Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Symantec Endpoint shutting off after infection clean-up


  • Please log in to reply
8 replies to this topic

#1 bur75

bur75

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 07 February 2011 - 07:30 PM

I had a HP desktop running Windows XP Pro brought to me with a bunch of bugs on it. It was running Symantec Endpoint, but the definitions had fallen woefully out of date. After updating virus definitions, Symantec cleaned up a few things, bloodhound.malpe, adware.hotbar and some tracking cookies. Malwarebytes cleaned up a bunch of garbage (67 infected files), I can post that log if needed. Afterwards the performance was remarkably improved, only issue remaining is Symantec Endpoint continues to shut itself off after a reboot or log off. I think there must be a trojan rootkit hiding somewhere causing this. Assistance is much appreciated.

Edited by Orange Blossom, 07 February 2011 - 11:09 PM.
Move to AII for initial assistance. ~ OB


BC AdBot (Login to Remove)

 


#2 ATGUNWAT

ATGUNWAT

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:18 PM

Posted 08 February 2011 - 03:31 PM

I had a HP desktop running Windows XP Pro brought to me with a bunch of bugs on it. It was running Symantec Endpoint, but the definitions had fallen woefully out of date. After updating virus definitions, Symantec cleaned up a few things, bloodhound.malpe, adware.hotbar and some tracking cookies. Malwarebytes cleaned up a bunch of garbage (67 infected files), I can post that log if needed. Afterwards the performance was remarkably improved, only issue remaining is Symantec Endpoint continues to shut itself off after a reboot or log off. I think there must be a trojan rootkit hiding somewhere causing this. Assistance is much appreciated.



Have you tried to:
1) Uninstall Symantec Endpoint.
2) Reboot Computer
3) Reinstall Symantec Endpoint
4) Reboot Computer
5) Re-evaluate Symantec Endpoint to see if problem is resolved.

Doesn't always fix the problem, but it is always the first thing you should try.
Also, check the event viewer for clues about the cause.

There is a slightly more involved method that does always work, but go ahead and try the easy method first.

ATGUNWAT B)

#3 bur75

bur75
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 08 February 2011 - 07:15 PM

Thanks for the suggestion. I should've mentioned in my original post that I had already attempted to uninstall and reinstall to no avail. How about that more involved method that always works? :)
Thanks.

#4 ATGUNWAT

ATGUNWAT

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:18 PM

Posted 08 February 2011 - 09:23 PM

Thanks for the suggestion. I should've mentioned in my original post that I had already attempted to uninstall and reinstall to no avail. How about that more involved method that always works? :)
Thanks.



First of all let me say, I am not authorized to give any advice here, and have probably overstepped my bounds more than once today.
I don't want to get banned from the forum.
We also aren't sure that you are not still infected.
(and I know I am not authorized to give any specific advice on malware removal)
Until that is ruled out, we should assume that is the problem.


As far as I know, I can tell you about what my experiences have been.

In my experience...
Most application errors should be solved by reinstalling the software, which of course makes sense.
The problem is when you have an issue reinstalling, because then the original problem usually remains.
What is not as well known is that most re-installation problems are caused because of an incomplete uninstall.
What always works for me is to remove every trace of any previous installations, which means tracking down every file and folder that belongs to that application, for every user on the machine, and delete it.
(or move it to another location, if you need to migrate a database, ect...)
Then you have to remove all references of that application from the registry.
I know the registry is a touchy subject so I would have to defer to the methods condoned by the people who run this site.
But what ever the prescribed method of registry cleaning is here, it must be done.

(Notice: ALWAYS backup the registry BEFORE making ANY CHANGES to it.)

I use ERUNT.
Just be sure to save the file to somewhere you can easily get to. (Like C:\ERUNT)

Once you remove all traces of previous installations, it should install and run with no errors.

It has worked for me EVERY TIME.

ATGUNWAT B)

#5 bur75

bur75
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 09 February 2011 - 07:48 PM

ATGUNWAT: I'm worried that I'm still infected, maybe a rootkit hidden somewhere, so even a clean install with no previous installation remnants might not work. I'll probably wait for a moderator to help me make sure I'm clean before proceeding. Thanks for the advice though.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 PM

Posted 09 February 2011 - 08:50 PM

Hello, let's check out the malware issue.. Please run these and post the logs so we know what we have/had on here.
Clean out your Temp files.
TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Now an online scan:
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bur75

bur75
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 10 February 2011 - 05:02 PM

Computer performance is okay, maybe slightly better than before. Symantec still is shut off after every restart however. Malwarebytes and TDSS didn't fund anything, but ESET found 1 infection. Here are the logs:

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5717

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/10/2011 11:51:51 AM
mbam-log-2011-02-10 (11-51-51).txt

Scan type: Quick scan
Objects scanned: 192896
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TDSS:
2011/02/10 11:54:20.0779 3080 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/10 11:54:21.0232 3080 ================================================================================
2011/02/10 11:54:21.0232 3080 SystemInfo:
2011/02/10 11:54:21.0232 3080
2011/02/10 11:54:21.0232 3080 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/10 11:54:21.0232 3080 Product type: Workstation
2011/02/10 11:54:21.0232 3080 ComputerName: COLLEENPC
2011/02/10 11:54:21.0232 3080 UserName: administrator
2011/02/10 11:54:21.0232 3080 Windows directory: C:\WINDOWS
2011/02/10 11:54:21.0232 3080 System windows directory: C:\WINDOWS
2011/02/10 11:54:21.0232 3080 Processor architecture: Intel x86
2011/02/10 11:54:21.0232 3080 Number of processors: 2
2011/02/10 11:54:21.0232 3080 Page size: 0x1000
2011/02/10 11:54:21.0232 3080 Boot type: Normal boot
2011/02/10 11:54:21.0232 3080 ================================================================================
2011/02/10 11:54:21.0545 3080 Initialize success
2011/02/10 11:57:34.0392 1376 ================================================================================
2011/02/10 11:57:34.0392 1376 Scan started
2011/02/10 11:57:34.0392 1376 Mode: Manual;
2011/02/10 11:57:34.0392 1376 ================================================================================
2011/02/10 11:57:35.0140 1376 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/02/10 11:57:35.0187 1376 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/10 11:57:35.0218 1376 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/10 11:57:35.0233 1376 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/10 11:57:35.0249 1376 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2011/02/10 11:57:35.0280 1376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/10 11:57:35.0327 1376 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/10 11:57:35.0373 1376 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/02/10 11:57:35.0405 1376 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/10 11:57:35.0420 1376 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/10 11:57:35.0576 1376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/10 11:57:35.0591 1376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/10 11:57:35.0638 1376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/10 11:57:35.0685 1376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/10 11:57:35.0700 1376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/10 11:57:35.0732 1376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/10 11:57:35.0825 1376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/10 11:57:35.0841 1376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/10 11:57:35.0872 1376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/10 11:57:35.0934 1376 COH_Mon (4ecde31d8cf3c342bef518af954f513b) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/02/10 11:57:36.0028 1376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/10 11:57:36.0090 1376 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/10 11:57:36.0137 1376 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/10 11:57:36.0152 1376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/10 11:57:36.0183 1376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/10 11:57:36.0214 1376 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/10 11:57:36.0261 1376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/10 11:57:36.0277 1376 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/10 11:57:36.0370 1376 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/02/10 11:57:36.0401 1376 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/10 11:57:36.0495 1376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/10 11:57:36.0557 1376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/10 11:57:36.0588 1376 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/10 11:57:36.0604 1376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/10 11:57:36.0635 1376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/10 11:57:36.0666 1376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/10 11:57:36.0682 1376 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/10 11:57:36.0713 1376 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/10 11:57:36.0728 1376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/10 11:57:36.0760 1376 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/10 11:57:36.0791 1376 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/10 11:57:36.0853 1376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/10 11:57:36.0900 1376 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/10 11:57:36.0946 1376 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/02/10 11:57:37.0040 1376 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/02/10 11:57:37.0087 1376 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/02/10 11:57:37.0102 1376 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/02/10 11:57:37.0118 1376 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/02/10 11:57:37.0133 1376 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/02/10 11:57:37.0149 1376 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
2011/02/10 11:57:37.0164 1376 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
2011/02/10 11:57:37.0196 1376 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
2011/02/10 11:57:37.0211 1376 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/02/10 11:57:37.0227 1376 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/02/10 11:57:37.0258 1376 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/02/10 11:57:37.0273 1376 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/02/10 11:57:37.0289 1376 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
2011/02/10 11:57:37.0320 1376 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
2011/02/10 11:57:37.0398 1376 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/02/10 11:57:37.0445 1376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/10 11:57:37.0632 1376 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/10 11:57:37.0787 1376 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/10 11:57:37.0850 1376 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/10 11:57:37.0896 1376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/10 11:57:37.0959 1376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/10 11:57:37.0990 1376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/10 11:57:38.0021 1376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/10 11:57:38.0037 1376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/10 11:57:38.0068 1376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/10 11:57:38.0115 1376 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/10 11:57:38.0146 1376 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/10 11:57:38.0161 1376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/10 11:57:38.0192 1376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/10 11:57:38.0270 1376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/10 11:57:38.0317 1376 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/10 11:57:38.0395 1376 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/10 11:57:38.0426 1376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/10 11:57:38.0457 1376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/10 11:57:38.0488 1376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/10 11:57:38.0535 1376 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/10 11:57:38.0582 1376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/10 11:57:38.0613 1376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/10 11:57:38.0628 1376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/10 11:57:38.0675 1376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/10 11:57:38.0706 1376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/10 11:57:38.0753 1376 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/10 11:57:38.0878 1376 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110210.003\NAVENG.SYS
2011/02/10 11:57:38.0940 1376 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110210.003\NAVEX15.SYS
2011/02/10 11:57:39.0049 1376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/10 11:57:39.0080 1376 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/10 11:57:39.0096 1376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/10 11:57:39.0127 1376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/10 11:57:39.0158 1376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/10 11:57:39.0174 1376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/10 11:57:39.0220 1376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/10 11:57:39.0267 1376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/10 11:57:39.0314 1376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/10 11:57:39.0360 1376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/10 11:57:39.0407 1376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/10 11:57:39.0438 1376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/10 11:57:39.0485 1376 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/02/10 11:57:39.0547 1376 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/10 11:57:39.0579 1376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/10 11:57:39.0610 1376 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/10 11:57:39.0625 1376 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/10 11:57:39.0672 1376 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/10 11:57:39.0719 1376 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/10 11:57:40.0015 1376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/10 11:57:40.0030 1376 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/10 11:57:40.0046 1376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/10 11:57:40.0077 1376 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\WINDOWS\system32\Drivers\PzWDM.sys
2011/02/10 11:57:40.0186 1376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/10 11:57:40.0217 1376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/10 11:57:40.0233 1376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/10 11:57:40.0248 1376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/10 11:57:40.0279 1376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/10 11:57:40.0295 1376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/10 11:57:40.0326 1376 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/10 11:57:40.0357 1376 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/10 11:57:40.0388 1376 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/10 11:57:40.0466 1376 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/10 11:57:40.0560 1376 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/10 11:57:40.0591 1376 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/10 11:57:40.0638 1376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/10 11:57:40.0793 1376 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/02/10 11:57:40.0824 1376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/10 11:57:40.0856 1376 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/10 11:57:40.0887 1376 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/02/10 11:57:40.0918 1376 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/02/10 11:57:40.0949 1376 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/02/10 11:57:40.0965 1376 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/10 11:57:41.0011 1376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/10 11:57:41.0089 1376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/10 11:57:41.0136 1376 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/10 11:57:41.0152 1376 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/10 11:57:41.0183 1376 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/02/10 11:57:41.0198 1376 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2011/02/10 11:57:41.0245 1376 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/02/10 11:57:41.0276 1376 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/02/10 11:57:41.0292 1376 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/10 11:57:41.0307 1376 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/10 11:57:41.0338 1376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/10 11:57:41.0370 1376 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
2011/02/10 11:57:41.0416 1376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/10 11:57:41.0463 1376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/10 11:57:41.0494 1376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/10 11:57:41.0572 1376 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\WINDOWS\system32\DRIVERS\teefer2.sys
2011/02/10 11:57:41.0619 1376 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/10 11:57:41.0697 1376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/10 11:57:41.0759 1376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/10 11:57:41.0790 1376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/10 11:57:41.0821 1376 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/10 11:57:41.0852 1376 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/10 11:57:41.0884 1376 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/10 11:57:41.0899 1376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/10 11:57:41.0930 1376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/10 11:57:41.0961 1376 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/10 11:57:41.0993 1376 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/10 11:57:42.0055 1376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/10 11:57:42.0102 1376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/10 11:57:42.0164 1376 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2011/02/10 11:57:42.0211 1376 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
2011/02/10 11:57:42.0366 1376 ================================================================================
2011/02/10 11:57:42.0366 1376 Scan finished
2011/02/10 11:57:42.0366 1376 ================================================================================
2011/02/10 11:57:59.0327 1536 Deinitialize success

ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b6494df2717eb348ac44f213e439b63e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-10 09:04:32
# local_time=2011-02-10 01:04:32 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60975
# found=1
# cleaned=1
# scan_time=3450
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Thanks for your help.

#8 bur75

bur75
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 16 February 2011 - 07:29 PM

I hadn't heard back on the logs I posted a week ago so I went ahead and reformatted the computer. This thread can be closed.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 PM

Posted 16 February 2011 - 08:26 PM

Sorry bur, I did not get the notifications.. I just spotted this. I have to have Admin to check my mailer.

I do appreciate you posting back. The least I can do is post some tips.
Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users