Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 Billybobjoebob

Billybobjoebob

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 11 September 2010 - 12:24 PM

Previous topic was here: http://www.bleepingcomputer.com/forums/topic345139.html ~ OB

About every 5-10 minutes a message from norton comes up "A recent attempt to attack your computer was blocked." It has notably slowed down the computer. It used to be much worse, but I used an adware remover and it got rid of some of them.


DDS (Ver_10-03-17.01) - NTFSx86
Run by nakvo family at 12:06:12.82 on Sat 09/04/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.108 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSExplorer.EXE
svchost.exe
svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSsystem32DVDRAMSV.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesNorton Security SuiteEngine3.8.0.41ccSvcHst.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
svchost.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
c:TOSHIBAIVPswupdateswupdtmr.exe
C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesNorton Security SuiteEngine3.8.0.41ccSvcHst.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesToshibaTvsTvsTray.exe
C:WINDOWSsystem32TPSMain.exe
C:Program FilesToshibaToshiba Appletthotkey.exe
C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe
C:WINDOWSsystem32TDispVol.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesTOSHIBATOSHIBA Zooming UtilitySmoothView.exe
C:Program FilesSynapticsSynTPToshiba.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:WINDOWSsystem32TPSBattM.exe
C:Program FilesQuickTimeQTTask.exe
C:toshibaivpismpinger.exe
C:Program FilesTOSHIBAConfigFreeNDSTray.exe
C:Program FilesltmohLtmoh.exe
C:Program FilesLexmark X5100 Serieslxbabmgr.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:Program FilesLexmark X5100 Serieslxbabmon.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32dlaDLACTRLW.exe
C:Program FilesTOSHIBAConfigFreeCFSServ.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32RAMASST.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe
C:Documents and Settingsnakvo familyDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aol.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:windowssystem32Userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn0yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlaDLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:program filesnorton security suiteengine3.8.0.41coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:program filesnorton security suiteengine3.8.0.41IPSBHO.DLL
BHO: Javaâ„¢ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn0YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:program filesnorton security suiteengine3.8.0.41coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn0yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [TOSCDSPD] c:program filestoshibatoscdspdtoscdspd.exe
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
mRun: [Tvs] c:program filestoshibatvsTvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:program filestoshibatoshiba appletthotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPLpr] c:program filessynapticssyntpSynTPLpr.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [SmoothView] c:program filestoshibatoshiba zooming utilitySmoothView.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [Pinger] c:toshibaivpismpinger.exe /run
mRun: [PadTouch] c:program filestoshibatouch and launchPadExe.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [MSKDetectorExe] c:program filesmcafeespamkillerMSKDetct.exe /uninstall
mRun: [LtMoh] c:program filesltmohLtmoh.exe
mRun: [Lexmark X5100 Series] "c:program fileslexmark x5100 serieslxbabmgr.exe"
mRun: [lcymegxx] c:documents and settingsnetworkservicelocal settingsapplication dataqlmvhdqorwjridoqtssd.exe
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [IntelZeroConfig] "c:program filesintelwirelessbinZCfgSvc.exe"
mRun: [IntelWireless] "c:program filesintelwirelessbinifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [ehTray] c:windowsehomeehtray.exe
mRun: [dla] c:windowssystem32dlaDLACTRLW.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeoffice10OSA.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupramasst.lnk - c:windowssystem32RAMASST.exe
IE: E&xport to Microsoft Excel - c:progra~1micros~2office10EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/html - {9f1b8109-a1e0-4293-a3c6-9db7da993807} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:program filesnorton security suiteengine3.8.0.41CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:progra~1googlegoogle~1GOEC62~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:windowssystem32rundll32.exe c:windowssystem32advpack.dll,launchinfsectionex c:program filesinternet explorerclrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversn3600308000.029SymEFA.sys [2010-2-25 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:windowssystem32driversn3600308000.029BHDrvx86.sys [2010-2-25 259632]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversn3600308000.029cchpx86.sys [2010-2-25 482432]
R1 IDSxpx86;IDSxpx86;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsipsdefs20100903.003IDSXpx86.sys [2010-9-3 331640]
R2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:program filesnorton security suiteengine3.8.0.41ccSvcHst.exe [2010-2-25 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2009-9-5 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filescommon filessymantec sharedeengineEraserUtilRebootDrv.sys [2010-8-9 102448]
R3 NAVENG;NAVENG;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsvirusdefs20100903.050NAVENG.SYS [2010-9-4 85424]
R3 NAVEX15;NAVEX15;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsvirusdefs20100903.050NAVEX15.SYS [2010-9-4 1362608]
S3 SVRPEDRV;SVRPEDRV;??c:syspreppedrv.sys --> c:sysprepPEDrv.sys [?]

=============== Created Last 30 ================

2010-09-04 17:04:23 0 ----a-w- c:documents and settingsnakvo familydefogger_reenable
2010-09-01 01:00:10 0 d-----w- c:docume~1nakvof~1applic~1abgx360
2010-08-22 22:53:42 73728 ----a-w- c:windowssystem32javacpl.cpl
2010-08-22 22:53:42 411368 ----a-w- c:windowssystem32deployJava1.dll
2010-08-22 22:50:19 0 d-----w- c:program filesJDownloader
2010-08-22 22:36:47 0 d-----w- c:program filesabgx360
2010-08-07 17:31:16 0 d-----w- c:docume~1nakvof~1applic~1InfraRecorder
2010-08-07 16:37:58 0 d-----w- c:program filesInfraRecorder
2010-08-07 07:01:36 0 d-----w- C:Xp_home
2010-08-07 04:34:46 0 d-----w- c:program filesuTorrent
2010-08-07 04:34:13 0 d-----w- c:docume~1nakvof~1applic~1uTorrent
2010-08-05 20:24:49 0 d-----w- c:windowspss

==================== Find3M ====================


============= FINISH: 12:07:29.89 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-04 13:09:18
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:DOCUME~1NAKVOF~1LOCALS~1Tempuwrdauod.sys


---- System - GMER 1.0.15 ----

SSDT 81D48050 ZwAlertResumeThread
SSDT 81D49050 ZwAlertThread
SSDT FF7388D8 ZwAllocateVirtualMemory
SSDT FF7EC050 ZwAssignProcessToJobObject
SSDT 81EA5C40 ZwConnectPort
SSDT ??C:WINDOWSsystem32DriversSYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA808130]
SSDT FF7380D0 ZwCreateMutant
SSDT FF737B78 ZwCreateSymbolicLinkObject
SSDT 81E4F580 ZwCreateThread
SSDT FF7EE050 ZwDebugActiveProcess
SSDT ??C:WINDOWSsystem32DriversSYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA8083B0]
SSDT ??C:WINDOWSsystem32DriversSYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA808910]
SSDT FF738A30 ZwDuplicateObject
SSDT FF738738 ZwFreeVirtualMemory
SSDT 81D46050 ZwImpersonateAnonymousToken
SSDT 81D47050 ZwImpersonateThread
SSDT 82ACB198 ZwLoadDriver
SSDT 81E1B840 ZwMapViewOfSection
SSDT 81D43050 ZwOpenEvent
SSDT FF738BD0 ZwOpenProcess
SSDT 81E170B8 ZwOpenProcessToken
SSDT 81E43050 ZwOpenSection
SSDT FF738B00 ZwOpenThread
SSDT FF737C48 ZwProtectVirtualMemory
SSDT 81E1E400 ZwResumeThread
SSDT 81D4A050 ZwSetContextThread
SSDT FF738558 ZwSetInformationProcess
SSDT FF7F0050 ZwSetSystemInformation
SSDT ??C:WINDOWSsystem32DriversSYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA808B60]
SSDT 81E45050 ZwSuspendProcess
SSDT 81E5C050 ZwSuspendThread
SSDT 81D4C0B8 ZwTerminateProcess
SSDT 81E5F050 ZwTerminateThread
SSDT 81E15070 ZwUnmapViewOfSection
SSDT FF738808 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 234 804E28A0 1 Byte [D0]
.rsrc C:WINDOWSsystem32driversdmload.sys entry point in ".rsrc" section [0xF8A88114]
? SYMEFA.SYS The system cannot find the file specified. !
init C:WINDOWSsystem32driverstifm21.sys entry point in "init" section [0xF7F7BEBF]

---- User code sections - GMER 1.0.15 ----

.text C:WINDOWSExplorer.EXE[264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:WINDOWSExplorer.EXE[264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:WINDOWSExplorer.EXE[264] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:WINDOWSSystem32svchost.exe[1848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008A000A
.text C:WINDOWSSystem32svchost.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008B000A
.text C:WINDOWSSystem32svchost.exe[1848] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0089000C
.text C:WINDOWSSystem32svchost.exe[1848] USER32.dll!GetCursorPos 77D4BD76 5 Bytes JMP 0121000A
.text C:WINDOWSSystem32svchost.exe[1848] ole32.dll!CoCreateInstance 7750058E 5 Bytes JMP 009F000A
.text C:Program FilesInternet Exploreriexplore.exe[5620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AB000A
.text C:Program FilesInternet Exploreriexplore.exe[5620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AD000A
.text C:Program FilesInternet Exploreriexplore.exe[5620] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AA000C

---- Devices - GMER 1.0.15 ----

Device FileSystemUdfs UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device FileSystemmeiudf MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device FileSystemmeiudf MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device FileSystemUdfs UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice DriverTcpip DeviceIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice DriverKbdclass DeviceKeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice DriverKbdclass DeviceKeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice DriverTcpip DeviceTcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice DriverTcpip DeviceUdp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice DriverTcpip DeviceRawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device FileSystemCdfs Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device -> Driveratapi DeviceHarddisk0DR0 829EBEC5

---- Files - GMER 1.0.15 ----

File C:Documents and SettingsNetworkServiceApplication DataMacromediaFlash Player#SharedObjectsWNT7NEULsecure-us.imrworldwide.com_ggMCvar_2.sol 0 bytes
File C:Documents and SettingsNetworkServiceCookiessystem@scorecardresearch[3].txt 0 bytes
File C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5AJCVWTCB31.1[1].gif 0 bytes
File C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5AJCVWTCB59.3[1].gif 0 bytes
File C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5AJCVWTCB72.2[1].gif 0 bytes
File C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5AJCVWTCB77.2[1].gif 0 bytes
File C:WINDOWSsystem32driversdmload.sys suspicious modification
File C:WINDOWSsystem32driversatapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

I didn't respond to my last thread within 5 days because I figured I'd respond with the combofix results on the weekend when I have time to scan it, but it got closed so I couldn't. Which is why I made this new thread and have already posted a reply with combofix results. So, this time I'll respond if I see a response. Thanks. And if it's any help, Noviciate had helped me before. After 10 minutes, I checked norton's recent history and there were 3 medium risks.

ComboFix 10-09-09.04 - nakvo family 09/11/2010 11:21:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.228 [GMT -5:00]
Running from: c:documents and settingsnakvo familyMy DocumentsGraboidComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesShared
c:windowssystem32Thumbs.db
c:windowsTasksrgphfpas.job

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
Infected copy of c:windowssystem32driversdmload.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-03 23:39 . 2010-09-03 23:40 -------- d-----w- c:program filesRecuva
2010-09-01 01:00 . 2010-09-01 01:00 -------- d-----w- c:documents and settingsnakvo familyApplication Dataabgx360
2010-08-22 22:57 . 2010-08-22 22:57 503808 ----a-w- c:documents and settingsnakvo familyApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-3b67e02c-nmsvcp71.dll
2010-08-22 22:57 . 2010-08-22 22:57 499712 ----a-w- c:documents and settingsnakvo familyApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-3b67e02c-njmc.dll
2010-08-22 22:57 . 2010-08-22 22:57 348160 ----a-w- c:documents and settingsnakvo familyApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-3b67e02c-nmsvcr71.dll
2010-08-22 22:57 . 2010-08-22 22:57 61440 ----a-w- c:documents and settingsnakvo familyApplication DataSunJavaDeploymentSystemCache6.0424488892a-1bcfedd7-ndecora-sse.dll
2010-08-22 22:57 . 2010-08-22 22:57 12800 ----a-w- c:documents and settingsnakvo familyApplication DataSunJavaDeploymentSystemCache6.0424488892a-1bcfedd7-ndecora-d3d.dll
2010-08-22 22:53 . 2010-08-22 22:52 411368 ----a-w- c:windowssystem32deployJava1.dll
2010-08-22 22:50 . 2010-09-04 00:29 -------- d-----w- c:program filesJDownloader
2010-08-22 22:36 . 2010-08-22 22:36 -------- d-----w- c:program filesabgx360

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 01:54 . 2010-06-21 17:47 -------- d-----w- c:program filesGraboid
2010-08-22 22:55 . 2006-02-16 09:28 -------- d-----w- c:program filesCommon FilesJava
2010-08-22 22:52 . 2006-02-16 09:28 -------- d-----w- c:program filesJava
2010-08-07 21:08 . 2009-09-14 17:17 -------- d-----w- c:program filesABBYY FineReader 5.0 Sprint
2010-08-07 17:33 . 2010-08-07 17:31 -------- d-----w- c:documents and settingsnakvo familyApplication DataInfraRecorder
2010-08-07 16:37 . 2010-08-07 16:37 -------- d-----w- c:program filesInfraRecorder
2010-08-07 08:24 . 2010-08-07 04:34 -------- d-----w- c:documents and settingsnakvo familyApplication DatauTorrent
2010-08-07 06:51 . 2010-08-07 06:51 -------- d-----w- c:documents and settingsnakvo familyApplication DataSonic
2010-08-07 06:15 . 2010-08-07 04:49 -------- d-----w- c:program filesImgBurn
2010-08-07 05:17 . 2010-08-07 04:59 -------- d-----w- c:documents and settingsnakvo familyApplication DataImgBurn
2010-08-07 04:34 . 2010-08-07 04:34 -------- d-----w- c:program filesuTorrent
2010-08-06 05:32 . 2006-02-18 15:56 -------- d-----w- c:program filesGoogle
2010-08-04 22:20 . 2010-08-04 22:20 -------- d-----w- c:documents and settingsnakvo familyApplication DataMalwarebytes
2010-08-04 22:20 . 2010-08-04 22:20 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-08-04 22:20 . 2010-08-04 22:20 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-08-04 21:53 . 2010-08-09 05:02 178810 ----a-w- c:windowspchealthhelpctrConfigCacheProfessional_32_1033.dat
2010-08-01 14:58 . 2010-08-01 14:58 -------- d-----w- c:documents and settingsLocalServiceApplication DataAdobeUM
2010-07-31 03:57 . 2010-07-31 03:57 -------- d-----w- c:documents and settingsNetworkServiceApplication DataAdobeUM
2010-07-26 16:19 . 2010-03-09 16:02 -------- d-----w- c:documents and settingsAll UsersApplication DataApple
2010-07-21 13:37 . 2010-07-20 19:16 -------- d-----w- c:documents and settingsAll UsersApplication DataYahoo! Companion
2010-07-20 19:16 . 2010-07-20 19:16 -------- d-----w- c:documents and settingsAll UsersApplication DataYahoo!
2010-07-20 19:16 . 2006-02-16 10:14 -------- d-----w- c:program filesYahoo!
2010-07-20 19:16 . 2010-07-20 19:16 -------- d-----w- c:documents and settingsnakvo familyApplication DataYahoo!
2010-07-16 20:08 . 2010-07-16 20:08 516784 ----a-w- c:documents and settingsAll UsersApplication DataGoogleGoogle ToolbarUpdategtbC.tmp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"TOSCDSPD"="c:program filesTOSHIBATOSCDSPDtoscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"Tvs"="c:program filesToshibaTvsTvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"THotkey"="c:program filesToshibaToshiba Appletthotkey.exe" [2006-01-05 352256]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPLpr"="c:program filesSynapticsSynTPSynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:program filesTOSHIBATOSHIBA Zooming UtilitySmoothView.exe" [2005-04-27 122880]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2010-03-18 421888]
"Pinger"="c:toshibaivpismpinger.exe" [2005-03-18 151552]
"NDSTray.exe"="NDSTray.exe" [BU]
"MSKDetectorExe"="c:program filesMcAfeeSpamKillerMSKDetct.exe" [2005-08-12 1121792]
"LtMoh"="c:program filesltmohLtmoh.exe" [2004-08-18 184320]
"Lexmark X5100 Series"="c:program filesLexmark X5100 Serieslxbabmgr.exe" [2003-03-04 86100]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2010-04-28 142120]
"IntelZeroConfig"="c:program filesIntelWirelessbinZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:program filesIntelWirelessBinifrmewrk.exe" [2005-11-28 602182]
"igfxtray"="c:windowssystem32igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:windowssystem32igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd"="c:windowssystem32hkcmd.exe" [2005-11-28 77824]
"ehTray"="c:windowsehomeehtray.exe" [2005-08-05 64512]
"dla"="c:windowssystem32dlaDLACTRLW.exe" [2005-10-06 122940]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-02-18 248040]

c:documents and settingsAll UsersStart MenuProgramsStartup
Microsoft Office.lnk - c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:windowssystem32RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:TOSHIBAivpNetIntNetint.exe"=
"c:TOSHIBAIvpISMpinger.exe"= c:TOSHIBAIVPISMpinger.exe
"c:Program FilesCommon FilesAOLLoaderaolload.exe"=
"c:Program FilesMessengermsmsgs.exe"=
"c:Program FilesYahoo!Yahoo! Music EngineYahooMusicEngine.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Program FilesiTunesiTunes.exe"=
"c:Program FilesuTorrentuTorrent.exe"=
"c:Documents and Settingsnakvo familyMy DocumentsGraboidutorrent.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversN3600308000.029SymEFA.sys [2/25/2010 3:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:windowssystem32driversN3600308000.029BHDrvx86.sys [2/25/2010 3:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversN3600308000.029cchpx86.sys [2/25/2010 3:45 PM 482432]
R1 IDSxpx86;IDSxpx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20100909.001IDSXpx86.sys [9/9/2010 8:21 PM 331640]
R2 N360;Norton Security Suite;c:program filesNorton Security SuiteEngine3.8.0.41ccSvcHst.exe [2/25/2010 3:44 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesViewpointCommonViewpointService.exe [9/5/2009 3:43 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [9/6/2010 12:03 PM 102448]
S3 SVRPEDRV;SVRPEDRV;??c:sysprepPEDrv.sys --> c:sysprepPEDrv.sys [?]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2004-08-10 12:00 99840 ----a-w- c:windowssystem32advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PadTouch - c:program filesTOSHIBATouch and LaunchPadExe.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 11:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet003ServicesN360]
"ImagePath"=""c:program filesNorton Security SuiteEngine3.8.0.41ccSvcHst.exe" /s "N360" /m "c:program filesNorton Security SuiteEngine3.8.0.41diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINEsoftwareIntelWirelessFolders¬ p*2*]
"Path"="c:WINDOWSsystem32configsystemprofileApplication DataIntelWireless"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2892)
c:windowssystem32TDispVol.dll
c:windowssystem32TPwrCfg.DLL
c:windowssystem32TPwrReg.dll
c:windowssystem32TPSTrace.DLL
c:windowssystem32msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesIntelWirelessBinEvtEng.exe
c:program filesIntelWirelessBinS24EvMon.exe
c:windowssystem32LEXBCES.EXE
c:windowssystem32LEXPPS.EXE
c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesTOSHIBAConfigFreeCFSvcs.exe
c:windowssystem32DVDRAMSV.exe
c:windowseHomeehRecvr.exe
c:windowseHomeehSched.exe
c:program filesJavajre6binjqs.exe
c:windowssystem32TPSMain.exe
c:program filesTOSHIBATOSHIBA ControlsTFncKy.exe
c:program filesIntelWirelessBinRegSrvc.exe
c:windowssystem32TDispVol.exe
c:toshibaIVPswupdateswupdtmr.exe
c:windowssystem32TPSBattM.exe
c:program filesSynapticsSynTPToshiba.exe
c:program filesTOSHIBATOSHIBA AppletTAPPSRV.exe
c:program filesYahoo!SoftwareUpdateYahooAUService.exe
c:program filesTOSHIBAConfigFreeNDSTray.exe
c:windowsehomemcrdsvc.exe
c:program filesLexmark X5100 Serieslxbabmon.exe
c:program filesTOSHIBAConfigFreeCFSServ.exe
c:windowsAGRSMMSG.exe
c:windowssystem32dllhost.exe
c:windowssystem32wscntfy.exe
c:windowseHomeehmsas.exe
c:progra~1IntelWirelessBinDot1XCfg.exe
c:program filesiPodbiniPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-11 11:46:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 16:46

Pre-Run: 28,318,564,352 bytes free
Post-Run: 28,641,435,648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 5A9773C6B4B30BB552295B2744252E0E

EDIT: Posts merged ~BP

Attached Files


Edited by Orange Blossom, 13 September 2010 - 05:48 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:21 AM

Posted 16 September 2010 - 06:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Billybobjoebob

Billybobjoebob
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 17 September 2010 - 06:19 PM

hey

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:21 AM

Posted 17 September 2010 - 07:10 PM

Hey.

Well you managed to run Combofix without it destroying your PC. Most people manage it but here's a warning

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


The log shows a rootkit being removed, amongst others. How is the PC actually doing now?

Please run the ESET online scanner
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#5 Billybobjoebob

Billybobjoebob
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 17 September 2010 - 08:48 PM

I'm scanning now, it's at 51% on step 3 of 4. I started a topic before this, but I didn't respond within 5 days, so the topic got closed. Whoever it was that was helping me, told me to run combofix.

Edited by Billybobjoebob, 17 September 2010 - 08:54 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:21 AM

Posted 17 September 2010 - 08:55 PM

QUOTE
Whoever it was that was helping me, told me to run combofix.


So I see. Ignore the warning, sorry smile.gif
Posted Image
m0le is a proud member of UNITE

#7 Billybobjoebob

Billybobjoebob
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 17 September 2010 - 09:50 PM

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\59\4708433b-2df75691 a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\9\508ff789-7afb369d multiple threats deleted - quarantined
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-58a3e193-602a551d.zip multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\14\3160e6ce-17c4adf1 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\51bd3-48404d08 a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\24\44761518-798e40d4 a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\3cc2a1e-369a81b0 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\4e220c63-2a00a099 a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\38\27ff64e6-57e8e46b multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\61d4602f-7531efb9 a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\1ba3b270-5bcda129 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\63\7cc1ceff-76749fba a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-17e1ed93-1acbc52d.zip multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-520606b1-6f42fac9.zip multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-6aea7fc0-53506680.zip multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-78bf1a3d-3e5da1be.zip multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\np2.jar-4b0f898b-5cfa849f.zip a variant of Java/Rowindal.A trojan deleted - quarantined
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE Win32/Adware.DSSAgent application cleaned by deleting - quarantined


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:21 AM

Posted 18 September 2010 - 05:47 PM

Adware, which seems to be gone now. Please run Superantispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#9 Billybobjoebob

Billybobjoebob
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 18 September 2010 - 07:04 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/18/2010 at 06:40 PM

Application Version : 4.43.1000

Core Rules Database Version : 5531
Trace Rules Database Version: 3344

Scan type : Complete Scan
Total Scan Time : 00:40:10

Memory items scanned : 603
Memory threats detected : 0
Registry items scanned : 8112
Registry threats detected : 0
File items scanned : 20048
File threats detected : 161

Adware.Tracking Cookie
C:\Documents and Settings\nakvo family\Cookies\nakvo family@cltomedia[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@media6degrees[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@adxpose[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@zanox[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@apmebf[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@burstbeacon[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ru4[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@findgreatlistings[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ad.wsod[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@cgi-bin[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@a1.interclick[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@advertise[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@bridge2.admarketplace[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@mediabrandsww[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ak[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.christianpost[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@adserving.claxon[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@affiliate.gwmtracker[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@clicksor[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@at.atwola[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@adbrite[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@freegamefinder[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@interclick[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@1.x.j.cltomedia[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@bs.serving-sys[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@doubleclick[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@statcounter[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@admarketplace[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@atdmt[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@collective-media[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@legolas-media[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@edgeadx[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.bleepingcomputer[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ad.yieldmanager[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@pointroll[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@1051995553[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.cartoonnetwork[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@server.cpmstar[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@in.getclicky[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@chitika[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.pubmatic[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@advertising[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@amex-insights[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@insightexpressai[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@equifaxps.122.2o7[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ext-us.bestofmedia[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@lucidmedia[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@eyewonder[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@n-traffic[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@bizzclick[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@content.yieldmanager[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@invitemedia[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@zedo[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@specificmedia[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.ad4game[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@equifax.122.2o7[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.undertone[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@fastclick[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.pointroll[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@77tracking[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@optimost[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@server2.bkvtrack[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@intermundomedia[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.us.e-planning[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@track.socialsurveys[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@www.burstbeacon[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@stat.onestat[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@247realmedia[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@metroleap.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@www.burstnet[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@e-2dj6wjlyencjiao.stats.esomniture[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@dc.tremormedia[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@mediaplex[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@clickpoint[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@cb.adbureau[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@trafficmp[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@1048838816[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ehg-eset.hitbox[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@media.adfrontiers[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@hitbox[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@redorbit[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@www.gmbtrack[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@www.socialtrack[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@tacoda[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@eas.apm.emediate[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@revsci[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@crackle[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@pro-market[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@burstnet[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@www.grapeshot-media[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@googleads.g.doubleclick[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@realmedia[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@adserver.adtechus[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.shorttail[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@serving-sys[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.ookla[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.esm1[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ad.adc-serv[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@d.mediadakine[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.monster[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@tribalfusion[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ehg-equifax.hitbox[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@www.findgreatlistings[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@tdstats[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@questionmarket[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@wsite-poker-4a-com[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@specificclick[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@citi.bridgetrack[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.intergi[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@linksynergy[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@network.realmedia[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ig[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@www.click-trak[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.bridgetrack[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@servedby.adxpower[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@2o7[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@ads.redorbit[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@videoegg.adbureau[2].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@adscendmedia[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@oasn04.247realmedia[1].txt
cdn4.specificclick.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
indieclick.3janecdn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
speed.pointroll.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QU8G9WDH ]
cdn.eyewonder.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
cdn4.specificclick.net [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
core.insightexpressai.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
crackle.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
media.mtvnservices.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
media.scanscout.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
media.socialvibe.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
media1.break.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
media1.clubpenguin.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
objects.tremormedia.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
secure-us.imrworldwide.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
video.redorbit.com [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
www.tangersmedia.info [ C:\Documents and Settings\nakvo family\Application Data\Macromedia\Flash Player\#SharedObjects\Z73LW8CP ]
C:\Documents and Settings\nakvo family\Cookies\nakvo family@clickable-strange-saved-by-the-bell-subtitles[1].txt
C:\Documents and Settings\nakvo family\Cookies\nakvo family@adserving[2].txt
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
img-cdn.mediaplex.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
media-glam.pictela.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
media.onsugar.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
service.twistage.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]
speed.pointroll.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL ]

Rootkit.Agent/Gen-TDSS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP26\A0061398.SYS

Application.Broderbund/Background Agent
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP34\A0064386.EXE


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:21 AM

Posted 18 September 2010 - 07:13 PM

QUOTE
Rootkit.Agent/Gen-TDSS


Nasty thing to find. Let's make sure this has gone before we continue.


  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#11 Billybobjoebob

Billybobjoebob
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 18 September 2010 - 07:34 PM

2010/09/18 19:32:15.0296 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/18 19:32:15.0296 ================================================================================
2010/09/18 19:32:15.0296 SystemInfo:
2010/09/18 19:32:15.0296
2010/09/18 19:32:15.0296 OS Version: 5.1.2600 ServicePack: 2.0
2010/09/18 19:32:15.0296 Product type: Workstation
2010/09/18 19:32:15.0296 ComputerName: NAKVO-USER
2010/09/18 19:32:15.0296 UserName: nakvo family
2010/09/18 19:32:15.0296 Windows directory: C:\WINDOWS
2010/09/18 19:32:15.0296 System windows directory: C:\WINDOWS
2010/09/18 19:32:15.0296 Processor architecture: Intel x86
2010/09/18 19:32:15.0296 Number of processors: 1
2010/09/18 19:32:15.0296 Page size: 0x1000
2010/09/18 19:32:15.0296 Boot type: Normal boot
2010/09/18 19:32:15.0296 ================================================================================
2010/09/18 19:32:17.0078 Initialize success
2010/09/18 19:32:42.0828 ================================================================================
2010/09/18 19:32:42.0828 Scan started
2010/09/18 19:32:42.0828 Mode: Manual;
2010/09/18 19:32:42.0828 ================================================================================
2010/09/18 19:32:44.0171 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/18 19:32:44.0187 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/18 19:32:44.0250 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/09/18 19:32:44.0312 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/09/18 19:32:44.0359 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/09/18 19:32:44.0453 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/09/18 19:32:44.0609 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/18 19:32:44.0703 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/09/18 19:32:44.0750 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/18 19:32:45.0046 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/18 19:32:45.0109 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/18 19:32:45.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/18 19:32:45.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/18 19:32:45.0328 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2010/09/18 19:32:45.0390 BVRPMPR5 (18e0f9c1e7ec4aae40b3f67eab0aee99) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/09/18 19:32:45.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/18 19:32:45.0796 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2010/09/18 19:32:45.0906 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/18 19:32:45.0953 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/18 19:32:46.0000 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/18 19:32:46.0062 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/18 19:32:46.0109 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/18 19:32:46.0218 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/18 19:32:46.0312 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/18 19:32:46.0453 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/18 19:32:46.0531 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/09/18 19:32:46.0562 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/18 19:32:46.0578 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/18 19:32:46.0609 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/18 19:32:46.0625 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/09/18 19:32:46.0656 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/18 19:32:46.0671 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/18 19:32:46.0796 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/18 19:32:47.0156 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/18 19:32:47.0203 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/18 19:32:47.0343 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/18 19:32:47.0390 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/18 19:32:47.0406 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/18 19:32:47.0437 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/18 19:32:47.0500 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/18 19:32:47.0546 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/09/18 19:32:47.0671 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/18 19:32:47.0734 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/18 19:32:47.0875 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/18 19:32:48.0109 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/18 19:32:48.0171 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/18 19:32:48.0203 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/18 19:32:48.0250 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/09/18 19:32:48.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/18 19:32:48.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/18 19:32:48.0375 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/18 19:32:48.0421 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/18 19:32:48.0468 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/18 19:32:48.0531 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/18 19:32:48.0609 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/18 19:32:48.0953 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/18 19:32:49.0078 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/09/18 19:32:49.0437 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100917.001\IDSxpx86.sys
2010/09/18 19:32:49.0640 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/18 19:32:50.0078 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/18 19:32:50.0437 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/18 19:32:50.0468 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/09/18 19:32:50.0515 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/18 19:32:50.0546 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/18 19:32:50.0593 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/18 19:32:50.0640 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/18 19:32:50.0718 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/18 19:32:50.0765 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/18 19:32:50.0796 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/09/18 19:32:50.0859 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/18 19:32:50.0906 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/18 19:32:50.0937 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2010/09/18 19:32:50.0984 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/18 19:32:51.0046 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2010/09/18 19:32:51.0078 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/09/18 19:32:51.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/18 19:32:51.0125 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/18 19:32:51.0312 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/18 19:32:51.0359 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/18 19:32:51.0437 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/18 19:32:51.0531 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/18 19:32:51.0562 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/18 19:32:51.0625 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/18 19:32:51.0640 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/18 19:32:51.0687 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/18 19:32:51.0750 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/18 19:32:51.0796 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/18 19:32:52.0078 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100918.003\NAVENG.SYS
2010/09/18 19:32:52.0296 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100918.003\NAVEX15.SYS
2010/09/18 19:32:52.0609 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/18 19:32:52.0656 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/18 19:32:52.0718 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/18 19:32:52.0750 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/18 19:32:52.0796 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/18 19:32:52.0843 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/18 19:32:52.0890 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/18 19:32:52.0921 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2010/09/18 19:32:52.0968 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/18 19:32:53.0000 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/18 19:32:53.0046 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/18 19:32:53.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/18 19:32:53.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/18 19:32:53.0343 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/18 19:32:53.0390 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/18 19:32:53.0437 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/18 19:32:53.0468 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/18 19:32:53.0500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/18 19:32:53.0531 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/18 19:32:53.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/18 19:32:53.0593 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/18 19:32:53.0796 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/09/18 19:32:53.0859 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/18 19:32:53.0906 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/18 19:32:54.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/18 19:32:54.0046 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/18 19:32:54.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/18 19:32:54.0203 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/18 19:32:54.0218 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/18 19:32:54.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/18 19:32:54.0296 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/18 19:32:54.0312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/18 19:32:54.0359 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/18 19:32:54.0421 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/18 19:32:54.0453 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/18 19:32:54.0515 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/09/18 19:32:54.0640 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/18 19:32:54.0671 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/18 19:32:54.0984 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/09/18 19:32:55.0031 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/18 19:32:55.0093 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/18 19:32:55.0156 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/09/18 19:32:55.0171 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/09/18 19:32:55.0203 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/18 19:32:55.0281 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/18 19:32:55.0359 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/18 19:32:55.0515 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2010/09/18 19:32:55.0625 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2010/09/18 19:32:55.0671 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/18 19:32:55.0921 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/18 19:32:55.0953 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/18 19:32:56.0062 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2010/09/18 19:32:56.0125 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/09/18 19:32:56.0250 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2010/09/18 19:32:56.0296 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2010/09/18 19:32:56.0343 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/09/18 19:32:56.0359 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/09/18 19:32:56.0531 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2010/09/18 19:32:56.0593 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2010/09/18 19:32:56.0703 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/18 19:32:56.0859 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/18 19:32:56.0937 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2010/09/18 19:32:57.0031 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/18 19:32:57.0156 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/09/18 19:32:57.0187 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/18 19:32:57.0437 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/18 19:32:57.0484 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/18 19:32:57.0546 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2010/09/18 19:32:57.0687 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2010/09/18 19:32:57.0765 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2010/09/18 19:32:57.0796 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/09/18 19:32:57.0859 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/18 19:32:57.0906 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/18 19:32:58.0093 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/18 19:32:58.0140 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/18 19:32:58.0156 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/18 19:32:58.0234 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/18 19:32:58.0281 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/18 19:32:58.0328 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/18 19:32:58.0406 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/18 19:32:58.0437 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/18 19:32:58.0500 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/09/18 19:32:58.0546 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/18 19:32:58.0703 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/09/18 19:32:58.0953 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/18 19:32:58.0984 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/09/18 19:32:59.0156 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/18 19:32:59.0281 ================================================================================
2010/09/18 19:32:59.0281 Scan finished
2010/09/18 19:32:59.0281 ================================================================================


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:21 AM

Posted 18 September 2010 - 07:46 PM

Nope, that's clean as a whistle thumbup2.gif

How's the PC running now, Billybobjoebob?
Posted Image
m0le is a proud member of UNITE

#13 Billybobjoebob

Billybobjoebob
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 18 September 2010 - 07:50 PM

It's running pretty well but I got a notice from norton of one with severity medium, activity unauthorized access blocked (send terminate message to window), status block. The actor is c:\windows\explorer.exe, and the target is C:\Program Files\Norton Security Suite\Engine\3.8.0.41\MCUI32.exe. Is this a problem?


I have IE6, so should I upgrade to IE8?

Edited by Billybobjoebob, 18 September 2010 - 08:00 PM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:21 AM

Posted 18 September 2010 - 08:06 PM

In the end you will have to upgrade as the www is made compatible and forgets about the earlier versions. Right now, I would look carefully at the actual changes that IE8 has made and ask if it's worth doing now.

It looks like a major tweak to IE7 and nothing more. Faster, Easier, Safer it says. I haven't seen it in action yet but it's fair to say from the screenshots that it aint anything that innovative. I use Firefox more now anyway.

Security-wise it looks like Microsoft are getting smarter by adding click-jacking protection to the browser which is welcome. Though Microsoft's security record in this department isn't the most reactive in the industry they are trying and if you were looking to uprade then this would be the reason to do it.



Let's complete this topic then...

You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
[/list]
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it Billybobjoebob, happy surfing!

Cheers.

m0le


Posted Image
m0le is a proud member of UNITE

#15 Billybobjoebob

Billybobjoebob
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 18 September 2010 - 08:09 PM

Thanks soooo much m0le!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users