Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access the Net


  • This topic is locked This topic is locked
18 replies to this topic

#1 Specba

Specba

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:03:02 PM

Posted 14 December 2010 - 06:11 AM

I have a netbook that had Malware. I went out on a limb and ran MalwareBytes. The malware was removed, but the netbook still can's access the net. The log file clearly shows a re-direct to 127.0.0.1.

There are several other suspicious entries as well.

I won't do a thing until I hear from someone who can look at the logs.

Thank you in advance.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Dad at 21:53:24.98 on Mon 12/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.572 [GMT -5:00]

AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*

============== Running Processes ===============

c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.live.com
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
uWindows: load=U???
uWindows: Run=U???
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\jljsiqzk.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6092
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {4B7C014C-21F0-43F1-B9DE-78E61918BAAC} - c:\documents and settings\dad\local settings\application data\{4B7C014C-21F0-43F1-B9DE-78E61918BAAC}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-7-18 14248]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2009-7-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2009-7-18 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2009-7-18 362544]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2009-7-18 115560]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-18 143840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-7 102448]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-7-18 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-7-18 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-7-18 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-7-18 162816]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090904.002\IDSXpx86.sys [2009-9-5 276344]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-18 1684736]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090907.025\naveng.sys [2009-9-7 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090907.025\navex15.sys [2009-9-7 1323568]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

=============== Created Last 30 ================

2010-12-12 21:03:54 -------- d-----w- c:\windows\pss
2010-12-12 21:03:25 -------- d-----w- c:\windows\system32\LogFiles
2010-12-12 19:25:52 -------- d-----w- c:\docume~1\dad\applic~1\Malwarebytes
2010-12-12 19:25:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 19:25:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-12 19:25:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 19:25:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-12-12 19:04:08 0 ----a-w- c:\windows\Skunuxiqivoqulic.bin
2010-09-15 23:59:52 2838 ----a-w- c:\windows\isitalajoqibu.dll
2010-09-15 22:50:27 2838 ----a-w- c:\windows\ibepakuk.dll
2010-09-15 22:33:17 2838 ----a-w- c:\windows\awudafuvelik.dll
2010-09-15 22:27:59 2838 ----a-w- c:\windows\esukarad.dll
2010-09-15 17:59:56 2838 ----a-w- c:\windows\atagugav.dll
2010-09-15 13:31:40 2838 ----a-w- c:\windows\uloqipuz.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The maximum number of secrets that may be stored in a single system has been exceeded.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x85E6CAE3]<< >>UNKNOWN [0xA931DC5F]<<
_asm { JMP 0x234b117c; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86500AB8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86325AEA
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 21:55:41.06 ===============



Specba

Attached File  Attach.txt   14.48KB   4 downloads

Attached Files


The difference between the right word and the almost right word is the difference between the lightning and the lightning bug. - Twain

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:02 PM

Posted 23 December 2010 - 11:47 AM

Hi Specba,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum and sorry for the delay. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

If you still need assistance please update me about the current condition of your computer.

#3 Specba

Specba
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:03:02 PM

Posted 23 December 2010 - 07:30 PM

Yes. I haven't touched it other than to re-scan it.

Here is the latest scan:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Dad at 22:12:31.39 on Tue 12/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.586 [GMT -5:00]

AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*

============== Running Processes ===============

c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.live.com
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
uWindows: load=U???
uWindows: Run=U???
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\jljsiqzk.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6092
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {4B7C014C-21F0-43F1-B9DE-78E61918BAAC} - c:\documents and settings\dad\local settings\application data\{4B7C014C-21F0-43F1-B9DE-78E61918BAAC}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-7-18 14248]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2009-7-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2009-7-18 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2009-7-18 362544]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2009-7-18 115560]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-18 143840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-7 102448]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-7-18 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-7-18 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-7-18 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-7-18 162816]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090904.002\IDSXpx86.sys [2009-9-5 276344]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-18 1684736]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090907.025\naveng.sys [2009-9-7 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090907.025\navex15.sys [2009-9-7 1323568]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

=============== Created Last 30 ================

2010-12-12 21:03:54 -------- d-----w- c:\windows\pss
2010-12-12 21:03:25 -------- d-----w- c:\windows\system32\LogFiles
2010-12-12 19:25:52 -------- d-----w- c:\docume~1\dad\applic~1\Malwarebytes
2010-12-12 19:25:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 19:25:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-12 19:25:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 19:25:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-12-12 19:04:08 0 ----a-w- c:\windows\Skunuxiqivoqulic.bin

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The maximum number of secrets that may be stored in a single system has been exceeded.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8634330B]<< >>UNKNOWN [0xA9FC5C5F]<<
_asm { JMP 0x23c82954; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86577AB8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x862CAAEA
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 22:14:54.06 ===============
Thanks,

Specba

Attached Files


The difference between the right word and the almost right word is the difference between the lightning and the lightning bug. - Twain

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:02 PM

Posted 24 December 2010 - 05:05 AM

We restore the internet connection and run the fix to remove the MBR infection (TDL4 rootkit) that is still there.

  • Reset the LAN settings:

    In Internet Explorer:
  • Go to Tools => Internet Options => click on the Connections tab, then click on LAN Settings. The following items should be unchecked:
  • Automatically detect settings
  • Use a proxy server for your LAN
In Firefox:
Open Firefox. Go Tools -> Options -> Advanced -> click on the Network Tab, then click Settings.
Select the radio button that says No Proxy. Click OK.Check to see if the internet connection is restored.

[*]Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
[/list]

#5 Specba

Specba
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:03:02 PM

Posted 24 December 2010 - 06:41 PM

It did require a reboot. No file opened automatically, but here is the contents of the log file:

2010/12/24 18:08:25.0833 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/24 18:08:25.0833 ================================================================================
2010/12/24 18:08:25.0833 SystemInfo:
2010/12/24 18:08:25.0848
2010/12/24 18:08:25.0848 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/24 18:08:25.0848 Product type: Workstation
2010/12/24 18:08:25.0848 ComputerName: D3NYN5K1
2010/12/24 18:08:25.0848 UserName: Dad
2010/12/24 18:08:25.0848 Windows directory: C:\WINDOWS
2010/12/24 18:08:25.0848 System windows directory: C:\WINDOWS
2010/12/24 18:08:25.0848 Processor architecture: Intel x86
2010/12/24 18:08:25.0848 Number of processors: 2
2010/12/24 18:08:25.0848 Page size: 0x1000
2010/12/24 18:08:25.0848 Boot type: Normal boot
2010/12/24 18:08:25.0848 ================================================================================
2010/12/24 18:08:26.0145 Initialize success
2010/12/24 18:08:34.0473 ================================================================================
2010/12/24 18:08:34.0473 Scan started
2010/12/24 18:08:34.0473 Mode: Manual;
2010/12/24 18:08:34.0473 ================================================================================
2010/12/24 18:08:35.0598 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/24 18:08:35.0661 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/24 18:08:35.0692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/24 18:08:35.0739 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/24 18:08:35.0801 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/24 18:08:35.0864 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/24 18:08:35.0879 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/24 18:08:35.0911 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/24 18:08:35.0942 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/24 18:08:35.0973 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/24 18:08:36.0004 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/24 18:08:36.0036 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/24 18:08:36.0067 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/24 18:08:36.0161 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/12/24 18:08:36.0223 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/24 18:08:36.0254 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/24 18:08:36.0286 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/24 18:08:36.0317 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/24 18:08:36.0333 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/24 18:08:36.0395 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/24 18:08:36.0458 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/24 18:08:36.0504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/24 18:08:36.0551 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/24 18:08:36.0629 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/24 18:08:36.0723 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/24 18:08:36.0801 BHDrvx86 (55b34eb2e36552d93915fb71a5f26310) C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys
2010/12/24 18:08:36.0864 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/24 18:08:36.0895 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/24 18:08:36.0911 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/24 18:08:36.0958 ccHP (c8754a6d7f9ecae6b0f666d44e704942) C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys
2010/12/24 18:08:36.0989 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/24 18:08:37.0020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/24 18:08:37.0036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/24 18:08:37.0067 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/24 18:08:37.0145 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/24 18:08:37.0176 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/24 18:08:37.0208 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/24 18:08:37.0254 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/24 18:08:37.0317 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
2010/12/24 18:08:37.0348 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/24 18:08:37.0364 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/24 18:08:37.0411 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/24 18:08:37.0489 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/24 18:08:37.0708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/24 18:08:37.0739 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/24 18:08:37.0786 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/24 18:08:37.0833 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/24 18:08:37.0864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/24 18:08:37.0926 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/24 18:08:37.0989 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
2010/12/24 18:08:38.0036 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/24 18:08:38.0114 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/24 18:08:38.0176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/24 18:08:38.0208 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/24 18:08:38.0239 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/24 18:08:38.0270 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/24 18:08:38.0301 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/24 18:08:38.0333 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/24 18:08:38.0379 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/24 18:08:38.0395 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/24 18:08:38.0442 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/24 18:08:38.0489 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/24 18:08:38.0536 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/24 18:08:38.0567 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/24 18:08:38.0598 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/24 18:08:38.0645 i8042prt (b28e53cb09509d3046c43530febc239e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/24 18:08:38.0645 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: b28e53cb09509d3046c43530febc239e, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
2010/12/24 18:08:38.0645 i8042prt - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/24 18:08:38.0848 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/24 18:08:39.0098 IDSxpx86 (d69413cadcc05b6b57877b098738f464) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090904.002\IDSxpx86.sys
2010/12/24 18:08:39.0161 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/24 18:08:39.0239 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/24 18:08:39.0473 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/24 18:08:39.0567 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/24 18:08:39.0614 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/24 18:08:39.0661 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/24 18:08:39.0692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/24 18:08:39.0723 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/24 18:08:39.0770 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/24 18:08:39.0801 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/24 18:08:39.0833 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/24 18:08:39.0879 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/24 18:08:39.0926 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/24 18:08:39.0973 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/24 18:08:40.0020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/24 18:08:40.0051 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/24 18:08:40.0145 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/24 18:08:40.0176 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/24 18:08:40.0333 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/12/24 18:08:40.0676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/24 18:08:40.0692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/24 18:08:40.0723 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/24 18:08:40.0786 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/24 18:08:40.0817 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/24 18:08:40.0895 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/24 18:08:40.0973 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/24 18:08:41.0051 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/24 18:08:41.0114 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/24 18:08:41.0145 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/24 18:08:41.0223 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/24 18:08:41.0254 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/24 18:08:41.0286 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/24 18:08:41.0317 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/24 18:08:41.0395 NAVENG (78d629767dbcdbb1ee888f4fda841acd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090907.025\NAVENG.SYS
2010/12/24 18:08:41.0473 NAVEX15 (6176ce576509ee71bac1b61fc8f1f138) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090907.025\NAVEX15.SYS
2010/12/24 18:08:41.0551 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/24 18:08:41.0583 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/24 18:08:41.0614 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/24 18:08:41.0645 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/24 18:08:41.0661 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/24 18:08:41.0692 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/24 18:08:41.0723 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/24 18:08:41.0770 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/24 18:08:41.0833 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/24 18:08:41.0895 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/24 18:08:41.0973 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/24 18:08:42.0004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/24 18:08:42.0020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/24 18:08:42.0067 OA012Afx (aff089842ba83be89e51d7ea0aa09e53) C:\WINDOWS\system32\Drivers\OA012Afx.sys
2010/12/24 18:08:42.0114 OA012Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys
2010/12/24 18:08:42.0176 OA012Vid (71346423b584daa06ea26e0bd2cb67c2) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys
2010/12/24 18:08:42.0192 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/24 18:08:42.0223 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/24 18:08:42.0254 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/24 18:08:42.0286 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/24 18:08:42.0348 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/24 18:08:42.0379 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/24 18:08:42.0536 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/24 18:08:42.0551 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/24 18:08:42.0645 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/24 18:08:42.0661 Suspicious service (Hidden): PRAGMApvnsetixvp
2010/12/24 18:08:42.0708 PRAGMApvnsetixvp (afc6795bb909749f446f57e36f7b33e3) C:\WINDOWS\PRAGMApvnsetixvp\PRAGMAd.sys
2010/12/24 18:08:42.0708 Suspicious file (Hidden): C:\WINDOWS\PRAGMApvnsetixvp\PRAGMAd.sys. md5: afc6795bb909749f446f57e36f7b33e3
2010/12/24 18:08:42.0723 PRAGMApvnsetixvp - detected Rootkit.Win32.TDSS.tdl2 (0)
2010/12/24 18:08:42.0754 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/24 18:08:42.0942 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/24 18:08:42.0973 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/24 18:08:43.0004 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/24 18:08:43.0020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/24 18:08:43.0051 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/24 18:08:43.0083 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/24 18:08:43.0129 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/24 18:08:43.0176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/24 18:08:43.0208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/24 18:08:43.0254 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/24 18:08:43.0301 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/24 18:08:43.0333 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/24 18:08:43.0379 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/24 18:08:43.0426 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/24 18:08:43.0473 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/24 18:08:43.0551 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2010/12/24 18:08:43.0614 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/24 18:08:43.0661 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/24 18:08:43.0708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/24 18:08:43.0770 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/24 18:08:43.0833 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/24 18:08:43.0879 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/24 18:08:43.0958 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/24 18:08:44.0020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/24 18:08:44.0051 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/24 18:08:44.0114 SRTSP (2ec8453564e62320b574622e6cc8fdd0) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS
2010/12/24 18:08:44.0161 SRTSPX (54d3efe2674a1140ae8b7a6bc59c6661) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS
2010/12/24 18:08:44.0192 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/24 18:08:44.0254 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/24 18:08:44.0301 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/24 18:08:44.0348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/24 18:08:44.0395 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/24 18:08:44.0426 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/24 18:08:44.0489 SYMDNS (9e46c40328fa8e0d1b6ab690d90245fb) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS
2010/12/24 18:08:44.0536 SymEFA (832cc9713c869ce00119321fb7df66d7) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS
2010/12/24 18:08:44.0598 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/24 18:08:44.0629 SYMFW (827302b3458e6637d81bae0bf5ace743) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMFW.SYS
2010/12/24 18:08:44.0645 SYMIDS (726ccda5c2a0bc0fcbc0af7a8788cd61) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMIDS.SYS
2010/12/24 18:08:44.0708 SymIM (e9abe92091b108aa5650c18c9fc77356) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/12/24 18:08:44.0739 SymIMMP (e9abe92091b108aa5650c18c9fc77356) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/12/24 18:08:44.0754 SYMNDIS (5fb13374287ad80b86bb9fc480f2c82d) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMNDIS.SYS
2010/12/24 18:08:44.0801 SYMREDRV (13c101e4c3b69aee59a9a3dcdcda9ae3) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS
2010/12/24 18:08:44.0833 SYMTDI (c942a67ffc1238d6d96d9c9a44610340) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMTDI.SYS
2010/12/24 18:08:44.0864 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/24 18:08:44.0879 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/24 18:08:44.0958 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/24 18:08:45.0020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/24 18:08:45.0098 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/24 18:08:45.0145 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/24 18:08:45.0161 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/24 18:08:45.0192 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/24 18:08:45.0239 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/24 18:08:45.0270 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/24 18:08:45.0317 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/24 18:08:45.0364 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/24 18:08:45.0426 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/24 18:08:45.0473 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/24 18:08:45.0504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/24 18:08:45.0551 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/24 18:08:45.0583 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/24 18:08:45.0614 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/24 18:08:45.0645 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/24 18:08:45.0676 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/24 18:08:45.0708 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/24 18:08:45.0754 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/24 18:08:45.0801 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/24 18:08:45.0864 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/24 18:08:45.0926 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/24 18:08:46.0067 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/24 18:08:46.0161 ================================================================================
2010/12/24 18:08:46.0161 Scan finished
2010/12/24 18:08:46.0161 ================================================================================
2010/12/24 18:08:46.0192 Detected object count: 2
2010/12/24 18:09:15.0114 i8042prt (b28e53cb09509d3046c43530febc239e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/24 18:09:15.0114 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: b28e53cb09509d3046c43530febc239e, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
2010/12/24 18:09:15.0911 Backup copy found, using it..
2010/12/24 18:09:15.0926 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured after reboot
2010/12/24 18:09:15.0926 Rootkit.Win32.TDSS.tdl3(i8042prt) - User select action: Cure
2010/12/24 18:09:15.0926 C:\WINDOWS\PRAGMApvnsetixvp\PRAGMAd.sys - will be deleted after reboot
2010/12/24 18:09:15.0926 C:\WINDOWS\PRAGMApvnsetixvp\PRAGMAc.dll - will be deleted after reboot
2010/12/24 18:09:15.0926 pragmaserf - will be deleted after reboot
2010/12/24 18:09:15.0926 pragmabbr - will be deleted after reboot
2010/12/24 18:09:15.0926 C:\WINDOWS\system32\PRAGMAerrors.log - will be deleted after reboot
2010/12/24 18:09:15.0926 HKLM\SYSTEM\ControlSet001\services\PRAGMApvnsetixvp - will be deleted after reboot
2010/12/24 18:09:15.0958 HKLM\SYSTEM\ControlSet003\services\PRAGMApvnsetixvp - will be deleted after reboot
2010/12/24 18:09:15.0989 C:\WINDOWS\PRAGMApvnsetixvp\PRAGMAd.sys - will be deleted after reboot
2010/12/24 18:09:15.0989 Rootkit.Win32.TDSS.tdl2(PRAGMApvnsetixvp) - User select action: Delete
2010/12/24 18:11:58.0161 Deinitialize success


Thanks. And happy holidays.

Specba

Attached Files


The difference between the right word and the almost right word is the difference between the lightning and the lightning bug. - Twain

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:02 PM

Posted 24 December 2010 - 06:54 PM

Well done?

  • You didn't mention if the internet connection was restore after changing those settings. Please give me feedback about it.
  • Please reboot the computer once more and run TDSSKiler once more and post the log.
  • Please download MBRCheck by clicking here and save it to your desktop.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.


#7 Specba

Specba
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:03:02 PM

Posted 24 December 2010 - 07:36 PM

Sorry about forgetting to report on the internet access. It was restored.

Here is the new TDSS log:

2010/12/24 19:25:44.0759 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/24 19:25:44.0759 ================================================================================
2010/12/24 19:25:44.0759 SystemInfo:
2010/12/24 19:25:44.0759
2010/12/24 19:25:44.0759 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/24 19:25:44.0759 Product type: Workstation
2010/12/24 19:25:44.0759 ComputerName: D3NYN5K1
2010/12/24 19:25:44.0759 UserName: Dad
2010/12/24 19:25:44.0759 Windows directory: C:\WINDOWS
2010/12/24 19:25:44.0759 System windows directory: C:\WINDOWS
2010/12/24 19:25:44.0759 Processor architecture: Intel x86
2010/12/24 19:25:44.0759 Number of processors: 2
2010/12/24 19:25:44.0759 Page size: 0x1000
2010/12/24 19:25:44.0759 Boot type: Normal boot
2010/12/24 19:25:44.0759 ================================================================================
2010/12/24 19:25:45.0102 Initialize success
2010/12/24 19:25:49.0337 ================================================================================
2010/12/24 19:25:49.0337 Scan started
2010/12/24 19:25:49.0337 Mode: Manual;
2010/12/24 19:25:49.0337 ================================================================================
2010/12/24 19:25:50.0743 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/24 19:25:50.0774 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/24 19:25:50.0821 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/24 19:25:50.0868 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/24 19:25:50.0930 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/24 19:25:50.0993 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/24 19:25:51.0040 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/24 19:25:51.0087 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/24 19:25:51.0118 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/24 19:25:51.0149 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/24 19:25:51.0212 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/24 19:25:51.0243 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/24 19:25:51.0274 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/24 19:25:51.0368 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/12/24 19:25:51.0430 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/24 19:25:51.0462 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/24 19:25:51.0493 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/24 19:25:51.0524 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/24 19:25:51.0555 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/24 19:25:51.0602 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/24 19:25:51.0665 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/24 19:25:51.0711 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/24 19:25:51.0743 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/24 19:25:51.0852 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/24 19:25:51.0961 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/24 19:25:52.0040 BHDrvx86 (55b34eb2e36552d93915fb71a5f26310) C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys
2010/12/24 19:25:52.0102 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/24 19:25:52.0118 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/24 19:25:52.0149 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/24 19:25:52.0196 ccHP (c8754a6d7f9ecae6b0f666d44e704942) C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys
2010/12/24 19:25:52.0227 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/24 19:25:52.0274 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/24 19:25:52.0290 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/24 19:25:52.0321 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/24 19:25:52.0415 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/24 19:25:52.0446 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/24 19:25:52.0477 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/24 19:25:52.0524 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/24 19:25:52.0586 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
2010/12/24 19:25:52.0618 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/24 19:25:52.0649 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/24 19:25:52.0696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/24 19:25:52.0758 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/24 19:25:52.0805 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/24 19:25:52.0836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/24 19:25:52.0883 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/24 19:25:52.0930 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/24 19:25:52.0961 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/24 19:25:53.0071 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/24 19:25:53.0133 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
2010/12/24 19:25:53.0165 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/24 19:25:53.0211 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/24 19:25:53.0258 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/24 19:25:53.0290 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/24 19:25:53.0305 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/24 19:25:53.0336 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/24 19:25:53.0368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/24 19:25:53.0399 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/24 19:25:53.0446 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/24 19:25:53.0477 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/24 19:25:53.0524 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/24 19:25:53.0555 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/24 19:25:53.0602 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/24 19:25:53.0649 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/24 19:25:53.0680 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/24 19:25:53.0711 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\tsk4C.tmp
2010/12/24 19:25:53.0930 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/24 19:25:54.0227 IDSxpx86 (d69413cadcc05b6b57877b098738f464) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090904.002\IDSxpx86.sys
2010/12/24 19:25:54.0274 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/24 19:25:54.0336 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/24 19:25:54.0524 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/24 19:25:54.0602 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/24 19:25:54.0633 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/24 19:25:54.0665 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/24 19:25:54.0696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/24 19:25:54.0727 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/24 19:25:54.0758 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/24 19:25:54.0790 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/24 19:25:54.0805 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/24 19:25:54.0868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/24 19:25:54.0899 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/24 19:25:54.0930 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/24 19:25:54.0977 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/24 19:25:55.0024 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/24 19:25:55.0118 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/24 19:25:55.0258 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/24 19:25:55.0461 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/12/24 19:25:55.0539 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/24 19:25:55.0555 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/24 19:25:55.0602 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/24 19:25:55.0633 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/24 19:25:55.0664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/24 19:25:55.0743 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/24 19:25:55.0805 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/24 19:25:55.0868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/24 19:25:55.0914 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/24 19:25:55.0946 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/24 19:25:56.0008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/24 19:25:56.0039 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/24 19:25:56.0071 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/24 19:25:56.0118 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/24 19:25:56.0289 NAVENG (78d629767dbcdbb1ee888f4fda841acd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090907.025\NAVENG.SYS
2010/12/24 19:25:56.0508 NAVEX15 (6176ce576509ee71bac1b61fc8f1f138) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090907.025\NAVEX15.SYS
2010/12/24 19:25:56.0602 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/24 19:25:56.0633 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/24 19:25:56.0680 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/24 19:25:56.0727 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/24 19:25:56.0789 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/24 19:25:56.0868 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/24 19:25:56.0899 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/24 19:25:56.0946 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/24 19:25:57.0055 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/24 19:25:57.0133 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/24 19:25:57.0196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/24 19:25:57.0227 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/24 19:25:57.0243 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/24 19:25:57.0305 OA012Afx (aff089842ba83be89e51d7ea0aa09e53) C:\WINDOWS\system32\Drivers\OA012Afx.sys
2010/12/24 19:25:57.0352 OA012Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys
2010/12/24 19:25:57.0399 OA012Vid (71346423b584daa06ea26e0bd2cb67c2) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys
2010/12/24 19:25:57.0430 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/24 19:25:57.0461 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/24 19:25:57.0493 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/24 19:25:57.0524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/24 19:25:57.0586 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/24 19:25:57.0618 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/24 19:25:57.0758 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/24 19:25:57.0774 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/24 19:25:57.0868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/24 19:25:57.0899 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/24 19:25:57.0946 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/24 19:25:57.0961 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/24 19:25:57.0993 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/24 19:25:58.0024 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/24 19:25:58.0055 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/24 19:25:58.0086 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/24 19:25:58.0117 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/24 19:25:58.0149 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/24 19:25:58.0196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/24 19:25:58.0211 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/24 19:25:58.0242 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/24 19:25:58.0289 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/24 19:25:58.0321 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/24 19:25:58.0367 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/24 19:25:58.0414 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/24 19:25:58.0492 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2010/12/24 19:25:58.0539 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/24 19:25:58.0602 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/24 19:25:58.0649 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/24 19:25:58.0711 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/24 19:25:58.0774 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/24 19:25:58.0836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/24 19:25:58.0867 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/24 19:25:58.0914 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/24 19:25:58.0977 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/24 19:25:59.0055 SRTSP (2ec8453564e62320b574622e6cc8fdd0) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS
2010/12/24 19:25:59.0086 SRTSPX (54d3efe2674a1140ae8b7a6bc59c6661) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS
2010/12/24 19:25:59.0133 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/24 19:25:59.0196 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/24 19:25:59.0227 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/24 19:25:59.0274 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/24 19:25:59.0321 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/24 19:25:59.0352 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/24 19:25:59.0399 SYMDNS (9e46c40328fa8e0d1b6ab690d90245fb) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS
2010/12/24 19:25:59.0461 SymEFA (832cc9713c869ce00119321fb7df66d7) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS
2010/12/24 19:25:59.0508 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/24 19:25:59.0539 SYMFW (827302b3458e6637d81bae0bf5ace743) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMFW.SYS
2010/12/24 19:25:59.0571 SYMIDS (726ccda5c2a0bc0fcbc0af7a8788cd61) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMIDS.SYS
2010/12/24 19:25:59.0617 SymIM (e9abe92091b108aa5650c18c9fc77356) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/12/24 19:25:59.0633 SymIMMP (e9abe92091b108aa5650c18c9fc77356) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/12/24 19:25:59.0664 SYMNDIS (5fb13374287ad80b86bb9fc480f2c82d) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMNDIS.SYS
2010/12/24 19:25:59.0711 SYMREDRV (13c101e4c3b69aee59a9a3dcdcda9ae3) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS
2010/12/24 19:25:59.0742 SYMTDI (c942a67ffc1238d6d96d9c9a44610340) C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMTDI.SYS
2010/12/24 19:25:59.0758 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/24 19:25:59.0789 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/24 19:25:59.0852 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/24 19:25:59.0899 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/24 19:25:59.0977 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/24 19:26:00.0039 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/24 19:26:00.0055 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/24 19:26:00.0086 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/24 19:26:00.0133 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/24 19:26:00.0180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/24 19:26:00.0211 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/24 19:26:00.0274 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/24 19:26:00.0336 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/24 19:26:00.0367 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/24 19:26:00.0399 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/24 19:26:00.0430 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/24 19:26:00.0477 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/24 19:26:00.0508 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/24 19:26:00.0539 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/24 19:26:00.0586 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/24 19:26:00.0617 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/24 19:26:00.0664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/24 19:26:00.0711 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/24 19:26:00.0758 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/24 19:26:00.0836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/24 19:26:00.0961 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/24 19:26:01.0086 ================================================================================
2010/12/24 19:26:01.0086 Scan finished
2010/12/24 19:26:01.0086 ================================================================================




Here is the Master Boot Record log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7ABD000 \WINDOWS\system32\KDCOM.DLL
0xF79CD000 \WINDOWS\system32\BOOTVID.dll
0xF74AA000 klmdb.sys
0xF747C000 ACPI.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF746B000 pci.sys
0xF75BD000 isapnp.sys
0xF79D1000 compbatt.sys
0xF79D5000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B85000 pciide.sys
0xF783D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75CD000 MountMgr.sys
0xF744C000 ftdisk.sys
0xF7845000 PartMgr.sys
0xF79D9000 ACPIEC.sys
0xF7B86000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75DD000 VolSnap.sys
0xF7434000 atapi.sys
0xF75ED000 disk.sys
0xF75FD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7414000 fltMgr.sys
0xF7402000 sr.sys
0xF73B3000 SYMEFA.SYS
0xF739C000 KSecDD.sys
0xF730F000 Ntfs.sys
0xF72E2000 NDIS.sys
0xF72C8000 Mup.sys
0xF763D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A8D000 \SystemRoot\system32\DRIVERS\EMSC.SYS
0xF764D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF6C52000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF66BC000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF66A8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6680000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6662000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF78DD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF663E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7A91000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF765D000 \SystemRoot\system32\drivers\tsk4C.tmp
0xF78F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF660C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78FD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7D10000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF766D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A95000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65F5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF767D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF768D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7905000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF65BC000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6D5E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF790D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7915000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6D4E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF791D000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF7AFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6599000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6512000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AA1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6D3E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6D1E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA2C7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2A3000 \SystemRoot\system32\drivers\portcls.sys
0xF6D0E000 \SystemRoot\system32\drivers\drmk.sys
0xAA27B000 \??\C:\WINDOWS\system32\Drivers\OA012Afx.sys
0xF7A79000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B03000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BFE000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B05000 \SystemRoot\System32\Drivers\Beep.SYS
0xF793D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7945000 \SystemRoot\System32\drivers\vga.sys
0xF7B07000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B09000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF794D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7955000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A81000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA94C7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA946E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA943F000 \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMTDI.SYS
0xA9419000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA93F4000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xA93CC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA93AA000 \SystemRoot\System32\drivers\afd.sys
0xF6CEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6CDE000 \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS
0xA937F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA92E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76AD000 \SystemRoot\System32\Drivers\Fips.SYS
0xF76BD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9241000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA9224000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA91C7000 \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys
0xA9186000 \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys
0xF796D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA915B000 \SystemRoot\System32\Drivers\RtsUStor.sys
0xA9118000 \SystemRoot\system32\DRIVERS\OA012Vid.sys
0xA90F7000 \SystemRoot\system32\DRIVERS\OA012Ufd.sys
0xA90D3000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0xA90BB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B0D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA257000 \SystemRoot\System32\drivers\Dxapi.sys
0xF798D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CD2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8F9B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8CFF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8CEA000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8E7B000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8A8B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8971000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8570000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7975000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
820 C:\WINDOWS\system32\smss.exe
944 csrss.exe
968 C:\WINDOWS\system32\winlogon.exe
1012 C:\WINDOWS\system32\services.exe
1024 C:\WINDOWS\system32\lsass.exe
1196 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1388 C:\WINDOWS\system32\svchost.exe
1476 svchost.exe
1684 svchost.exe
1812 C:\WINDOWS\system32\WLTRYSVC.EXE
1824 C:\WINDOWS\system32\BCMWLTRY.EXE
1892 C:\WINDOWS\system32\spoolsv.exe
200 C:\WINDOWS\explorer.exe
476 svchost.exe
576 C:\Program Files\Java\jre6\bin\jqs.exe
612 C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
760 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1212 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1312 C:\WINDOWS\system32\svchost.exe
1356 wdfmgr.exe
1440 C:\WINDOWS\system32\searchindexer.exe
2416 alg.exe
3284 C:\Program Files\Wireless Select Switch\WLSS.exe
3316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3324 C:\Program Files\Java\jre6\bin\jusched.exe
3332 C:\WINDOWS\RTHDCPL.EXE
3344 C:\WINDOWS\system32\igfxpers.exe
3356 C:\WINDOWS\OA012Mon.exe
3364 C:\WINDOWS\system32\igfxtray.exe
3372 C:\WINDOWS\system32\hkcmd.exe
3380 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3408 C:\Program Files\CapsLKNotify\CapsLKNotify.exe
3416 C:\WINDOWS\system32\igfxsrvc.exe
3424 C:\Program Files\Battery Meter\BTMeter.exe
3444 C:\WINDOWS\system32\WLTRAY.EXE
3572 C:\WINDOWS\system32\ctfmon.exe
3608 C:\Program Files\Dell Video Chat\DellVideoChat.exe
3624 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3684 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3016 C:\WINDOWS\system32\wuauclt.exe
2832 C:\Program Files\Java\jre6\bin\jucheck.exe
1948 C:\Documents and Settings\Dad\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!

Specba
The difference between the right word and the almost right word is the difference between the lightning and the lightning bug. - Twain

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:02 PM

Posted 24 December 2010 - 07:48 PM

It is all good news. The rootkit infections are taken care of. :thumbup2:

FYI: it is too late over here and I might go to sleep. In that case I'll look the logs over tomorrow.

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with the tool. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • You will get a warning about the not trusted download sites for ComboFix, click Yes.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#9 Specba

Specba
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:03:02 PM

Posted 24 December 2010 - 08:52 PM

Here is the MalwareBytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5391

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/24/2010 8:15:09 PM
mbam-log-2010-12-24 (20-15-09).txt

Scan type: Quick scan
Objects scanned: 139909
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\pragmapvnsetixvp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Dad\local settings\Temp\pragma891b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.4444651141252852.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.5636836446762108.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapvnsetixvp\pragmabbr.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapvnsetixvp\PRAGMAc.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapvnsetixvp\pragmacfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapvnsetixvp\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapvnsetixvp\pragmaserf.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapvnsetixvp\pragmasrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.


Here is the ComboFix log:

ComboFix 10-12-24.01 - Dad 12/24/2010 20:33:46.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.533 [GMT -5:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dad\Local Settings\Application Data\{4B7C014C-21F0-43F1-B9DE-78E61918BAAC}
c:\documents and settings\Dad\Local Settings\Application Data\{4B7C014C-21F0-43F1-B9DE-78E61918BAAC}\chrome.manifest
c:\documents and settings\Dad\Local Settings\Application Data\{4B7C014C-21F0-43F1-B9DE-78E61918BAAC}\chrome\content\_cfg.js
c:\documents and settings\Dad\Local Settings\Application Data\{4B7C014C-21F0-43F1-B9DE-78E61918BAAC}\chrome\content\overlay.xul
c:\documents and settings\Dad\Local Settings\Application Data\{4B7C014C-21F0-43F1-B9DE-78E61918BAAC}\install.rdf
c:\windows\atagugav.dll
c:\windows\awudafuvelik.dll
c:\windows\esukarad.dll
c:\windows\ibepakuk.dll
c:\windows\isitalajoqibu.dll
c:\windows\system32\Oeminfo.ini
c:\windows\system32\PRAGMAerrors.log
c:\windows\uloqipuz.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-25 to 2010-12-25 )))))))))))))))))))))))))))))))
.

2010-12-24 23:09 . 2010-12-24 23:09 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-12-24 23:09 . 2010-12-24 23:09 52480 ----a-w- c:\windows\system32\drivers\tsk4C.tmp
2010-12-12 21:03 . 2010-12-12 21:03 -------- d-----w- c:\windows\system32\LogFiles
2010-12-12 20:05 . 2010-12-12 20:05 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Mozilla
2010-12-12 19:56 . 2010-12-12 19:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-12 19:25 . 2010-12-12 19:25 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2010-12-12 19:25 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 19:25 . 2010-12-12 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-12 19:25 . 2010-12-25 01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-12 19:25 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2009-01-01 550184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [7/18/2009 9:10 AM 14248]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [7/18/2009 9:19 AM 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [7/18/2009 9:19 AM 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [7/18/2009 9:19 AM 362544]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [7/18/2009 9:19 AM 115560]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [7/18/2009 9:19 AM 143840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/7/2009 6:08 PM 102448]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [7/18/2009 11:49 AM 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [7/18/2009 11:49 AM 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [7/18/2009 11:49 AM 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7/18/2009 11:49 AM 162816]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090904.002\IDSXpx86.sys [9/5/2009 3:07 PM 276344]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/18/2009 11:49 AM 1684736]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\jljsiqzk.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6092
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-NIS - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 20:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\drivers\tsk4C.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-12-24 20:43:29
ComboFix-quarantined-files.txt 2010-12-25 01:43

Pre-Run: 150,388,314,112 bytes free
Post-Run: 151,349,067,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7E655CA2DCF5087F482CBE252067C47B

Specba
The difference between the right word and the almost right word is the difference between the lightning and the lightning bug. - Twain

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:02 PM

Posted 25 December 2010 - 05:25 AM

Well done. :thumbup2:

  • Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please update Java to the latest version (Java 6 Update 23).
    Then check Add/Remove program list, if the old version is not automatically removed please uninstall the following:

    Java™ 6 Update 13
  • I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image

    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Also tell me how is the computer running.


#11 Specba

Specba
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:03:02 PM

Posted 25 December 2010 - 11:48 AM

The computer is running much better. I no longer get notices of unfound files at startup. I did run into two minor problems. I was unable to run Eset from Internet Explorer. The entire screen didn't load. I was able to run it from Firefox.

Eset claimed Norton was installed, though it's not on the add/remove program list. It was out of date anyway. I plan to replace it with Avast! or AVG when we're done. Also the OS needs to be updated.

Anyway, here's the log:

C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\59\72a437bb-438b8727 multiple threats deleted - quarantined
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\62\588b6b3e-529e26d3 a variant of Java/TrojanDownloader.OpenStream.NAS trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\atagugav.dll.vir Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\awudafuvelik.dll.vir Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\esukarad.dll.vir Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\ibepakuk.dll.vir Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\isitalajoqibu.dll.vir Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\uloqipuz.dll.vir Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\i8042prt.sys Win32/Olmarik.ZC trojan cleaned - quarantined


I've attached the log from the program directory.

Specba

Attached Files


The difference between the right word and the almost right word is the difference between the lightning and the lightning bug. - Twain

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:02 PM

Posted 25 December 2010 - 07:46 PM

Eset found a couple of baddies in the Java cache. The rest are the files that are quarantined by ComboFix.

It looks good. it is time to have the system protected by an updated antivirus. It is up to you but I don't recommend AVG. Rather I would recommend Avira
If you decide to install it you have to uninstall Norton. I can see it on the Add/Remove program list of the Attach.txt you have posted. It is listed as Norton Internet Security. Regardless of if you can find the uninstaller and uninstall it or not do the following:

  • To remove the leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • If you choose to install Avira download the installer from softpedia.com link as it has a secure download mirror. Install and update it.
  • Install and update it then let the system be scanned.
  • If you want to install another free antivirus you may do it now.
  • Please tell me if it is done. Then we uninstall and remove the tools.


#13 Specba

Specba
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:03:02 PM

Posted 25 December 2010 - 08:43 PM

It's done. I went with Avira as per your recommendation. It's scan came up clean.

Specba
The difference between the right word and the almost right word is the difference between the lightning and the lightning bug. - Twain

#14 Specba

Specba
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:03:02 PM

Posted 25 December 2010 - 11:50 PM

It's done. I went with Avira as per your recommendation. It's scan came up clean.

Specba
The difference between the right word and the almost right word is the difference between the lightning and the lightning bug. - Twain

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:02 PM

Posted 26 December 2010 - 05:14 AM

It looks good. :thumbup2:

  • It is important to uninstall ComboFix.

    Go to Start => Run => copy and paste next command in the field then hit enter:

    ComboFix /Uninstall

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.
  • You may delete any tool or log we used from your computer.

Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users