w- c:\windows\system32\fohizapi.exe
2009-12-14 14:00:17 16384 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-12-16 14:00:33 16384 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-12-16 15:36:13 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121620091217\index.dat
2009-12-16 14:00:33 16384 -csha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 20:28:43.15 ===============

Edited by Noviciate, 30 July 2010 - 02:31 PM.


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:25 AM

Posted 30 July 2010 - 02:43 PM

Good evening. smile.gif

There may be a need to remove one of your anti-virus programs, unless you have configured Spyware Doctor not to run in real-time, as there is a risk of conflictions with two or more anti-virus programs operating together giving less, not more, protection. DDS suggests that Spyware Doctor may be configured this way, but you need to confirm this for yourself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):
Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***
  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ad-aware 6 Personal probably doesn't update any more, so i'm not sure if it serves any useful function on your PC. As a stand-alone scanner MBAM is more than capable of carrying out the task.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once you've worked through the above, work through the below and post accordingly:

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#13 paula3zz

paula3zz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 30 July 2010 - 06:35 PM

WOW! THAT WAS INTENSE! HOPE I DID IT RIGHT:)


ComboFix 10-07-30.01 - paula small 07/30/2010 18:28:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.303 [GMT -4:00]
Running from: c:\documents and settings\paula small\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PAULAS~1\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\paula small\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\paula small\Recent\Thumbs.db
C:\ntload.dll
c:\program files\Common
c:\program files\INSTALL.LOG
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\2C4F534B.g
c:\program files\Need2Find\bar\Cache\2C4F581E
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.6.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Install.txt
c:\windows\Readme.txt
c:\windows\system32\_006795_.tmp.dll
c:\windows\system32\_006796_.tmp.dll
c:\windows\system32\_006797_.tmp.dll
c:\windows\system32\_006798_.tmp.dll
c:\windows\system32\_006805_.tmp.dll
c:\windows\system32\_006806_.tmp.dll
c:\windows\system32\_006807_.tmp.dll
c:\windows\system32\_006808_.tmp.dll
c:\windows\system32\_006810_.tmp.dll
c:\windows\system32\_006811_.tmp.dll
c:\windows\system32\_006814_.tmp.dll
c:\windows\system32\_006815_.tmp.dll
c:\windows\system32\_006817_.tmp.dll
c:\windows\system32\_006818_.tmp.dll
c:\windows\system32\_006819_.tmp.dll
c:\windows\system32\_006821_.tmp.dll
c:\windows\system32\_006824_.tmp.dll
c:\windows\system32\_006825_.tmp.dll
c:\windows\system32\_006829_.tmp.dll
c:\windows\system32\_006830_.tmp.dll
c:\windows\system32\_006832_.tmp.dll
c:\windows\system32\_006835_.tmp.dll
c:\windows\system32\_006837_.tmp.dll
c:\windows\system32\_006838_.tmp.dll
c:\windows\system32\_006839_.tmp.dll
c:\windows\system32\_006840_.tmp.dll
c:\windows\system32\_006841_.tmp.dll
c:\windows\system32\_006844_.tmp.dll
c:\windows\system32\_006845_.tmp.dll
c:\windows\system32\_006846_.tmp.dll
c:\windows\system32\_006847_.tmp.dll
c:\windows\system32\_006848_.tmp.dll
c:\windows\system32\_006853_.tmp.dll
c:\windows\system32\_006855_.tmp.dll
c:\windows\system32\_006856_.tmp.dll
c:\windows\system32\aGhOYJjl.ini
c:\windows\system32\aGhOYJjl.ini2
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\system32\Install.txt
c:\windows\system32\logs
c:\windows\system32\logs\Events.dat
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\loudsfmj.job
c:\windows\Tasks\rkjqkeuc.job
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NPF
-------\Legacy_WINSTS
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-30 21:51 . 2010-07-30 21:51 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-07-30 21:37 . 2010-07-30 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-30 21:27 . 2010-07-30 21:26 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-29 21:48 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-29 21:48 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-29 20:42 . 2010-07-29 20:42 -------- d-----w- c:\documents and settings\paula small\Application Data\Malwarebytes
2010-07-29 20:42 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-29 20:42 . 2010-07-29 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-29 20:42 . 2010-07-29 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 20:42 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 03:01 . 2010-07-28 03:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-27 20:35 . 2010-07-27 20:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-27 20:32 . 2010-07-30 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-27 19:25 . 2010-07-27 19:30 -------- d-----w- c:\documents and settings\paula small\Application Data\DivX
2010-07-27 19:16 . 2010-07-27 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-16 00:01 . 2010-03-17 12:16 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2010-07-16 00:00 . 2010-07-16 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
2010-07-16 00:00 . 2010-07-16 00:00 -------- d-----w- c:\program files\Belkin
2010-07-14 07:32 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-03 22:48 . 2010-07-03 23:06 -------- d-----w- c:\program files\support.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 22:57 . 2009-12-15 14:00 -------- d-----w- c:\program files\Spyware Doctor
2010-07-30 22:54 . 2007-02-17 15:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-30 21:58 . 2003-02-25 19:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-30 21:56 . 2004-01-06 04:14 -------- d-----w- c:\program files\Lavasoft
2010-07-30 21:39 . 2009-02-02 11:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-30 21:38 . 2010-07-30 21:40 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-30 21:37 . 2010-07-30 21:37 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-30 21:33 . 2007-09-06 18:36 -------- d-----w- c:\program files\Java
2010-07-30 21:29 . 2007-09-14 14:17 -------- d-----w- c:\program files\Common Files\Java
2010-07-30 21:22 . 2010-07-30 21:22 79488 ----a-w- c:\documents and settings\paula small\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-07-30 21:22 . 2010-07-30 21:22 152576 ----a-w- c:\documents and settings\paula small\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-07-29 19:28 . 2002-08-29 11:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-07-29 13:35 . 2003-04-20 02:20 -------- d-----w- c:\program files\AIM95
2010-07-27 20:49 . 2010-07-27 20:49 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-27 19:29 . 2010-07-27 19:29 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-16 18:13 . 2005-11-04 01:39 -------- d-----w- c:\documents and settings\paula small\Application Data\Canon
2010-07-02 00:55 . 2010-04-27 23:00 439816 ----a-w- c:\documents and settings\paula small\Application Data\Real\Update\setup3.10\setup.exe
2010-06-18 12:58 . 2008-05-06 23:34 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-06-18 12:58 . 2008-05-06 23:18 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-06-17 10:30 . 2007-08-15 20:19 -------- d-----w- c:\program files\CoffeeCup Software
2010-06-09 23:01 . 2007-07-26 08:00 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-05-27 12:03 . 2010-05-27 12:03 348160 ----a-w- c:\documents and settings\paula small\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f893591-n\msvcr71.dll
2010-05-27 12:03 . 2010-05-27 12:03 61440 ----a-w- c:\documents and settings\paula small\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-63fc4ada-n\decora-sse.dll
2010-05-27 12:03 . 2010-05-27 12:03 503808 ----a-w- c:\documents and settings\paula small\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f893591-n\msvcp71.dll
2010-05-27 12:03 . 2010-05-27 12:03 499712 ----a-w- c:\documents and settings\paula small\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f893591-n\jmc.dll
2010-05-27 12:03 . 2010-05-27 12:03 12800 ----a-w- c:\documents and settings\paula small\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-63fc4ada-n\decora-d3d.dll
2010-05-06 10:41 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2002-07-31 23:55 . 2007-09-29 14:22 208 -csh--w- c:\windows\WSYS049.SYS
2009-12-15 07:46 . 2009-12-15 07:46 2713 --sh--w- c:\windows\SYSTEM32\fohizapi.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM95\aim.exe" [2004-02-04 61440]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-02-03 323216]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 198184]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-08 198160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-17 1141144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\paula small\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-5-6 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^paula small^Start Menu^Programs^Startup^Messenger Killer Real-time Protector.lnk]
backup=c:\windows\pss\Messenger Killer Real-time Protector.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastSUPPORT
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 22:44 679936 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-02-04 20:29 61440 ----a-w- c:\program files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 12:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 12:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-09-08 11:06 222728 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 03:32 53248 -c----w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-08 11:05 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\SYSTEM32\\dfrgntfs.exe"=
"c:\\Program Files\\Broderbund\\The Print Shop\\ps.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\hkcmd.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/15/2009 10:00 AM 207792]
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys [6/1/2010 5:12 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys [6/1/2010 5:12 PM 173104]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [12/15/2009 4:12 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [12/15/2009 4:12 PM 59664]
R1 Asapi;Asapi;c:\windows\SYSTEM32\DRIVERS\asapi.sys [12/23/2003 7:27 PM 11264]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/12/2010 8:36 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys [6/1/2010 5:12 PM 501888]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [12/15/2009 10:01 AM 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys [6/1/2010 5:12 PM 116784]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/15/2009 10:02 AM 112592]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [2/22/2003 12:19 PM 34712]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/1/2010 5:11 PM 126392]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/15/2009 10:00 AM 359624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 9:13 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100729.001\IDSXpx86.sys [7/29/2010 11:10 PM 331640]
S0 klmdb;klmdb;c:\windows\system32\drivers\klmdb.sys --> c:\windows\system32\drivers\klmdb.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [12/15/2009 10:00 AM 70408]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [12/15/2009 4:12 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\SYSTEM32\DRIVERS\tj2knd5.sys [8/19/2003 2:18 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [8/19/2003 2:00 PM 69680]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]

2010-07-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]

2010-07-27 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]

2010-07-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-30 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
Trusted Zone: aol.com\free
.
- - - - ORPHANS REMOVED - - - -

BHO-{7339df72-14b2-4e5d-a9d9-386ba7de8611} - (no file)
Toolbar-Locked - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-iinjug - c:\windows\system32\msilojzb.dll
SharedTaskScheduler-{9a23ff0c-faa5-47d7-bb1a-c9490e7793bc} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SSODL-vozesevus-{9a23ff0c-faa5-47d7-bb1a-c9490e7793bc} - (no file)
Notify-geBuVOfe - geBuVOfe.dll
SafeBoot-klmd24.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 18:54
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\drivers\tsk84.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\ndis_events.exe
.
**************************************************************************
.
Completion time: 2010-07-30 19:18:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 23:18

Pre-Run: 19,913,744,384 bytes free
Post-Run: 19,810,865,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 35877DFF5B91BB563B791135891273B6


#14 paula3zz

paula3zz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 30 July 2010 - 08:43 PM

I seem to be running fine with one little exception....when I open my email I get warning pop ups that go back and forth ...telling me "your about to view pages on a secure connection" then to "your about to view pages on an unsecure connection" each time I have to clik ok to get past it. I did turn back on my norton security firewall and virus pretection so I'm not sure why this is happening.


#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:25 AM

Posted 31 July 2010 - 02:19 PM

Good evening. smile.gif

I don't know about your email issue, so once i'm happy that your PC is clean I suggest starting a thread in another part of this forum where you will hopefully find a wiser soul than I. I'll point you in the right direction once the following is resolved:

You have an entry in your log that points to a file on your PC that I would like to have checked - if it is still present.

Please go to Jotti's and click on the Browse... button at the top and navigate to the following file and then click on Submit:

C:\Windows\system32\drivers\tsk84.tmp

When all the scans have been completed, please copy and paste the "Permalink" that you'll find in the "Jotti's malware scan" box in the upper left hand part of the page into your next reply.

You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here.
* These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after you have done.
*

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users