Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please??? Not sure what type of virus etc; I may have


  • This topic is locked This topic is locked
23 replies to this topic

#1 MrGrinch75

MrGrinch75

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 22 June 2011 - 03:18 AM

Hello I am new to your site as a member but have in the past visited for tips and tricks. Not sure exactly how to word everything so please forgive me in advance. I currently have a Compaq Presario SR1330NX Desktop PC that a buudy of mine gave to me a few years back. Looks like I am running microsoft XP home with service pack 3 build 2600; physical memory is 512 MB and virtual memory is 2 GB. For sure I understand that the memory is extremly low but it has gave me no problems with the speed as all I use it for mainly is surfing the web.
Here is a break down with what is going on...I have Norton Internet Security running up to date which has found no viruses nor issues but something is seriously going wrong with my PC.Sometimes some programs get disabled and some are deleted for no apparent reason. Recently I started looking around my PC and found that there is a administrator which should be myself and there is also a compaq_owner. Also I came across some more fishy things like there were a few different administrators active on my PC. occasionally, when I have tried removing programs, a pop up would say I need to be signed in as a administrator...which I know or thought I was. A few days ago I ran across one of your blogs that a member posted and read the entire blog and sounds like something I am going thru. Here is the post I am talking about http://www.bleepingcomputer.com/forums/topic308538.html I hope that I am allowed to post this because this PC is giving me a headache. Is there anything you can help me with???

BC AdBot (Login to Remove)

 


#2 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 25 June 2011 - 10:09 PM

So I've been looking around my pc and there is for sure something going on. A few days ago my printer was uninstalled and I tried re-installing it 3 times and finally got it to load right. Other problems I have noticed is when I tried opening windows defender it said I did not have admin rights to it. From there I rebooted to see how many profiles are on my pc. On start up it shows administrator and my other account so then I opened up and searched the C drive but when I explored all users in C drive; documents and settings, it shows that I have 3 different administrators and 3 other users. Thank you for any help you may have.

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:55 AM

Posted 25 June 2011 - 10:16 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:55 AM

Posted 25 June 2011 - 10:19 PM

Hello,We need to post in that forum. As in that other topic you will need custom help. DO NOT run CombFix.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 26 June 2011 - 06:15 PM

thank you for your response, I will get to work on this and get back to you.

#6 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 26 June 2011 - 06:21 PM

sorry for not understanding everything...do you want me to go directly to the preperation page and ignore all the first posts? Thank you

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:55 AM

Posted 26 June 2011 - 07:01 PM

I see crypto and I were posting at the same time.. Personally I think we are going to wind up needing the DDS log. But as that will tale a couple days for a reply you can run the tools he suggested and see how it goes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 26 June 2011 - 09:15 PM

Hello, Here is the Malware results...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6956

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/26/2011 6:53:35 PM
mbam-log-2011-06-26 (18-53-35).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 274932
Time elapsed: 46 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\bszip.dll (Worm.P2P) -> Quarantined and deleted successfully.

#9 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 28 June 2011 - 10:15 AM

Hi there, here is the Super AntiSpyware results


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/26/2011 at 10:37 PM

Application Version : 4.54.1000

Core Rules Database Version : 7329
Trace Rules Database Version: 5141

Scan type : Complete Scan
Total Scan Time : 02:51:43

Memory items scanned : 237
Memory threats detected : 0
Registry items scanned : 7738
Registry threats detected : 0
File items scanned : 79426
File threats detected : 34

Adware.Tracking Cookie
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
cdn4.specificclick.net [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
core.insightexpressai.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
edge.vru4.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
files.adbrite.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
games.mochimedia.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
i.adultswim.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
ia.media-imdb.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
interclick.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
macromedia.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
media.ebaumsworld.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
media.mtvnservices.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
media.scanscout.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
media1.break.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
media1.clubpenguin.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
media1.thegamehomepage.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
naiadsystems.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
objects.tremormedia.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
oddcast.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
pornotube.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
tonictracker.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
udn.specificclick.net [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
vidego.multicastmedia.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
www.soundclick.com [ C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7DP682XX ]
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.wsod[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.wsod[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@collective-media[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@collective-media[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@liveperson[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@liveperson[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[1].txt

#10 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 28 June 2011 - 12:06 PM

By the way, when I was running SuperAntiSpyware in safemode, not sure why but the screensaver kept coming on after 10 minutes. I did check the settings and it was set for 10 minutes so I changed it to none but it kept going into screensaver mode..as info

#11 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 28 June 2011 - 12:09 PM

Here is the Super AntiSpyware results...Thank You




GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-28 10:00:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b ST3200822A rev.3.02
Running: piczrjuf.exe; Driver: C:\WINDOWS\TEMP\pxldipog.sys


---- System - GMER 1.0.15 ----

SSDT 851106E8 ZwAlertResumeThread
SSDT 85110100 ZwAlertThread
SSDT 8510DBC0 ZwAllocateVirtualMemory
SSDT 85115B70 ZwAssignProcessToJobObject
SSDT 84FB0508 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF4C35710]
SSDT 85110E90 ZwCreateMutant
SSDT 851163F0 ZwCreateSymbolicLinkObject
SSDT 84FDE850 ZwCreateThread
SSDT 85115480 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF4C35990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF4C35EF0]
SSDT 8510D920 ZwDuplicateObject
SSDT 8510EAC0 ZwFreeVirtualMemory
SSDT 85110F60 ZwImpersonateAnonymousToken
SSDT 85110A08 ZwImpersonateThread
SSDT 84FDA248 ZwLoadDriver
SSDT 85102BF0 ZwMapViewOfSection
SSDT 851112D8 ZwOpenEvent
SSDT 8510D248 ZwOpenProcess
SSDT 8510D5B0 ZwOpenProcessToken
SSDT 85114B28 ZwOpenSection
SSDT 8510D630 ZwOpenThread
SSDT 85115E40 ZwProtectVirtualMemory
SSDT 851101C0 ZwResumeThread
SSDT 8510F8F8 ZwSetContextThread
SSDT 8510F9B8 ZwSetInformationProcess
SSDT 85115540 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF4C36140]
SSDT 85111E28 ZwSuspendProcess
SSDT 8510FF90 ZwSuspendThread
SSDT 8510BEF8 ZwTerminateProcess
SSDT 8510FCC8 ZwTerminateThread
SSDT 8510E1B0 ZwUnmapViewOfSection
SSDT 8510E230 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 7C 804E26E8 8 Bytes CALL 80D337F3
.text ntoskrnl.exe!_abnormal_termination + 198 804E2804 4 Bytes [C0, EA, 10, 85]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1668] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C909 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
.text C:\WINDOWS\system32\SearchIndexer.exe[1968] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#12 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 28 June 2011 - 12:18 PM

My last post was wrong as I titled it Super AntiSpyware results, my apologies. In fact, these are the GMER results. Thank you for your help and time with me. Should I stand by and see whats next or follow thru with what Moderator boopme posted? Thank You

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:55 AM

Posted 28 June 2011 - 12:19 PM

Looks like it may be a tidserv infection.. If this doesn't bring us back to normal we'll have to move.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.7.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:55 AM

Posted 28 June 2011 - 12:27 PM

I see that ...no problem
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 MrGrinch75

MrGrinch75
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 28 June 2011 - 12:35 PM

Results from TDSSKiller..


2011/06/28 10:30:03.0109 3076 TDSS rootkit removing tool 2.5.7.0 Jun 28 2011 13:21:55
2011/06/28 10:30:04.0890 3076 ================================================================================
2011/06/28 10:30:04.0890 3076 SystemInfo:
2011/06/28 10:30:04.0890 3076
2011/06/28 10:30:04.0890 3076 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/28 10:30:04.0890 3076 Product type: Workstation
2011/06/28 10:30:04.0890 3076 ComputerName: TDUNKS
2011/06/28 10:30:04.0890 3076 UserName: Compaq_Owner
2011/06/28 10:30:04.0890 3076 Windows directory: C:\WINDOWS
2011/06/28 10:30:04.0890 3076 System windows directory: C:\WINDOWS
2011/06/28 10:30:04.0890 3076 Processor architecture: Intel x86
2011/06/28 10:30:04.0890 3076 Number of processors: 1
2011/06/28 10:30:04.0890 3076 Page size: 0x1000
2011/06/28 10:30:04.0890 3076 Boot type: Normal boot
2011/06/28 10:30:04.0890 3076 ================================================================================
2011/06/28 10:30:07.0937 3076 Initialize success
2011/06/28 10:30:39.0609 1796 ================================================================================
2011/06/28 10:30:39.0609 1796 Scan started
2011/06/28 10:30:39.0609 1796 Mode: Manual;
2011/06/28 10:30:39.0609 1796 ================================================================================
2011/06/28 10:30:40.0562 1796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/28 10:30:40.0687 1796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/28 10:30:40.0859 1796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/28 10:30:40.0953 1796 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/28 10:30:41.0109 1796 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/28 10:30:41.0375 1796 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/06/28 10:30:41.0546 1796 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/28 10:30:41.0765 1796 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/06/28 10:30:41.0921 1796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/28 10:30:42.0187 1796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/28 10:30:42.0265 1796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/28 10:30:42.0468 1796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/28 10:30:42.0562 1796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/28 10:30:42.0718 1796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/28 10:30:42.0921 1796 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys
2011/06/28 10:30:43.0187 1796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/28 10:30:43.0265 1796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/28 10:30:43.0375 1796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/28 10:30:43.0468 1796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/28 10:30:43.0531 1796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/28 10:30:43.0765 1796 CO_Mon (6be1d6403727bdd8a2b2568dbe6bfb8b) C:\WINDOWS\system32\Drivers\CO_Mon.sys
2011/06/28 10:30:44.0000 1796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/28 10:30:44.0093 1796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/28 10:30:44.0140 1796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/28 10:30:44.0234 1796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/28 10:30:44.0312 1796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/28 10:30:44.0468 1796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/28 10:30:44.0687 1796 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/28 10:30:44.0796 1796 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/28 10:30:45.0171 1796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/28 10:30:45.0265 1796 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/06/28 10:30:45.0359 1796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/28 10:30:45.0468 1796 FET5X86V (ef88fbdbb2c2ab084dcae4388921c898) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/06/28 10:30:45.0515 1796 FETND5BV (ef88fbdbb2c2ab084dcae4388921c898) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/06/28 10:30:45.0578 1796 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/06/28 10:30:45.0671 1796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/28 10:30:45.0750 1796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/28 10:30:45.0828 1796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/28 10:30:45.0937 1796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/28 10:30:46.0000 1796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/28 10:30:46.0156 1796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/28 10:30:46.0375 1796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/28 10:30:46.0578 1796 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/28 10:30:46.0671 1796 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/28 10:30:46.0750 1796 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/28 10:30:46.0921 1796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/28 10:30:47.0125 1796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/28 10:30:47.0218 1796 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/28 10:30:47.0500 1796 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110625.050\IDSxpx86.sys
2011/06/28 10:30:47.0718 1796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/28 10:30:47.0921 1796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/28 10:30:47.0968 1796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/28 10:30:48.0031 1796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/28 10:30:48.0125 1796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/28 10:30:48.0187 1796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/28 10:30:48.0281 1796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/28 10:30:48.0343 1796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/28 10:30:48.0437 1796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/28 10:30:48.0593 1796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/28 10:30:48.0656 1796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/28 10:30:48.0890 1796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/28 10:30:48.0968 1796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/28 10:30:49.0062 1796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/28 10:30:49.0250 1796 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/28 10:30:49.0375 1796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/28 10:30:49.0468 1796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/28 10:30:49.0546 1796 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/28 10:30:49.0656 1796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/28 10:30:49.0734 1796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/28 10:30:49.0796 1796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/28 10:30:49.0906 1796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/28 10:30:50.0015 1796 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/28 10:30:50.0203 1796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/28 10:30:50.0296 1796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/28 10:30:50.0390 1796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/28 10:30:50.0500 1796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/28 10:30:50.0609 1796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/28 10:30:50.0703 1796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/28 10:30:50.0812 1796 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/28 10:30:50.0875 1796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/28 10:30:51.0125 1796 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110628.002\NAVENG.SYS
2011/06/28 10:30:51.0296 1796 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110628.002\NAVEX15.SYS
2011/06/28 10:30:51.0578 1796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/28 10:30:51.0703 1796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/28 10:30:51.0781 1796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/28 10:30:51.0812 1796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/28 10:30:51.0890 1796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/28 10:30:51.0968 1796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/28 10:30:52.0062 1796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/28 10:30:52.0125 1796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/28 10:30:52.0250 1796 NETMDUSB (986acdece933131288f1957dc359865f) C:\WINDOWS\system32\Drivers\NETMDUSB.sys
2011/06/28 10:30:52.0343 1796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/28 10:30:52.0625 1796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/28 10:30:52.0734 1796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/28 10:30:52.0859 1796 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/06/28 10:30:52.0937 1796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/28 10:30:53.0015 1796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/28 10:30:53.0062 1796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/28 10:30:53.0140 1796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/28 10:30:53.0312 1796 P1110VID (56ebd7c43be8c9e129d452828c1532d8) C:\WINDOWS\system32\DRIVERS\P1110Vid.sys
2011/06/28 10:30:53.0437 1796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/28 10:30:53.0500 1796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/28 10:30:53.0562 1796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/28 10:30:53.0671 1796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/28 10:30:53.0781 1796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/28 10:30:53.0890 1796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/28 10:30:54.0328 1796 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/06/28 10:30:54.0453 1796 pneteth (f31dfc4872de0fcf8687e6b308f4abb1) C:\WINDOWS\system32\DRIVERS\pneteth.sys
2011/06/28 10:30:54.0718 1796 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/06/28 10:30:54.0812 1796 PPSCAN (1b94638b09adcef3aa522b50c0b85b69) C:\WINDOWS\system32\drivers\PPSCAN.sys
2011/06/28 10:30:54.0937 1796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/28 10:30:55.0000 1796 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/28 10:30:55.0093 1796 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/06/28 10:30:55.0203 1796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/28 10:30:55.0281 1796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/28 10:30:55.0359 1796 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/06/28 10:30:55.0453 1796 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/28 10:30:55.0781 1796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/28 10:30:55.0859 1796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/28 10:30:55.0921 1796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/28 10:30:56.0015 1796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/28 10:30:56.0078 1796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/28 10:30:56.0125 1796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/28 10:30:56.0218 1796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/28 10:30:56.0312 1796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/28 10:30:56.0453 1796 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/06/28 10:30:56.0546 1796 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/28 10:30:56.0671 1796 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/06/28 10:30:56.0765 1796 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/06/28 10:30:56.0875 1796 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/28 10:30:56.0937 1796 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/28 10:30:57.0156 1796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/28 10:30:57.0281 1796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/28 10:30:57.0343 1796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/28 10:30:57.0484 1796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/28 10:30:57.0625 1796 SiS315 (c10865ab0a1fd9f4ec7db70a1b8425d1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/06/28 10:30:57.0734 1796 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/06/28 10:30:57.0843 1796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/28 10:30:58.0015 1796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/28 10:30:58.0078 1796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/28 10:30:58.0234 1796 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
2011/06/28 10:30:58.0359 1796 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/06/28 10:30:58.0453 1796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/28 10:30:58.0609 1796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/28 10:30:58.0671 1796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/28 10:30:58.0734 1796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/28 10:30:59.0078 1796 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/06/28 10:30:59.0171 1796 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/06/28 10:30:59.0328 1796 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/06/28 10:30:59.0656 1796 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/06/28 10:30:59.0734 1796 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/06/28 10:30:59.0875 1796 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
2011/06/28 10:31:00.0031 1796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/28 10:31:00.0140 1796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/28 10:31:00.0265 1796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/28 10:31:00.0328 1796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/28 10:31:00.0390 1796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/28 10:31:00.0640 1796 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/06/28 10:31:00.0718 1796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/28 10:31:00.0859 1796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/28 10:31:01.0000 1796 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/28 10:31:01.0203 1796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/28 10:31:01.0265 1796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/28 10:31:01.0312 1796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/28 10:31:01.0375 1796 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/28 10:31:01.0453 1796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/28 10:31:01.0515 1796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/28 10:31:01.0562 1796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/28 10:31:01.0625 1796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/28 10:31:01.0671 1796 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/06/28 10:31:01.0734 1796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/28 10:31:01.0828 1796 viagfx (949f86f5a8e493574bbb830c3d18e4a9) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/06/28 10:31:01.0890 1796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/28 10:31:01.0953 1796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/28 10:31:02.0125 1796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/28 10:31:02.0218 1796 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/28 10:31:02.0343 1796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/28 10:31:02.0562 1796 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/06/28 10:31:02.0718 1796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/06/28 10:31:02.0906 1796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/28 10:31:03.0015 1796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/28 10:31:03.0062 1796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/28 10:31:03.0218 1796 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
2011/06/28 10:31:03.0250 1796 Boot (0x1200) (fee4ce9cee2ff9b0cf7751c9bb56ce94) \Device\Harddisk0\DR0\Partition0
2011/06/28 10:31:03.0281 1796 Boot (0x1200) (2383e98c6785d8ed6305641c171e4009) \Device\Harddisk0\DR0\Partition1
2011/06/28 10:31:03.0296 1796 ================================================================================
2011/06/28 10:31:03.0296 1796 Scan finished
2011/06/28 10:31:03.0296 1796 ================================================================================
2011/06/28 10:31:03.0343 3440 Detected object count: 0
2011/06/28 10:31:03.0343 3440 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users