Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A recent attempt to attack your computer...


  • Please log in to reply
24 replies to this topic

#1 TheBeaconofHope

TheBeaconofHope

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 29 July 2011 - 04:58 PM

Hey, i'm currently running NAV 360. Let me be 100% clear with you guys, yes I went to sites (tehe), and now at some points every 30 secs - 5 mins or so, I get a popup from Norton saying " A recent attempt to attack your computer has been blocked." I know how to disable the popup, thats not the problem. The problem is now my computer lags like crazy. I can no longer play online games due to the lag, (yes its seriously that bad I can't game anymore QQ). Also, after an hour or so my internet explorer downgrades, its hard to explain, but its like the original IE gets disabled and its not the original setting, I can no longer open up extra tabs, and its just different looking, sorry I can't explain that any better. I've done my search funcion on this site and through google and can't find much help at all about this situation. I'm not sure if my hardrive is corrupted and need a new one or if theres something I can possible due to fix this nightmare. I've ran comprehensive NAV scans and also defraged my computer just in case (needed to be done anyways), but still no problem solved. If anyone can help that would be great! Thanks!

Edited by Orange Blossom, 29 July 2011 - 05:11 PM.
Moved to AII from XP. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 29 July 2011 - 05:20 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 TheBeaconofHope

TheBeaconofHope
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 29 July 2011 - 06:22 PM

Thanks for the quick reply! I wasn't sure if you wanted me to download all of those or just pick one, so I only did one so far, let me know, I decided to go w/ Malwarebytes. Here are the results:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7322

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2011 4:20:24 PM
mbam-log-2011-07-29 (16-20-24).txt

Scan type: Quick scan
Objects scanned: 188585
Time elapsed: 11 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F0D4B230-DA4B-4daf-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{F0D4B23A-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AskSBar.ToolbarPlugin.1 (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AskSBar.ToolbarPlugin (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A072EC12-A40B-41DD-9A1A-CDB848B70F3C} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2841546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2841578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2841640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2841812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2841843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2841890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2842609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2842687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\application data\Adobe\plugs\kb2842703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brighton cablay\Desktop\click to find and fix errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

As I post this Malwarebyte's anti-Malware is going off saying something like "blocked a potential threat." Something along those lines.

#4 TheBeaconofHope

TheBeaconofHope
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 29 July 2011 - 06:56 PM

Hey again, i'm notifying you that after restarting my computer it continually restarts on its own after about 30 secs of rebooting. It turns to a blue screen for about half a second then starts the reboot phase. Right now i'm in safe mode since its the only way to get to this post, so now I have this problem... I let it restart over and over for baout 15-20 mins hoping it would stop, but nothing yet. Any help on how to resolve this now? :(

Edit: Looks like I fixed the constant restart problem, I removed the Malwarebyte's Anti-Malware program from safemode and now it hasn't restarted.

Edited by TheBeaconofHope, 29 July 2011 - 07:12 PM.


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 29 July 2011 - 07:52 PM

Go ahead with all other scans...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 TheBeaconofHope

TheBeaconofHope
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 29 July 2011 - 10:00 PM

Ok will do thanks.

Security Check:
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton 360
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 10
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

Minitoolbox:

MiniToolBox by Farbar
Ran by Brighton Cablay (administrator) on 29-07-2011 at 19:57:06
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
Hosts file not detected in the default diroctory========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : brighton

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : sd.cox.net



Ethernet adapter Local Area Connection 4:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2

Physical Address. . . . . . . . . : 00-04-4B-01-46-0E



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : sd.cox.net

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-04-4B-01-46-10

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

Lease Obtained. . . . . . . . . . : Friday, July 29, 2011 7:47:18 PM

Lease Expires . . . . . . . . . . : Saturday, July 30, 2011 7:47:18 PM

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 74.125.115.106, 74.125.115.147, 74.125.115.99, 74.125.115.103
74.125.115.104, 74.125.115.105



Pinging google.com [74.125.115.99] with 32 bytes of data:



Reply from 74.125.115.99: bytes=32 time=89ms TTL=52

Reply from 74.125.115.99: bytes=32 time=91ms TTL=52



Ping statistics for 74.125.115.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 89ms, Maximum = 91ms, Average = 90ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=26ms TTL=56

Reply from 72.30.2.43: bytes=32 time=26ms TTL=56



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 26ms, Average = 26ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 4b 01 46 0e ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
0x3 ...00 04 4b 01 46 10 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.101 192.168.1.101 20
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
255.255.255.255 255.255.255.255 192.168.1.101 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/29/2011 03:47:21 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/29/2011 10:04:30 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module Flash10c.ocx, version 10.0.32.18, fault address 0x000cae40.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/28/2011 08:23:13 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/28/2011 02:19:12 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (07/27/2011 07:54:24 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module mshtml.dll, version 8.0.6001.19046, fault address 0x00109484.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/27/2011 04:41:49 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/27/2011 00:31:50 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/26/2011 08:52:26 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/26/2011 02:31:20 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module Flash10c.ocx, version 10.0.32.18, fault address 0x0023fa1a.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/25/2011 08:57:33 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module Flash10c.ocx, version 10.0.32.18, fault address 0x00001acb.
Processing media-specific event for [svchost.exe!ws!]


System errors:
=============
Error: (07/29/2011 07:55:43 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (07/29/2011 05:06:39 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/29/2011 05:06:29 PM) (Source: DCOM) (User: Brighton Cablay)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (07/29/2011 05:05:43 PM) (Source: DCOM) (User: Brighton Cablay)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/29/2011 05:05:38 PM) (Source: DCOM) (User: Brighton Cablay)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (07/29/2011 05:05:14 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/29/2011 05:05:09 PM) (Source: DCOM) (User: Brighton Cablay)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (07/29/2011 05:05:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
BHDrvx86
ccHP
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
nvport
RasAcd
Rdbss
SRTSP
SRTSPX
SymIRON
SYMTDI
Tcpip

Error: (07/29/2011 05:05:00 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068

Error: (07/29/2011 05:05:00 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (07/29/2011 03:47:21 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512kernel32.dll5.1.2600.578100012afb

Error: (07/29/2011 10:04:30 AM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512Flash10c.ocx10.0.32.18000cae40

Error: (07/28/2011 08:23:13 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512kernel32.dll5.1.2600.578100012afb

Error: (07/28/2011 02:19:12 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (07/27/2011 07:54:24 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512mshtml.dll8.0.6001.1904600109484

Error: (07/27/2011 04:41:49 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512kernel32.dll5.1.2600.578100012afb

Error: (07/27/2011 00:31:50 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512kernel32.dll5.1.2600.578100012afb

Error: (07/26/2011 08:52:26 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512kernel32.dll5.1.2600.578100012afb

Error: (07/26/2011 02:31:20 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512Flash10c.ocx10.0.32.180023fa1a

Error: (07/25/2011 08:57:33 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512Flash10c.ocx10.0.32.1800001acb


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 2814.48 MB
Available physical RAM: 1987.94 MB
Total Pagefile: 4701.64 MB
Available Pagefile: 4010.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.77 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:234.75 GB) NTFS

========================= Users: ========================================

User accounts for \\BRIGHTON

Administrator Brighton Cablay Guest
HelpAssistant SUPPORT_388945a0


== End of log ==

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 29 July 2011 - 10:12 PM

..and GMER...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 TheBeaconofHope

TheBeaconofHope
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 29 July 2011 - 10:30 PM

Gmer:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-29 20:29:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort5 MAXTOR_STM3500630AS rev.3.AAE
Running: GMER.exe; Driver: C:\DOCUME~1\BRIGHT~1\LOCALS~1\Temp\fgryqpod.sys


---- System - GMER 1.0.15 ----

SSDT 8985D6D0 ZwAlertResumeThread
SSDT 8985F6D0 ZwAlertThread
SSDT 89038CE8 ZwAllocateVirtualMemory
SSDT 8984F6D0 ZwAssignProcessToJobObject
SSDT 8A2FA700 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA582210]
SSDT 89032F80 ZwCreateMutant
SSDT 89030FC0 ZwCreateSymbolicLinkObject
SSDT 8A8A36D8 ZwCreateThread
SSDT 898506D0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA582490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA5829F0]
SSDT 89038F80 ZwDuplicateObject
SSDT 89038508 ZwFreeVirtualMemory
SSDT 8985B6D0 ZwImpersonateAnonymousToken
SSDT 8985C6D0 ZwImpersonateThread
SSDT 8A26E2F0 ZwLoadDriver
SSDT 8A163680 ZwMapViewOfSection
SSDT 898576D0 ZwOpenEvent
SSDT 896992B0 ZwOpenProcess
SSDT 8986D6D0 ZwOpenProcessToken
SSDT 898536D0 ZwOpenSection
SSDT 89699120 ZwOpenThread
SSDT 89031730 ZwProtectVirtualMemory
SSDT 898606D0 ZwResumeThread
SSDT 898676D0 ZwSetContextThread
SSDT 890380A8 ZwSetInformationProcess
SSDT 898516D0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA582C40]
SSDT 898566D0 ZwSuspendProcess
SSDT 898656D0 ZwSuspendThread
SSDT 898706D0 ZwTerminateProcess
SSDT 898666D0 ZwTerminateThread
SSDT 8986A6D0 ZwUnmapViewOfSection
SSDT 89038918 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C28 805044C4 4 Bytes [E8, 8C, 03, 89]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB162B380, 0x34E2EF, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E1000A
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E2000A
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E0000C
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0101000A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0102000A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0103000A
.text C:\WINDOWS\System32\svchost.exe[1480] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00FA000A
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C2000C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Sftfsxp.sys (Microsoft Application Virtualization File System/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort6 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort7 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP5T0L0-14 8AA9331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-3 8AA9331B

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 29 July 2011 - 10:36 PM

It looks like we have a rootkit there.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 TheBeaconofHope

TheBeaconofHope
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 29 July 2011 - 10:57 PM

2011/07/29 20:48:56.0515 2372 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/07/29 20:48:57.0468 2372 ================================================================================
2011/07/29 20:48:57.0468 2372 SystemInfo:
2011/07/29 20:48:57.0468 2372
2011/07/29 20:48:57.0468 2372 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/29 20:48:57.0468 2372 Product type: Workstation
2011/07/29 20:48:57.0468 2372 ComputerName: BRIGHTON
2011/07/29 20:48:57.0468 2372 UserName: Brighton Cablay
2011/07/29 20:48:57.0468 2372 Windows directory: C:\WINDOWS
2011/07/29 20:48:57.0468 2372 System windows directory: C:\WINDOWS
2011/07/29 20:48:57.0468 2372 Processor architecture: Intel x86
2011/07/29 20:48:57.0468 2372 Number of processors: 2
2011/07/29 20:48:57.0468 2372 Page size: 0x1000
2011/07/29 20:48:57.0484 2372 Boot type: Normal boot
2011/07/29 20:48:57.0484 2372 ================================================================================
2011/07/29 20:48:58.0906 2372 Initialize success
2011/07/29 20:49:06.0625 6012 ================================================================================
2011/07/29 20:49:06.0625 6012 Scan started
2011/07/29 20:49:06.0625 6012 Mode: Manual;
2011/07/29 20:49:06.0625 6012 ================================================================================
2011/07/29 20:49:07.0656 6012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/29 20:49:07.0937 6012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/29 20:49:08.0328 6012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/29 20:49:08.0562 6012 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/07/29 20:49:09.0640 6012 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/29 20:49:10.0359 6012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/29 20:49:10.0562 6012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/29 20:49:10.0906 6012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/29 20:49:11.0171 6012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/29 20:49:11.0375 6012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/29 20:49:11.0625 6012 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110723.001\BHDrvx86.sys
2011/07/29 20:49:12.0000 6012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/29 20:49:12.0328 6012 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
2011/07/29 20:49:12.0750 6012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/29 20:49:12.0984 6012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/29 20:49:13.0171 6012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/29 20:49:13.0906 6012 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
2011/07/29 20:49:14.0562 6012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/29 20:49:14.0937 6012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/29 20:49:15.0296 6012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/29 20:49:15.0531 6012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/29 20:49:15.0734 6012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/29 20:49:16.0078 6012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/29 20:49:16.0265 6012 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/29 20:49:16.0484 6012 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/29 20:49:16.0781 6012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/29 20:49:17.0031 6012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/29 20:49:17.0203 6012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/29 20:49:17.0468 6012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/29 20:49:17.0906 6012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/29 20:49:18.0156 6012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/29 20:49:18.0328 6012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/29 20:49:18.0609 6012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/29 20:49:18.0828 6012 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/07/29 20:49:19.0046 6012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/29 20:49:19.0265 6012 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/29 20:49:19.0546 6012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/29 20:49:19.0875 6012 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/29 20:49:20.0078 6012 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/29 20:49:20.0265 6012 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/29 20:49:20.0593 6012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/29 20:49:21.0312 6012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/29 20:49:21.0593 6012 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110728.031\IDSxpx86.sys
2011/07/29 20:49:21.0906 6012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/29 20:49:23.0109 6012 IntcAzAudAddService (a5d5b8c427f4b67580fb2b511291a89d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/29 20:49:24.0359 6012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/29 20:49:24.0625 6012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/29 20:49:24.0843 6012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/29 20:49:25.0062 6012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/29 20:49:25.0250 6012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/29 20:49:25.0546 6012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/29 20:49:25.0734 6012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/29 20:49:25.0953 6012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/29 20:49:26.0187 6012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/29 20:49:26.0390 6012 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/29 20:49:26.0656 6012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/29 20:49:26.0921 6012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/29 20:49:27.0500 6012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/29 20:49:27.0734 6012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/29 20:49:27.0968 6012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/29 20:49:28.0125 6012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/29 20:49:28.0328 6012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/29 20:49:28.0734 6012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/29 20:49:29.0093 6012 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/29 20:49:29.0390 6012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/29 20:49:29.0656 6012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/29 20:49:29.0859 6012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/29 20:49:30.0046 6012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/29 20:49:30.0234 6012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/29 20:49:30.0406 6012 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/29 20:49:30.0703 6012 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110729.008\NAVENG.SYS
2011/07/29 20:49:31.0031 6012 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110729.008\NAVEX15.SYS
2011/07/29 20:49:31.0640 6012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/29 20:49:31.0843 6012 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/29 20:49:31.0984 6012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/29 20:49:32.0171 6012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/29 20:49:32.0343 6012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/29 20:49:32.0609 6012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/29 20:49:32.0781 6012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/29 20:49:33.0031 6012 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/29 20:49:33.0234 6012 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/07/29 20:49:33.0421 6012 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/07/29 20:49:33.0687 6012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/29 20:49:33.0968 6012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/29 20:49:34.0281 6012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/29 20:49:35.0781 6012 nv (29e060897a3179660c49367f52fcaac0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/29 20:49:37.0156 6012 NVENETFD (974551a956f3269f460d4b18101eec46) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/07/29 20:49:37.0375 6012 nvnetbus (7fc2baf84006f28cb9f477a167fff9ba) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/07/29 20:49:37.0671 6012 nvport (add596f11d3a23e55d960d4cce6e9b3a) C:\WINDOWS\system32\Drivers\nvport.sys
2011/07/29 20:49:37.0765 6012 NVR0Dev (9c76be3103252432ff6b302315d5b02d) C:\WINDOWS\nvoclock.sys
2011/07/29 20:49:38.0968 6012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/29 20:49:39.0187 6012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/29 20:49:39.0375 6012 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/29 20:49:39.0625 6012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/29 20:49:39.0781 6012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/29 20:49:39.0953 6012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/29 20:49:40.0140 6012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/29 20:49:40.0531 6012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/29 20:49:40.0734 6012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/29 20:49:42.0109 6012 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
2011/07/29 20:49:42.0328 6012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/29 20:49:42.0562 6012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/29 20:49:42.0796 6012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/29 20:49:43.0000 6012 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/29 20:49:43.0984 6012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/29 20:49:44.0171 6012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/29 20:49:44.0328 6012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/29 20:49:44.0531 6012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/29 20:49:44.0703 6012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/29 20:49:44.0953 6012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/29 20:49:45.0156 6012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/29 20:49:45.0375 6012 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/29 20:49:45.0625 6012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/29 20:49:45.0875 6012 RzSynapse (9bfec36588ef8ccee1bbd47f9d65d19f) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
2011/07/29 20:49:46.0062 6012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/29 20:49:46.0265 6012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/29 20:49:46.0421 6012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/29 20:49:46.0859 6012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/29 20:49:47.0171 6012 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
2011/07/29 20:49:47.0578 6012 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
2011/07/29 20:49:47.0875 6012 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
2011/07/29 20:49:48.0031 6012 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
2011/07/29 20:49:48.0578 6012 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/07/29 20:49:48.0796 6012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/29 20:49:48.0984 6012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/29 20:49:49.0234 6012 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
2011/07/29 20:49:49.0578 6012 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
2011/07/29 20:49:49.0875 6012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/29 20:49:50.0203 6012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/29 20:49:50.0421 6012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/29 20:49:51.0000 6012 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
2011/07/29 20:49:51.0234 6012 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
2011/07/29 20:49:51.0468 6012 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/07/29 20:49:51.0781 6012 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
2011/07/29 20:49:52.0093 6012 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
2011/07/29 20:49:52.0812 6012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/29 20:49:53.0109 6012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/29 20:49:53.0421 6012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/29 20:49:53.0703 6012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/29 20:49:53.0906 6012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/29 20:49:54.0296 6012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/29 20:49:54.0796 6012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/29 20:49:55.0125 6012 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/29 20:49:55.0640 6012 USBADVAU (75478d714957ccd0087afed6da5d43da) C:\WINDOWS\system32\drivers\cm112.sys
2011/07/29 20:49:56.0140 6012 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/29 20:49:56.0343 6012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/29 20:49:56.0625 6012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/29 20:49:56.0828 6012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/29 20:49:57.0078 6012 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/29 20:49:57.0234 6012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/29 20:49:57.0437 6012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/29 20:49:57.0718 6012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/29 20:49:57.0890 6012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/29 20:49:58.0265 6012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/29 20:49:58.0515 6012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/29 20:49:58.0906 6012 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/29 20:49:59.0390 6012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/29 20:49:59.0703 6012 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/29 20:49:59.0750 6012 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/07/29 20:49:59.0750 6012 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/29 20:49:59.0765 6012 Boot (0x1200) (10c9b88b843fca556f9b877f4736d0d6) \Device\Harddisk0\DR0\Partition0
2011/07/29 20:49:59.0765 6012 ================================================================================
2011/07/29 20:49:59.0765 6012 Scan finished
2011/07/29 20:49:59.0765 6012 ================================================================================
2011/07/29 20:49:59.0765 5684 Detected object count: 1
2011/07/29 20:49:59.0765 5684 Actual detected object count: 1
2011/07/29 20:50:08.0890 5684 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/29 20:50:08.0890 5684 \Device\Harddisk0\DR0 - ok
2011/07/29 20:50:08.0890 5684 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/29 20:50:28.0765 6072 Deinitialize success

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 29 July 2011 - 11:04 PM

Good :)

Let's double check...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 TheBeaconofHope

TheBeaconofHope
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 29 July 2011 - 11:13 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6493000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6291456 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 182.42 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6189056 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 182.42 )
0xB2E82000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4538368 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB2924000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110729.008\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
0xB6302000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 1105920 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xB24B5000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110723.001\BHDrvx86.sys 831488 bytes (Symantec Corporation, BASH Driver)
0xB9DB2000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAEF20000 C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys 548864 bytes (Microsoft Corporation, Microsoft Application Virtualization File System)
0xB2580000 C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xB2A9B000 C:\WINDOWS\System32\Drivers\wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xB267B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB261D000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB61E1000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB2760000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110728.031\IDSxpx86.sys 368640 bytes (Symantec Corporation, IDS Core Driver)
0xB2837000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB0742000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB2B36000 C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xB27E0000 C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
0xB9E95000 SYMDS.SYS 352256 bytes
0xB62AF000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 339968 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xBF5F9000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAE894000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAED85000 C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys 208896 bytes (Microsoft Corporation, Microsoft Application Virtualization SystemGuard)
0xB623F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB1A21000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D85000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9E56000 SYMEFA.SYS 184320 bytes
0xAE729000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB26EB000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6410000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB2738000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB27BA000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB28FF000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xB2DBE000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB645B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6438000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB2716000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB2B17000 C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xB25FF000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9D6B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2475000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E3F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6298000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB1C7E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB28EB000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110729.008\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB647F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB2890000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E83000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6287000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB2DE2000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB95CE000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB95AE000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA2A8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA268000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB6A93000 C:\WINDOWS\system32\DRIVERS\RzSynapse.sys 61440 bytes (Razer USA Ltd, Razer Synapse Engine)
0xB1D4B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB6AD3000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 53248 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xB959E000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB6B23000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA318000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB956E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB958E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB954E000 C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xB6B03000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAE411000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB1780000 C:\WINDOWS\system32\drivers\cpuz135_x32.sys 36864 bytes (CPUID, CPUID Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB6AA3000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB6B13000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB2E72000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB95BE000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA228000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB350D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA498000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA390000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA408000 C:\WINDOWS\system32\Drivers\nvport.sys 28672 bytes (NVIDIA Corporation., Port Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA398000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB351D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB3515000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA340000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB352D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB5D4F000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB1F1B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB8D16000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAEDF0000 C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys 16384 bytes (Microsoft Corporation, Microsoft Application Virtualization SystemGuard)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB28DF000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB5D57000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB5D53000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB8D12000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8D1E000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xB2C40000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB1F33000 C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys 12288 bytes (Microsoft Corporation, Microsoft Application Virtualization Volume Manager)
0xBA66E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA612000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5B2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5B4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5F0000 C:\WINDOWS\nvoclock.sys 8192 bytes (NVidia Corp., NVidia System Utility Driver)
0xBA5B6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5AE000 speedfan.sys 8192 bytes
0xBA62C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA658000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7C0000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7DB000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA671000 giveio.sys 4096 bytes
0xBA73D000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 29 July 2011 - 11:17 PM

That's good :)

Now, you have a "hosts" file missing.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. Make sure the file is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image

Then....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===============================================================================

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 TheBeaconofHope

TheBeaconofHope
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 29 July 2011 - 11:31 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 21:30 on 29/07/2011 by Brighton Cablay
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 715 bytes [04:29 30/07/2011] [04:29 30/07/2011]
lmhosts.sam --a---- 3683 bytes [12:00 04/08/2004] [12:00 04/08/2004]
networks --a---- 407 bytes [12:00 04/08/2004] [12:00 04/08/2004]
protocol --a---- 799 bytes [12:00 04/08/2004] [12:00 04/08/2004]
services --a---- 7116 bytes [12:00 04/08/2004] [12:00 04/08/2004]

---Folders---
None found.

-= EOF =-

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 29 July 2011 - 11:32 PM

Well done :)

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users