Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hidden virus in programs.Might have been ZBOT


  • This topic is locked This topic is locked
18 replies to this topic

#1 Sparky951

Sparky951

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 01 February 2011 - 04:11 AM

Attached File  Attach.txt   15.19KB   0 downloadsI have been told i have had a virus that has been cleared by my AV prog ,but has left "bits" in some MS programs and this will require a clean rebuild of my whole XP system. The sum of £150.00 was the asking price.Does this sound right to you and is the price about right ?I still have my origanal MS. disk
sparky951
YOUR Answer.

Unless this a file infector type of infection you shouldn't need to reinstall the operating system. If you have any questions as to whether your computer is clean or not, I would suggest that you follow the instructions in This Guide starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it HERE Please include a description of your computer issues and what you have done to try to resolve them.

Like Broni, I too would like to know who told you this. Unless there is something we don't know, it sounds like this person is trying to make some fast money.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Mike & Ann at 8:36:08.87 on 01/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.351 [GMT 0:00]

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
H:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
H:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
H:\Program Files\Common Files\Iconix\IconixService.exe
H:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
H:\WINDOWS\System32\svchost.exe -k imgsvc
H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
H:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
H:\Program Files\IEHistoryPH\IEHistoryShellNotifier.exe
H:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
H:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
H:\Garmin\gStart.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
H:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
H:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
H:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
H:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
H:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
H:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
H:\Program Files\Outlook Express\msimn.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Documents and Settings\Mike & Ann\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com
uSearch Page =
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - h:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - h:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - h:\program files\iconix\ieaddon\IconixBHO_45.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: {930E4DE1-973D-42D6-BF6E-6788E06BD003} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - h:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - h:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
EB: Copernic Desktop Search: {92a40b0a-740a-4a11-9ddb-70460c6da383} - h:\program files\copernic desktop search\CopernicDesktopSearchIntegration.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {6F480F82-C3A6-4D35-96F7-B297AD49FBE8} - No File
uRun: [H/PC Connection Agent] "h:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [gStart] h:\garmin\gStart.exe
uRun: [EPSON Stylus Photo RX560 Series] h:\windows\system32\spool\drivers\w32x86\3\e_fatibpe.exe /fu "h:\windows\temp\E_S1B7.tmp" /EF "HKCU"
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen Pro] "h:\program files\gadwin systems\printscreenpro\PrintScreenPro.exe" /nosplash
mRun: [DNS7reminder] "h:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "h:\documents and settings\all users\application data\nuance\naturallyspeaking9\Ereg.ini
mRun: [NIS] "h:\program files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis\2454b0ab\18.1.0.37\InstStub.exe" /RELAUNCH /RUNONCE /PRODID NIS
mRun: [zBrowser Launcher] h:\program files\logitech\itouch\iTouch.exe
mRun: [RoxioEngineUtility] "h:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [Nokia Tray Application] h:\program files\common files\nokia\ncltools\NclTray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IEHistory] h:\program files\iehistoryph\IEHistoryShellNotifier.exe
mRun: [IconixOEAddOn] "h:\program files\iconix\oeaddon\OEdmn_6.exe"
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
dRun: [Symantec Network Driver Update Warning] h:\progra~1\symantec\liveup~1\SNDWarn.EXE
dRun: [DWQueuedReporting] "h:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [SRUUninstall] "h:\windows\system32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
StartupFolder: h:\docume~1\mike&a~1\startm~1\programs\startup\dragon~1.lnk - h:\program files\nuance\naturallyspeaking9\program\natspeak.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - h:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - h:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &ieSpell Options - h:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - h:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://h:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://h:\program files\iespell\wikipedia.HTM
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://h:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://h:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - h:\program files\norton systemworks premier\norton cleanup\WCQuick.lnk
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - h:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\program files\microsoft activesync\inetrepl.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - h:\program files\iconix\ieaddon\IconixBHO_45.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - h:\program files\iconix\ieaddon\IconixBHO_45.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - h:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: computeractive.co.uk\www
Trusted Zone: microsoft.com\office
Trusted Zone: vodafone.co.uk\help
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - h:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/021fd641b101f9e5cb15/netzip/RdxIE601.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121590775109
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxp://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - h:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - h:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - h:\progra~1\copern~1\COPERN~2.DLL
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - h:\program files\microsoft activesync\aatp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - h:\progra~1\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - h:\program files\microsoft activesync\cenetflt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - h:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;h:\windows\system32\drivers\nis\1205000.07d\SymDS.sys [2011-1-9 340016]
R0 SymEFA;Symantec Extended File Attributes;h:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys [2011-1-9 652336]
R1 ATMhelpr;ATMhelpr;h:\windows\system32\drivers\ATMHELPR.SYS [2004-5-25 4064]
R1 BHDrvx86;BHDrvx86;h:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-19 691248]
R1 SymIRON;Symantec Iron Driver;h:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys [2011-1-9 136312]
R2 aawservice;Ad-Aware 2007 Service;h:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 BCMNTIO;BCMNTIO;h:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-1-20 3744]
R2 IconixService;Iconix Update Service;h:\program files\common files\iconix\IconixService.exe [2009-12-20 283992]
R2 LBeepKE;LBeepKE;h:\windows\system32\drivers\LBeepKE.sys [2007-2-14 3712]
R2 MAPMEM;MAPMEM;h:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-1-20 3904]
R2 NIS;Norton Internet Security;h:\program files\norton internet security\engine\18.5.0.125\ccSvcHst.exe [2011-1-9 130000]
R2 Symantec Core LC;Symantec Core LC;h:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-1-20 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;h:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-9 102448]
R3 IDSxpx86;IDSxpx86;h:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110128.003\IDSXpx86.sys [2011-1-29 341944]
R3 NAVENG;NAVENG;h:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110131.035\NAVENG.SYS [2011-2-1 86008]
R3 NAVEX15;NAVEX15;h:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110131.035\NAVEX15.SYS [2011-2-1 1360760]
S3 MatSvc;Microsoft Automated Troubleshooting Service;h:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 usb2vcom;USB Data Cable;h:\windows\system32\drivers\usb2vcom.sys [2006-8-7 28704]
S4 gupdate1c9a488bb33a000;Google Update Service (gupdate1c9a488bb33a000);h:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]

=============== Created Last 30 ================

2011-01-30 15:34:14 -------- d-----w- H:\e mail backup2011
2011-01-30 10:09:59 -------- d-----w- h:\docume~1\mike&a~1\applic~1\ieSpell
2011-01-29 17:02:55 -------- d-----w- h:\program files\ieSpell
2011-01-23 17:31:51 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2011-01-23 17:31:46 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2011-01-16 09:52:10 -------- d-----w- h:\windows\LMI7.tmp
2011-01-15 18:56:31 -------- d-----w- h:\windows\LMI3.tmp
2011-01-15 18:39:30 -------- d-----w- h:\windows\LMI6.tmp
2011-01-15 17:47:00 -------- d-----w- h:\windows\LMI5.tmp
2011-01-15 16:53:30 -------- d-----w- h:\windows\LMI3E.tmp
2011-01-09 10:20:42 -------- d-----w- h:\docume~1\mike&a~1\locals~1\applic~1\NPE
2011-01-09 10:04:47 44024 ----a-r- h:\windows\system32\drivers\SymIM.sys
2011-01-09 09:56:04 652336 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys
2011-01-09 09:56:04 509560 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-01-09 09:56:04 50168 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-01-09 09:56:04 368248 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\symtdi.sys
2011-01-09 09:56:04 340016 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\SymDS.sys
2011-01-09 09:56:04 330360 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-01-09 09:56:04 295032 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-01-09 09:56:04 136312 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys
2011-01-09 09:55:39 -------- d-----w- h:\windows\system32\drivers\nis\1205000.07D
2011-01-03 16:31:24 60032 -c--a-w- h:\windows\system32\dllcache\usbaudio.sys
2011-01-03 16:31:24 60032 ----a-w- h:\windows\system32\drivers\USBAUDIO.sys
2011-01-03 16:31:08 20992 ----a-w- h:\windows\system32\dshowext.ax

==================== Find3M ====================

2011-01-09 09:57:42 60808 ----a-w- h:\windows\system32\S32EVNT1.DLL
2010-11-18 18:12:44 81920 ----a-w- h:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- h:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- h:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- h:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- h:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- h:\windows\system32\html.iec

============= FINISH: 8:37:56.82 ===============

Hi forgot to say computer would not download GMER Log
And this all started when I could not renew NORTON The disk just sat on "Configering"
NORTON could not take controll of PC to help me
Sparky951

EDIT: Posts merged ~BP

Edited by Budapest, 01 February 2011 - 04:02 PM.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 05 February 2011 - 07:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 Sparky951

Sparky951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 05 February 2011 - 11:35 AM

The GMER.log prog ran this time
This started when I could not update me Norton AV this year,it just on "Configering". Norton could not help me as my PC would not let them take control of it.and would not start in "safe Mode"
Some time back i think i had a virus called ZBot that norton cleared for me.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Mike & Ann at 15:23:02.59 on 05/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.409 [GMT 0:00]

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
H:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
H:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
H:\Program Files\Common Files\Iconix\IconixService.exe
H:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
H:\WINDOWS\System32\svchost.exe -k imgsvc
H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
H:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
H:\Program Files\IEHistoryPH\IEHistoryShellNotifier.exe
H:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
H:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
H:\Garmin\gStart.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
H:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
H:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
H:\Program Files\Outlook Express\msimn.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
H:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
H:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
H:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Documents and Settings\Mike & Ann\Local Settings\Temporary Internet Files\Content.IE5\R3PS0UIM\dds[1].scr
H:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com
uSearch Page =
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - h:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - h:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - h:\program files\iconix\ieaddon\IconixBHO_45.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: {930E4DE1-973D-42D6-BF6E-6788E06BD003} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - h:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - h:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
EB: Copernic Desktop Search: {92a40b0a-740a-4a11-9ddb-70460c6da383} - h:\program files\copernic desktop search\CopernicDesktopSearchIntegration.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {6F480F82-C3A6-4D35-96F7-B297AD49FBE8} - No File
uRun: [H/PC Connection Agent] "h:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [gStart] h:\garmin\gStart.exe
uRun: [EPSON Stylus Photo RX560 Series] h:\windows\system32\spool\drivers\w32x86\3\e_fatibpe.exe /fu "h:\windows\temp\E_S1B7.tmp" /EF "HKCU"
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen Pro] "h:\program files\gadwin systems\printscreenpro\PrintScreenPro.exe" /nosplash
mRun: [DNS7reminder] "h:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "h:\documents and settings\all users\application data\nuance\naturallyspeaking9\Ereg.ini
mRun: [NIS] "h:\program files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis\2454b0ab\18.1.0.37\InstStub.exe" /RELAUNCH /RUNONCE /PRODID NIS
mRun: [zBrowser Launcher] h:\program files\logitech\itouch\iTouch.exe
mRun: [RoxioEngineUtility] "h:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [Nokia Tray Application] h:\program files\common files\nokia\ncltools\NclTray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IEHistory] h:\program files\iehistoryph\IEHistoryShellNotifier.exe
mRun: [IconixOEAddOn] "h:\program files\iconix\oeaddon\OEdmn_6.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
dRun: [Symantec Network Driver Update Warning] h:\progra~1\symantec\liveup~1\SNDWarn.EXE
dRun: [DWQueuedReporting] "h:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [SRUUninstall] "h:\windows\system32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
StartupFolder: h:\docume~1\mike&a~1\startm~1\programs\startup\dragon~1.lnk - h:\program files\nuance\naturallyspeaking9\program\natspeak.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - h:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - h:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &ieSpell Options - h:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - h:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://h:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://h:\program files\iespell\wikipedia.HTM
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://h:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://h:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - h:\program files\norton systemworks premier\norton cleanup\WCQuick.lnk
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - h:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\program files\microsoft activesync\inetrepl.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - h:\program files\iconix\ieaddon\IconixBHO_45.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - h:\program files\iconix\ieaddon\IconixBHO_45.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - h:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: computeractive.co.uk\www
Trusted Zone: microsoft.com\office
Trusted Zone: vodafone.co.uk\help
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - h:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/021fd641b101f9e5cb15/netzip/RdxIE601.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121590775109
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxp://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - h:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - h:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - h:\progra~1\copern~1\COPERN~2.DLL
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - h:\program files\microsoft activesync\aatp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - h:\progra~1\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - h:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - h:\program files\microsoft activesync\cenetflt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - h:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;h:\windows\system32\drivers\nis\1205000.07d\SymDS.sys [2011-1-9 340016]
R0 SymEFA;Symantec Extended File Attributes;h:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys [2011-1-9 652336]
R1 ATMhelpr;ATMhelpr;h:\windows\system32\drivers\ATMHELPR.SYS [2004-5-25 4064]
R1 BHDrvx86;BHDrvx86;h:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-19 691248]
R1 SymIRON;Symantec Iron Driver;h:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys [2011-1-9 136312]
R2 aawservice;Ad-Aware 2007 Service;h:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 BCMNTIO;BCMNTIO;h:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-1-20 3744]
R2 IconixService;Iconix Update Service;h:\program files\common files\iconix\IconixService.exe [2009-12-20 283992]
R2 LBeepKE;LBeepKE;h:\windows\system32\drivers\LBeepKE.sys [2007-2-14 3712]
R2 MAPMEM;MAPMEM;h:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-1-20 3904]
R2 NIS;Norton Internet Security;h:\program files\norton internet security\engine\18.5.0.125\ccSvcHst.exe [2011-1-9 130000]
R2 Symantec Core LC;Symantec Core LC;h:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-1-20 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;h:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-9 102448]
R3 IDSxpx86;IDSxpx86;h:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110204.001\IDSXpx86.sys [2011-2-5 341944]
R3 NAVENG;NAVENG;h:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110204.039\NAVENG.SYS [2011-2-5 86008]
R3 NAVEX15;NAVEX15;h:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110204.039\NAVEX15.SYS [2011-2-5 1360760]
S3 MatSvc;Microsoft Automated Troubleshooting Service;h:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 usb2vcom;USB Data Cable;h:\windows\system32\drivers\usb2vcom.sys [2006-8-7 28704]
S4 gupdate1c9a488bb33a000;Google Update Service (gupdate1c9a488bb33a000);h:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]

=============== Created Last 30 ================

2011-01-30 15:34:14 -------- d-----w- H:\e mail backup2011
2011-01-30 10:09:59 -------- d-----w- h:\docume~1\mike&a~1\applic~1\ieSpell
2011-01-29 17:02:55 -------- d-----w- h:\program files\ieSpell
2011-01-23 17:31:51 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2011-01-23 17:31:46 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2011-01-16 09:52:10 -------- d-----w- h:\windows\LMI7.tmp
2011-01-15 18:56:31 -------- d-----w- h:\windows\LMI3.tmp
2011-01-15 18:39:30 -------- d-----w- h:\windows\LMI6.tmp
2011-01-15 17:47:00 -------- d-----w- h:\windows\LMI5.tmp
2011-01-15 16:53:30 -------- d-----w- h:\windows\LMI3E.tmp
2011-01-09 10:20:42 -------- d-----w- h:\docume~1\mike&a~1\locals~1\applic~1\NPE
2011-01-09 10:04:47 44024 ----a-r- h:\windows\system32\drivers\SymIM.sys
2011-01-09 09:56:04 652336 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys
2011-01-09 09:56:04 509560 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-01-09 09:56:04 50168 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-01-09 09:56:04 368248 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\symtdi.sys
2011-01-09 09:56:04 340016 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\SymDS.sys
2011-01-09 09:56:04 330360 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-01-09 09:56:04 295032 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-01-09 09:56:04 136312 ----a-r- h:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys
2011-01-09 09:55:39 -------- d-----w- h:\windows\system32\drivers\nis\1205000.07D

==================== Find3M ====================

2011-01-09 09:57:42 60808 ----a-w- h:\windows\system32\S32EVNT1.DLL
2010-11-18 18:12:44 81920 ----a-w- h:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- h:\windows\system32\odbc32.dll

============= FINISH: 15:25:03.68 ===============

Attached Files



#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:16 PM

Posted 06 February 2011 - 01:43 PM

Hello Sparky951,

I have merged your latest topic to your previously existing topic on the same issue. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of the topic. Starting new topics confuses things for everyone and delays the assistance you receive.

Back to you rigacci,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:16 PM

Posted 07 February 2011 - 06:45 PM

Hi

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Sparky951

Sparky951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 February 2011 - 03:14 AM

2011/02/08 07:57:46.0093 2912 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/08 07:57:48.0125 2912

================================================================================
2011/02/08 07:57:48.0140 2912 SystemInfo:
2011/02/08 07:57:48.0140 2912
2011/02/08 07:57:48.0140 2912 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/08 07:57:48.0140 2912 Product type: Workstation
2011/02/08 07:57:48.0140 2912 ComputerName: FAMILY
2011/02/08 07:57:48.0140 2912 UserName: Mike & Ann
2011/02/08 07:57:48.0140 2912 Windows directory: H:\WINDOWS
2011/02/08 07:57:48.0140 2912 System windows directory: H:\WINDOWS
2011/02/08 07:57:48.0140 2912 Processor architecture: Intel x86
2011/02/08 07:57:48.0140 2912 Number of processors: 1
2011/02/08 07:57:48.0140 2912 Page size: 0x1000
2011/02/08 07:57:48.0140 2912 Boot type: Normal boot
2011/02/08 07:57:48.0140 2912

================================================================================
2011/02/08 07:57:50.0203 2912 Initialize success
2011/02/08 07:57:58.0218 2280

================================================================================
2011/02/08 07:57:58.0218 2280 Scan started
2011/02/08 07:57:58.0218 2280 Mode: Manual;
2011/02/08 07:57:58.0218 2280

================================================================================
2011/02/08 07:58:02.0328 2280 ACPI (8fd99680a539792a30e97944fdaecf17)

H:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/08 07:58:02.0734 2280 ACPIEC (9859c0f6936e723e4892d7141b1327d5)

H:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/08 07:58:03.0375 2280 aec (8bed39e3c35d6a489438b8141717a557)

H:\WINDOWS\system32\drivers\aec.sys
2011/02/08 07:58:03.0843 2280 AFD (7e775010ef291da96ad17ca4b17137d7)

H:\WINDOWS\System32\drivers\afd.sys
2011/02/08 07:58:05.0062 2280 alcan5wn (235ced68762538aae388cca5cdc0441a)

H:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2011/02/08 07:58:05.0578 2280 alcaudsl (d6652432d103b4228ffad7a754a374b5)

H:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2011/02/08 07:58:06.0421 2280 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1)

H:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/02/08 07:58:07.0968 2280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc)

H:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/08 07:58:08.0312 2280 atapi (9f3a2f5aa6875c72bf062c712cfa2674)

H:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/08 07:58:08.0937 2280 Atmarpc (9916c1225104ba14794209cfa8012159)

H:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/08 07:58:09.0265 2280 ATMhelpr (3ef1db7f168851914517d4ed36b57c04)

H:\WINDOWS\system32\drivers\ATMhelpr.sys
2011/02/08 07:58:09.0796 2280 audstub (d9f724aa26c010a217c97606b160ed68)

H:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/08 07:58:10.0140 2280 BANTExt (5d7be7b19e827125e016325334e58ff1)

H:\WINDOWS\System32\Drivers\BANTExt.sys
2011/02/08 07:58:10.0296 2280 BCMNTIO (90a87d49205b3893281203a477f66fe5)

H:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
2011/02/08 07:58:10.0625 2280 Beep (da1f27d85e0d1525f6621372e7b685e9)

H:\WINDOWS\system32\drivers\Beep.sys
2011/02/08 07:58:11.0125 2280 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) H:\Documents

and Settings\All Users\Application

Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114

.001\BHDrvx86.sys
2011/02/08 07:58:11.0781 2280 BlueletAudio (1d866faf96d7369a1817ab208c04cf55)

H:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2011/02/08 07:58:12.0140 2280 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b)

H:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
2011/02/08 07:58:12.0562 2280 BT (c5cce2b26f73f8cf7f3c82159e79aa08)

H:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/02/08 07:58:13.0000 2280 btaudio (ecdc40cc54603c711e1a7a1c9255184a)

H:\WINDOWS\system32\drivers\btaudio.sys
2011/02/08 07:58:13.0562 2280 Btcsrusb (d5d025b5f704817b42d13a3e443f7893)

H:\WINDOWS\system32\Drivers\btcusb.sys
2011/02/08 07:58:13.0906 2280 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8)

H:\WINDOWS\system32\DRIVERS\btport.sys
2011/02/08 07:58:14.0250 2280 BTHidEnum (ce643d0918123d76a5caab008fca9663)

H:\WINDOWS\system32\Drivers\vbtenum.sys
2011/02/08 07:58:14.0578 2280 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48)

H:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/02/08 07:58:15.0109 2280 BTKRNL (885b6d0f826a216eee4c3ad883809012)

H:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/02/08 07:58:15.0515 2280 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) H:\Program

Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2011/02/08 07:58:15.0937 2280 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf)

H:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/02/08 07:58:16.0328 2280 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e)

H:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/02/08 07:58:16.0687 2280 BTWUSB (57e91e9925976bbc98984eebaaf1d84c)

H:\WINDOWS\system32\Drivers\btwusb.sys
2011/02/08 07:58:17.0015 2280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9)

H:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/08 07:58:17.0375 2280 CCDECODE (0be5aef125be881c4f854c554f2b025c)

H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/08 07:58:17.0953 2280 Cdaudio (c1b486a7658353d33a10cc15211a873b)

H:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/08 07:58:18.0281 2280 Cdfs (c885b02847f5d2fd45a24e219ed93b32)

H:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/08 07:58:18.0656 2280 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274)

H:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/02/08 07:58:18.0968 2280 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc)

H:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/02/08 07:58:19.0296 2280 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc)

H:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/08 07:58:19.0718 2280 cdudf_xp (453ee75b9164fee7bce6a0168abe9d43)

H:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/02/08 07:58:20.0921 2280 cmuda (be8cb37c2094a72057c794afb753cce8)

H:\WINDOWS\system32\drivers\cmuda.sys
2011/02/08 07:58:22.0328 2280 Disk (044452051f3e02e7963599fc8f4f3e25)

H:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/08 07:58:22.0859 2280 dmboot (d992fe1274bde0f84ad826acae022a41)

H:\WINDOWS\system32\drivers\dmboot.sys
2011/02/08 07:58:23.0406 2280 dmio (7c824cf7bbde77d95c08005717a95f6f)

H:\WINDOWS\system32\drivers\dmio.sys
2011/02/08 07:58:23.0750 2280 dmload (e9317282a63ca4d188c0df5e09c6ac5f)

H:\WINDOWS\system32\drivers\dmload.sys
2011/02/08 07:58:24.0078 2280 DMusic (8a208dfcf89792a484e76c40e5f50b45)

H:\WINDOWS\system32\drivers\DMusic.sys
2011/02/08 07:58:24.0734 2280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8)

H:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/08 07:58:25.0078 2280 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2)

H:\WINDOWS\system32\drivers\drvmcdb.sys
2011/02/08 07:58:25.0406 2280 dvd_2K (dd031ff015b22b4d1560510df0f21fe6)

H:\WINDOWS\system32\drivers\dvd_2K.sys
2011/02/08 07:58:25.0718 2280 eeCtrl (089296aedb9b72b4916ac959752bdc89) H:\Program

Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/02/08 07:58:26.0125 2280 EraserUtilRebootDrv (850259334652d392e33ee3412562e583)

H:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/08 07:58:26.0546 2280 Fastfat (38d332a6d56af32635675f132548343e)

H:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/08 07:58:26.0921 2280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81)

H:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/08 07:58:27.0328 2280 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03)

H:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/02/08 07:58:27.0671 2280 FETNDIS (e9648254056bce81a85380c0c3647dc4)

H:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/02/08 07:58:28.0000 2280 FETNDISB (a583bc166495b07f704533754ce29cbd)

H:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/02/08 07:58:28.0421 2280 Fips (d45926117eb9fa946a6af572fbe1caa3)

H:\WINDOWS\system32\drivers\Fips.sys
2011/02/08 07:58:28.0796 2280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0)

H:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/08 07:58:29.0234 2280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0)

H:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/08 07:58:29.0562 2280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)

H:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/08 07:58:29.0906 2280 Ftdisk (6ac26732762483366c3969c9e4d2259d)

H:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/08 07:58:30.0328 2280 gameenum (065639773d8b03f33577f6cdaea21063)

H:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/08 07:58:30.0703 2280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e)

H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/08 07:58:31.0062 2280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2)

H:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/08 07:58:31.0531 2280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1)

H:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/08 07:58:32.0156 2280 HTTP (f80a415ef82cd06ffaf0d971528ead38)

H:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/08 07:58:33.0125 2280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30)

H:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/08 07:58:33.0578 2280 IDSxpx86 (0308238c582a55d83d34feee39542793) H:\Documents

and Settings\All Users\Application

Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110207.

001\IDSxpx86.sys
2011/02/08 07:58:33.0906 2280 Imapi (083a052659f5310dd8b6a6cb05edcf8e)

H:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/08 07:58:34.0828 2280 ip6fw (3bb22519a194418d5fec05d800a19ad0)

H:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/08 07:58:35.0171 2280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182)

H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/08 07:58:35.0578 2280 IpInIp (b87ab476dcf76e72010632b5550955f5)

H:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/08 07:58:35.0921 2280 IpNat (cc748ea12c6effde940ee98098bf96bb)

H:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/08 07:58:36.0296 2280 IPSec (23c74d75e36e7158768dd63d92789a91)

H:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/08 07:58:36.0718 2280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89)

H:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/08 07:58:37.0078 2280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7)

H:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/08 07:58:37.0468 2280 itchfltr (8f1ba487b35f0c8f637e05113aa815f8)

H:\WINDOWS\system32\DRIVERS\itchfltr.sys
2011/02/08 07:58:37.0812 2280 Kbdclass (463c1ec80cd17420a542b7f36a36f128)

H:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/08 07:58:38.0140 2280 kbdhid (9ef487a186dea361aa06913a75b3fa99)

H:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/08 07:58:38.0625 2280 kmixer (692bcf44383d056aed41b045a323d378)

H:\WINDOWS\system32\drivers\kmixer.sys
2011/02/08 07:58:39.0000 2280 KSecDD (b467646c54cc746128904e1654c750c1)

H:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/08 07:58:39.0343 2280 L8042mou (f0f944e4da9a75dee6a37d4afc7e1bbc)

H:\WINDOWS\system32\Drivers\L8042mou.sys
2011/02/08 07:58:39.0828 2280 LBeepKE (ac3b39817bfde9735f5654468dbf7d49)

H:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/02/08 07:58:40.0421 2280 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457)

H:\WINDOWS\system32\drivers\lccfltr.sys
2011/02/08 07:58:40.0859 2280 LHidFilt (24e0ddb99aeccf86bb37702611761459)

H:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/02/08 07:58:41.0203 2280 LHidKe (dd40c03d85649205ec086722474c8a63)

H:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/02/08 07:58:41.0671 2280 LMouFilt (d58b330d318361a66a9fe60d7c9b4951)

H:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/02/08 07:58:42.0015 2280 LMouKE (2ebd4c02d259944869630a912ec86bce)

H:\WINDOWS\system32\Drivers\LMouKE.sys
2011/02/08 07:58:42.0171 2280 MAPMEM (61330a29bd4230505a7618bc41693cbb)

H:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
2011/02/08 07:58:42.0515 2280 mmc_2K (58955da604fa306f84e90f830f5c11b2)

H:\WINDOWS\system32\drivers\mmc_2K.sys
2011/02/08 07:58:42.0968 2280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6)

H:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/08 07:58:43.0312 2280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1)

H:\WINDOWS\system32\drivers\Modem.sys
2011/02/08 07:58:43.0750 2280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04)

H:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/08 07:58:44.0062 2280 mouhid (b1c303e17fb9d46e87a98e4ba6769685)

H:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/08 07:58:44.0390 2280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd)

H:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/08 07:58:45.0546 2280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd)

H:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/08 07:58:47.0437 2280 MRxSmb (f3aefb11abc521122b67095044169e98)

H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/08 07:58:48.0093 2280 Msfs (c941ea2454ba8350021d774daf0f1027)

H:\WINDOWS\system32\drivers\Msfs.sys
2011/02/08 07:58:48.0437 2280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1)

H:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/08 07:58:48.0890 2280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e)

H:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/08 07:58:49.0234 2280 MSPQM (bad59648ba099da4a17680b39730cb3d)

H:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/08 07:58:49.0562 2280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136)

H:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/08 07:58:49.0984 2280 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d)

H:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/08 07:58:50.0296 2280 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0)

H:\WINDOWS\system32\drivers\msmpu401.sys
2011/02/08 07:58:50.0640 2280 Mup (2f625d11385b1a94360bfc70aaefdee1)

H:\WINDOWS\system32\drivers\Mup.sys
2011/02/08 07:58:51.0109 2280 NABTSFEC (5b50f1b2a2ed47d560577b221da734db)

H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/08 07:58:51.0375 2280 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) H:\Documents

and Settings\All Users\Application

Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\2011020

7.036\NAVENG.SYS
2011/02/08 07:58:51.0953 2280 NAVEX15 (94b3164055d821a62944d9fe84036470) H:\Documents

and Settings\All Users\Application

Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\2011020

7.036\NAVEX15.SYS
2011/02/08 07:58:52.0359 2280 NDIS (1df7f42665c94b825322fae71721130d)

H:\WINDOWS\system32\drivers\NDIS.sys
2011/02/08 07:58:52.0718 2280 NdisIP (7ff1f1fd8609c149aa432f95a8163d97)

H:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/08 07:58:53.0062 2280 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f)

H:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/08 07:58:53.0390 2280 Ndisuio (f927a4434c5028758a842943ef1a3849)

H:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/08 07:58:53.0718 2280 NdisWan (edc1531a49c80614b2cfda43ca8659ab)

H:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/08 07:58:54.0062 2280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b)

H:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/08 07:58:54.0375 2280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0)

H:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/08 07:58:54.0718 2280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d)

H:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/08 07:58:55.0187 2280 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a)

H:\WINDOWS\system32\drivers\ccdcmb.sys
2011/02/08 07:58:55.0531 2280 nmwcdc (3859c69a77793180548802dac9f34a38)

H:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/02/08 07:58:55.0890 2280 Npfs (3182d64ae053d6fb034f44b6def8034a)

H:\WINDOWS\system32\drivers\Npfs.sys
2011/02/08 07:58:56.0421 2280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca)

H:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/08 07:58:56.0906 2280 Null (73c1e1f395918bc2c6dd67af7591a3ad)

H:\WINDOWS\system32\drivers\Null.sys
2011/02/08 07:58:58.0046 2280 nv (10458bfc0968e7e69d77f292942b27b1)

H:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/08 07:58:59.0296 2280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57)

H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/08 07:58:59.0593 2280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/08 07:59:00.0000 2280 Parport (5575faf8f97ce5e713d108c2a58d7c7c)

H:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/08 07:59:00.0328 2280 PartMgr (beb3ba25197665d82ec7065b724171c6)

H:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/08 07:59:00.0640 2280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1)

H:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/08 07:59:00.0968 2280 pccsmcfd (fd2041e9ba03db7764b2248f02475079)

H:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/02/08 07:59:01.0312 2280 PCI (a219903ccf74233761d92bef471a07b1)

H:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/08 07:59:02.0234 2280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1)

H:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/08 07:59:04.0296 2280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99)

H:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/08 07:59:04.0625 2280 Processor (a32bebaf723557681bfc6bd93e98bd26)

H:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/08 07:59:04.0968 2280 PSched (09298ec810b07e5d582cb3a3f9255424)

H:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/08 07:59:05.0281 2280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd)

H:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/08 07:59:05.0843 2280 pwd_2k (a57885ecdee5719a776a4202737fe347)

H:\WINDOWS\system32\drivers\pwd_2k.sys
2011/02/08 07:59:06.0218 2280 PxHelp20 (d86b4a68565e444d76457f14172c875a)

H:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/02/08 07:59:06.0546 2280 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6)

H:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/02/08 07:59:08.0234 2280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c)

H:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/08 07:59:08.0578 2280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6)

H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/08 07:59:08.0921 2280 RasPppoe (5bc962f2654137c9909c3d4603587dee)

H:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/08 07:59:09.0234 2280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242)

H:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/08 07:59:09.0609 2280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a)

H:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/08 07:59:09.0984 2280 RDPCDD (4912d5b403614ce99c28420f75353332)

H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/08 07:59:10.0359 2280 RDPWD (6728e45b66f93c08f11de2e316fc70dd)

H:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/08 07:59:10.0734 2280 redbook (f828dd7e1419b6653894a8f97a0094c5)

H:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/08 07:59:11.0078 2280 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7)

H:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/08 07:59:11.0484 2280 RxFilter (927db495428d4e96e4060e662df51978)

H:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/02/08 07:59:11.0875 2280 Secdrv (90a3935d05b494a5a39d37e71f09a677)

H:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/08 07:59:12.0218 2280 serenum (0f29512ccd6bead730039fb4bd2c85ce)

H:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/08 07:59:12.0562 2280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7)

H:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/08 07:59:12.0937 2280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562)

H:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/08 07:59:13.0546 2280 SLIP (866d538ebe33709a5c9f5c62b73b7d14)

H:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/08 07:59:14.0140 2280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f)

H:\WINDOWS\system32\drivers\splitter.sys
2011/02/08 07:59:14.0484 2280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d)

H:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/08 07:59:15.0000 2280 SRTSP (a7a104a61c4e30de9c58f8c372a5c209)

H:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/02/08 07:59:15.0484 2280 SRTSPX (2833445f786bd000bb14c84a9d91347a)

H:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/02/08 07:59:15.0906 2280 Srv (0f6aefad3641a657e18081f52d0c15af)

H:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/08 07:59:16.0343 2280 ss_bus (bd15182e9d2d3fabc1d1313badbd2415)

H:\WINDOWS\system32\DRIVERS\ss_bus.sys
2011/02/08 07:59:16.0671 2280 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11)

H:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2011/02/08 07:59:17.0031 2280 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13)

H:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2011/02/08 07:59:17.0406 2280 StarOpen (306521935042fc0a6988d528643619b3)

H:\WINDOWS\system32\drivers\StarOpen.sys
2011/02/08 07:59:17.0734 2280 StillCam (a9573045baa16eab9b1085205b82f1ed)

H:\WINDOWS\system32\DRIVERS\serscan.sys
2011/02/08 07:59:18.0078 2280 Stltrk2k (31a9fea9ffafce0f2d1d712cfd6af568)

H:\WINDOWS\system32\drivers\Stltrk2k.sys
2011/02/08 07:59:18.0390 2280 streamip (77813007ba6265c4b6098187e6ed79d2)

H:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/08 07:59:18.0734 2280 swenum (3941d127aef12e93addf6fe6ee027e0f)

H:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/08 07:59:19.0062 2280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01)

H:\WINDOWS\system32\drivers\swmidi.sys
2011/02/08 07:59:20.0359 2280 SymDS (bdf077b897b5f9f929b6bf0cfd436962)

H:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/02/08 07:59:20.0953 2280 SymEFA (7732298ad2eddd364c1d4f439d99ae7c)

H:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/02/08 07:59:21.0468 2280 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782)

H:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/02/08 07:59:22.0343 2280 SymIM (b571a32ca2752f13b69f1da01ae03cbe)

H:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/02/08 07:59:22.0406 2280 SymIMMP (b571a32ca2752f13b69f1da01ae03cbe)

H:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/02/08 07:59:22.0812 2280 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f)

H:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/02/08 07:59:23.0156 2280 symlcbrd (b226f8a4d780acdf76145b58bb791d5b)

H:\WINDOWS\system32\drivers\symlcbrd.sys
2011/02/08 07:59:24.0187 2280 SYMTDI (8c07683bf02b63ad71bcb2cf28af2d06)

H:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMTDI.SYS
2011/02/08 07:59:25.0140 2280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290)

H:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/08 07:59:25.0593 2280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d)

H:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/08 07:59:26.0031 2280 TDPIPE (6471a66807f5e104e4885f5b67349397)

H:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/08 07:59:26.0359 2280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61)

H:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/08 07:59:26.0687 2280 TermDD (88155247177638048422893737429d9e)

H:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/08 07:59:27.0375 2280 UdfReadr_xp (ab1bb4e728d26552996662fc3a25a994)

H:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/02/08 07:59:27.0750 2280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9)

H:\WINDOWS\system32\drivers\Udfs.sys
2011/02/08 07:59:28.0640 2280 Update (402ddc88356b1bac0ee3dd1580c76a31)

H:\WINDOWS\system32\DRIVERS\update.sys
2011/02/08 07:59:29.0171 2280 upperdev (0ccadc7391021376edbb8aa649d04e68)

H:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/02/08 07:59:29.0546 2280 usb2vcom (4af8fb8ee49239fc53de832f006052ce)

H:\WINDOWS\system32\DRIVERS\usb2vcom.sys
2011/02/08 07:59:29.0968 2280 usbaudio (e919708db44ed8543a7c017953148330)

H:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/08 07:59:30.0296 2280 usbccgp (173f317ce0db8e21322e71b7e60a27e8)

H:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/08 07:59:30.0640 2280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7)

H:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/08 07:59:30.0968 2280 usbhub (1ab3cdde553b6e064d2e754efe20285c)

H:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/08 07:59:31.0281 2280 usbprint (a717c8721046828520c9edf31288fc00)

H:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/08 07:59:31.0609 2280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4)

H:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/08 07:59:31.0953 2280 usbser (1c888b000c2f9492f4b15b5b6b84873e)

H:\WINDOWS\system32\DRIVERS\usbser.sys
2011/02/08 07:59:32.0234 2280 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a)

H:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/02/08 07:59:32.0546 2280 usbstor (a32426d9b14a089eaa1d922e0c5801a9)

H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/08 07:59:32.0875 2280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)

H:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/08 07:59:33.0234 2280 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0)

H:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/08 07:59:33.0578 2280 VComm (51750b0539986186c6931fc40d171521)

H:\WINDOWS\system32\DRIVERS\VComm.sys
2011/02/08 07:59:33.0953 2280 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9)

H:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/02/08 07:59:34.0281 2280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1)

H:\WINDOWS\System32\drivers\vga.sys
2011/02/08 07:59:34.0593 2280 viaagp1 (4b039bbd037b01f5db5a144c837f283a)

H:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/02/08 07:59:34.0937 2280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e)

H:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/08 07:59:35.0265 2280 VolSnap (4c8fcb5cc53aab716d810740fe59d025)

H:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/08 07:59:35.0609 2280 vulfnths (16409c468ceee99b6b129fcaa5c0f206)

H:\WINDOWS\System32\Drivers\vulfnth.sys
2011/02/08 07:59:35.0921 2280 vulfntrs (9fcad546c6285d5073fb926709203049)

H:\WINDOWS\System32\Drivers\vulfntr.sys
2011/02/08 07:59:36.0281 2280 Wanarp (e20b95baedb550f32dd489265c1da1f6)

H:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/08 07:59:36.0578 2280 WBHWDOCT (a3d2c471e16837683927f3a1c4ffc93a)

H:\WINDOWS\system32\drivers\WBHWDOCT.sys
2011/02/08 07:59:36.0937 2280 wceusbsh (dc7f91b2ed24a738c807ea07f298928c)

H:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/08 07:59:37.0406 2280 Wdf01000 (d918617b46457b9ac28027722e30f647)

H:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/08 07:59:38.0171 2280 wdmaud (6768acf64b18196494413695f0c3a00f)

H:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/08 07:59:38.0515 2280 Winflash (57089be7381c2278f1a0e9333b659f84)

H:\WINDOWS\system32\drivers\Winflash.sys
2011/02/08 07:59:39.0046 2280 WpdUsb (cf4def1bf66f06964dc0d91844239104)

H:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/08 07:59:39.0406 2280 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8)

H:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/08 07:59:39.0781 2280 WSTCODEC (c98b39829c2bbd34e454150633c62c78)

H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/08 07:59:40.0109 2280 WudfPf (6ff66513d372d479ef1810223c8d20ce)

H:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/08 07:59:40.0484 2280 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6)

H:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/08 07:59:40.0812 2280

================================================================================
2011/02/08 07:59:40.0812 2280 Scan finished
2011/02/08 07:59:40.0812 2280

================================================================================
As Requested

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:16 PM

Posted 08 February 2011 - 05:05 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Sparky951

Sparky951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 February 2011 - 12:49 PM

ComboFix 11-02-07.05 - Mike & Ann 08/02/2011 17:27:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.483 [GMT 0:00]
Running from: h:\documents and settings\Mike & Ann\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\documents and settings\Mike & Ann\Application Data\Atyn
h:\documents and settings\Mike & Ann\Application Data\Atyn\ufveo.sye
h:\documents and settings\Mike & Ann\Application Data\Ywmu
h:\documents and settings\Mike & Ann\Application Data\Ywmu\vyix.kai
h:\program files\Internet Explorer\SET98.tmp
h:\program files\Internet Explorer\SETD5.tmp
h:\windows\Downloaded Program Files\RdxIE.dll
h:\windows\system32\_000003_.tmp.dll
h:\windows\system32\_000004_.tmp.dll
h:\windows\system32\_000005_.tmp.dll
h:\windows\system32\_000008_.tmp.dll
h:\windows\system32\_000009_.tmp.dll
h:\windows\system32\AutoRun.inf
h:\windows\system32\winsusrm.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-01-30 15:34 . 2011-01-30 16:18 -------- d-----w- H:\e mail backup2011
2011-01-30 10:09 . 2011-01-30 10:09 -------- d-----w- h:\documents and settings\Mike & Ann\Application Data\ieSpell
2011-01-29 17:02 . 2011-01-29 17:02 -------- d-----w- h:\program files\ieSpell
2011-01-23 17:31 . 2010-12-20 18:09 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2011-01-23 17:31 . 2010-12-20 18:08 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2011-01-16 09:52 . 2011-01-16 09:54 -------- d-----w- h:\windows\LMI7.tmp
2011-01-15 18:56 . 2011-01-15 18:57 -------- d-----w- h:\windows\LMI3.tmp
2011-01-15 18:39 . 2011-01-15 18:39 -------- d-----w- h:\windows\LMI6.tmp
2011-01-15 17:47 . 2011-01-15 17:47 -------- d-----w- h:\windows\LMI5.tmp
2011-01-15 16:53 . 2011-01-15 16:53 -------- d-----w- h:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-01-15 16:53 . 2011-01-15 16:54 -------- d-----w- h:\windows\LMI3E.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 09:57 . 2008-01-20 18:13 60808 ----a-w- h:\windows\system32\S32EVNT1.DLL
2011-01-09 09:57 . 2008-01-20 18:13 126512 ----a-w- h:\windows\system32\drivers\SYMEVENT.SYS
2010-12-01 05:24 . 2011-01-09 09:56 368248 ----a-r- h:\windows\system32\drivers\NIS\1205000.07D\symtdi.sys
2010-12-01 05:24 . 2011-01-09 09:56 295032 ----a-r- h:\windows\system32\drivers\NIS\1205000.07D\symnets.sys
2010-12-01 05:23 . 2011-01-09 09:56 330360 ----a-r- h:\windows\system32\drivers\NIS\1205000.07D\symtdiv.sys
2010-11-23 04:59 . 2011-01-09 10:04 44024 ----a-r- h:\windows\system32\drivers\SymIM.sys
2010-11-23 04:08 . 2011-01-09 09:56 509560 ----a-r- h:\windows\system32\drivers\NIS\1205000.07D\srtsp.sys
2010-11-23 04:08 . 2011-01-09 09:56 50168 ----a-r- h:\windows\system32\drivers\NIS\1205000.07D\srtspx.sys
2010-11-18 18:12 . 2004-02-05 19:51 81920 ----a-w- h:\windows\system32\isign32.dll
2010-11-18 02:59 . 2011-01-09 09:56 652336 ----a-r- h:\windows\system32\drivers\NIS\1205000.07D\SymEFA.sys
2010-11-16 01:45 . 2011-01-09 09:56 136312 ----a-r- h:\windows\system32\drivers\NIS\1205000.07D\Ironx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="h:\garmin\gStart.exe" [2007-03-04 1891416]
"Gadwin PrintScreen Pro"="h:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2010-10-14 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="h:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528]
"zBrowser Launcher"="h:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"RoxioEngineUtility"="h:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2004-05-31 65536]
"Nokia Tray Application"="h:\program files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-01-03 425984]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"IEHistory"="h:\program files\IEHistoryPH\IEHistoryShellNotifier.exe" [2006-12-13 138752]
"IconixOEAddOn"="h:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-03-09 342872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="h:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="h:\windows\System32\msiexec.exe" [2008-04-14 78848]

h:\documents and settings\Mike & Ann\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - h:\program files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2007-2-12 2516584]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - h:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Kodak EasyShare software.lnk - h:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "h:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=h:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=h:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=h:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=h:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^Mike & Ann^Start Menu^Programs^Startup^SkyTicker.lnk]
path=h:\documents and settings\Mike & Ann\Start Menu\Programs\Startup\SkyTicker.lnk
backup=h:\windows\pss\SkyTicker.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 19:17 207424 ----a-w- h:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]
2004-10-12 21:41 4172784 ----a-w- h:\program files\Copernic Desktop Search\CopernicDesktopSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro]
2010-10-14 08:03 507904 ----a-w- h:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 16:20 86016 ----a-w- h:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 16:46 14944136 ----a-r- h:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- h:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9a488bb33a000"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RoxioAudioCentral"="h:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"h:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"h:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=
"h:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"h:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"h:\\Program Files\\Skype\\Phone\\Skype.exe"=
"h:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"h:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

R0 SymDS;Symantec Data Store;h:\windows\system32\drivers\NIS\1205000.07D\SymDS.sys [09/01/2011 09:56 340016]
R0 SymEFA;Symantec Extended File Attributes;h:\windows\system32\drivers\NIS\1205000.07D\SymEFA.sys [09/01/2011 09:56 652336]
R1 ATMhelpr;ATMhelpr;h:\windows\system32\drivers\ATMHELPR.SYS [25/05/2004 18:38 4064]
R1 BHDrvx86;BHDrvx86;h:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [19/01/2011 09:28 691248]
R1 SymIRON;Symantec Iron Driver;h:\windows\system32\drivers\NIS\1205000.07D\Ironx86.sys [09/01/2011 09:56 136312]
R2 BCMNTIO;BCMNTIO;h:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [20/01/2006 18:11 3744]
R2 IconixService;Iconix Update Service;h:\program files\Common Files\Iconix\IconixService.exe [20/12/2009 14:38 283992]
R2 LBeepKE;LBeepKE;h:\windows\system32\drivers\LBeepKE.sys [14/02/2007 16:59 3712]
R2 MAPMEM;MAPMEM;h:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [20/01/2006 18:11 3904]
R2 NIS;Norton Internet Security;h:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [09/01/2011 09:55 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;h:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/12/2010 17:25 102448]
R3 IDSxpx86;IDSxpx86;h:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110207.001\IDSXpx86.sys [08/02/2011 07:56 341944]
S3 MatSvc;Microsoft Automated Troubleshooting Service;h:\program files\Microsoft Fix it Center\Matsvc.exe [10/04/2010 16:05 266544]
S3 usb2vcom;USB Data Cable;h:\windows\system32\drivers\usb2vcom.sys [07/08/2006 17:52 28704]
S4 gupdate1c9a488bb33a000;Google Update Service (gupdate1c9a488bb33a000);h:\program files\Google\Update\GoogleUpdate.exe [14/03/2009 09:39 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-10-09 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-12-03 h:\windows\Tasks\Backup Task «My Backup 1».job
- h:\program files\Freecom Backup Software\FCBS.exe [2009-07-26 17:38]

2010-02-02 h:\windows\Tasks\Backup Task «My Backup 2».job
- h:\program files\Freecom Backup Software\FCBS.exe [2009-07-26 17:38]

2010-07-07 h:\windows\Tasks\Backup Task «My Backup 3».job
- h:\program files\Freecom Backup Software\FCBS.exe [2009-07-26 17:38]

2010-10-16 h:\windows\Tasks\Backup Task «My Backup 4».job
- h:\program files\Freecom Backup Software\FCBS.exe [2009-07-26 17:38]

2011-01-28 h:\windows\Tasks\Backup Task «My Backup 5».job
- h:\program files\Freecom Backup Software\FCBS.exe [2009-07-26 17:38]

2010-01-01 h:\windows\Tasks\Backup Task «My Backup».job
- h:\program files\Freecom Backup Software\FCBS.exe [2009-07-26 17:38]

2010-08-28 h:\windows\Tasks\ConfigExec.job
- h:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]

2010-01-09 h:\windows\Tasks\GlaryInitialize.job
- h:\program files\Glary Utilities\initialize.exe [2008-04-11 12:22]

2011-01-28 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-14 07:58]

2010-10-17 h:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6df5565af1a.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 09:39]

2010-01-09 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 09:39]

2009-09-20 h:\windows\Tasks\RoxioBackup second try06-05-06.job
- h:\program files\Roxio\Easy Media Creator 8\Backup\RxBackupRemind.exe [2005-11-22 00:18]

2010-10-21 h:\windows\Tasks\User_Feed_Synchronization-{605E049C-2E28-42C7-ADDC-14EA3BDBB7E0}.job
- h:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ieSpell Options - h:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - h:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://h:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://h:\program files\ieSpell\wikipedia.HTM
Trusted Zone: computeractive.co.uk\www
Trusted Zone: microsoft.com\office
Trusted Zone: vodafone.co.uk\help
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - h:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-NIS - h:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\18.1.0.37\InstStub.exe
HKU-Default-Run-Symantec Network Driver Update Warning - h:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-SpeedTouch USB Diagnostics - h:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 17:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"h:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"h:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="h:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@h:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@h:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="h:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="h:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@h:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@h:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="h:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\Event]
@DACL=(02 0000)
"Logon"="LBTWLgn_LOGON"
"StartShell"="LBTWLgn_STARTSHELL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
h:\program files\common files\logitech\bluetooth\LBTWlgn.dll
h:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2011-02-08 17:45:45
ComboFix-quarantined-files.txt 2011-02-08 17:45

Pre-Run: 82,016,444,416 bytes free
Post-Run: 82,329,751,552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - E359708866F0527321A0500A120AE0E4

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:16 PM

Posted 08 February 2011 - 07:09 PM

Hi

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Sparky951

Sparky951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 10 February 2011 - 03:45 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5728

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/02/2011 08:36:16
mbam-log-2011-02-10 (08-36-16).txt

Scan type: Quick scan
Objects scanned: 155402
Time elapsed: 23 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Sparky951

Sparky951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 10 February 2011 - 03:47 AM

H:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{F60388E8-AAAA-4DBF-BF26-FC6F3F4F0705}\Registry Reviver.msi a variant of Win32/SlowPCfighter application

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:16 PM

Posted 10 February 2011 - 04:58 AM

Hi

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 23 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 23 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u23 with JavaFX 1 License Agreement". Click on Continue. The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Sparky951

Sparky951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 10 February 2011 - 02:52 PM

Hi Catbyte, I must be having a really thick day, re: `your Java is out of date` line one which includes Java runtime, after clicking on the high lighted section, I cannot find what I am supposed to be downloading to desktop. After all the good work you have put in,I do not wish to spoil it by doing this incorrectly,please could you elaborate a little, many thanks for your help.
Sparky951.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:16 PM

Posted 10 February 2011 - 03:43 PM

Hi

sorry I wasn't clear,

when you click on the link and the Java download page opens, underneath the Java picture on the left, you will see "JRE" underlined, it is a clickable link.

Click on "JRE"

select your platform for the download (windows)

Accept the agreement "I agree to the Java SE Runtime Environment 6u23 with JavaFX License Agreement."

Hit the "continue" button > click on the Offline Installation jre-6u23-windows-i586.exe > save it to your computer, then install.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Sparky951

Sparky951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 11 February 2011 - 05:42 AM

Hi catbyte This might be an important update, while testing the PC as directed by yourself,I tried to install Norton, which was one of the original problems ,it still will not load. I found the CPU usage was up to 99 percent and this was being caused by something called DUMPREP.EXE, what should I do about this
Thanks sparky951




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users