Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Huge data usage on mobile broadband when I'm not on my computer


  • This topic is locked This topic is locked
20 replies to this topic

#1 Josh1980

Josh1980

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 03 August 2011 - 08:00 AM

Hi Guys,

Referred from here: http://www.bleepingcomputer.com/forums/topic412332.html ~ OB

My issue started when the data usage on my internet plan tripled about 2 months ago when there was no change to my actual usage... I actually have a very low usage. After much trouble shooting with my ISP they advised I probably have a or many visus' causing the issue. I had Norton 360 which said my computer was clean. I then downloaded Stopzilla which showed a GASF trojan and some packers and spyware. After reading a few dubious reviews about Stopzilla I tried Malwarebytes which found and removed a Hiloti trojan. I then used SUPERantispyware which found a broken file extension and these trojans (Gen-IExplorer[Fake] and Gen-PEC)which were all removed.

After having much trouble running rKill (I was getting a "Win32 application error" message), I finally got it to run. When it does I get a Microsoft error message saying that the following programs have stopped working - Iexplorer.exe and PEV.exe. Some googling has lead me to believe they may be associated with virus'.

Malwarebytes and SAS both show clear results now but my data usage is still way above what it should be... like way above.

The only other funny thing that has sinced happened is a Microsoft Homegroup icon appearing on my desktop post rebbot after SAS and when I am on the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" page... all the links with a double underline link to www.globalonlinebusinessmodel.com which is some Adchoices link which also says Kontera... that kinda thing hasn't happened before so I don't know if thats me or you??

Please find below the logs as requested... and lastly thanks a million. If you could let me know that my computer is clean then that would be greatly and grossly appreciated.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Justine Davies at 18:43:50 on 2011-08-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3039.1446 [GMT 8:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\Justine Davies\Optus\Remote Diagnostics\cpmmgrd.exe
C:\Windows\system32\conhost.exe
C:\Users\Justine Davies\AppData\Roaming\Business Mobile Broadband\ouc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Business Mobile Broadband\Business Mobile Broadband.exe
C:\Plus19\Myob.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Justine Davies\Optus\Remote Diagnostics\catmgrd.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Norton 360\Engine\4.3.0.5\buVss.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [NortonUpdateAgent] c:\programdata\norton\NUA.exe
uRun: [HW_OPENEYE_OUC_Business Mobile Broadband] "c:\program files\business mobile broadband\updatedog\ouc.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [<NO NAME>]
StartupFolder: c:\users\justin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\starto~1.lnk - c:\users\justine davies\optus\remote diagnostics\cpmmgrd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: skillport.com\subway
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: Interfaces\{13FA3134-C819-4C6B-B4F3-6672734ED005} : DhcpNameServer = 180.216.255.56 180.216.255.57 220.101.191.16 220.101.191.17
TCP: Interfaces\{4F749E61-1025-43A6-B369-2CD31EA2EB99}\75C414E4 : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BBB77AF4-D269-40D3-9372-A1C1029B7FD9} : NameServer = 198.142.0.51 61.88.88.88
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\justine davies\appdata\roaming\mozilla\firefox\profiles\037u33mi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-1-17 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-1-17 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-23 815736]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-1-17 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110802.030\IDSvix86.sys [2011-8-2 367736]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-13 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-1-17 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2011-1-17 339504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe [2010-2-14 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-9-29 249856]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-29 366640]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2011-1-17 126392]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-7-20 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-20 208896]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-7-20 72832]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-29 22712]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-25 185344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-25 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-7-20 102784]
S3 HuaweiWiMAXUSB;HuaweiWiMAXUSB Device driver;c:\windows\system32\drivers\HuaweiWiMAXUSB.sys [2011-7-19 66560]
S3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw1v32.sys [2009-8-25 5958656]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]
.
=============== Created Last 30 ================
.
2011-08-03 10:28:08 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-08-02 08:52:53 -------- d-----w- c:\users\justine davies\appdata\roaming\SUPERAntiSpyware.com
2011-08-02 08:52:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-02 08:52:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-29 12:49:54 -------- d-----w- c:\users\justine davies\appdata\roaming\Malwarebytes
2011-07-29 12:49:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 12:49:48 -------- d-----w- c:\programdata\Malwarebytes
2011-07-29 12:49:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 12:49:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 10:07:02 -------- d-----w- c:\programdata\STOPzilla!
2011-07-20 07:27:53 -------- d-----w- c:\users\justine davies\appdata\roaming\Business Mobile Broadband
2011-07-20 07:25:36 -------- d-----w- c:\users\justine davies\Optus
2011-07-20 07:22:53 -------- d-----w- c:\program files\Business Mobile Broadband
2011-07-20 07:22:37 -------- d-----w- c:\programdata\DatacardService
2011-07-19 10:12:51 8192 ----a-w- c:\windows\system32\drivers\HuaweiWiMAXUSBCo.dll
2011-07-19 10:12:51 66560 ----a-w- c:\windows\system32\drivers\HuaweiWiMAXUSB.sys
2011-07-19 10:12:35 8192 ----a-w- c:\windows\system32\HuaweiWiMAXUSBCo.dll
2011-07-19 10:12:29 -------- d-----w- c:\program files\vividwireless
2011-07-06 23:39:10 -------- d-----w- c:\users\justine davies\appdata\local\CrashDumps
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST950042 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83049000]<< >>UNKNOWN [0x8C033000]<< >>UNKNOWN [0x8CEB7000]<< >>UNKNOWN [0x8CE7C000]<< >>UNKNOWN [0x83012000]<< >>UNKNOWN [0x8C203000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83085458] -> \Device\Harddisk0\DR0[0x87B3C030]
\Driver\Disk[0x87B36510] -> IRP_MJ_CREATE -> 0x8C03739F
3 [0x8C03759E] -> ntkrnlpa!IofCallDriver[0x83085458] -> [0x87B3BAA8]
\Driver\hpdskflt[0x8639CCD8] -> IRP_MJ_CREATE -> 0x8CE7DFB0
5 [0x8CE7E090] -> ntkrnlpa!IofCallDriver[0x83085458] -> \Device\Ide\IAAStorageDevice-1[0x870CB028]
\Driver\iaStor[0x870AA9C0] -> IRP_MJ_CREATE -> 0x8C24792E
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:44:19.80 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/01/2010 10:02:39 PM
System Uptime: 3/08/2011 2:25:58 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 3628
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 366.48 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.944 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP158: 24/07/2011 7:00:11 PM - Windows Backup
RP159: 29/07/2011 6:06:37 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP161: 29/07/2011 6:15:45 PM - StopZILLA! Restore Point.
RP165: 30/07/2011 7:27:15 AM - StopZILLA! Restore Point.
RP166: 1/08/2011 4:09:32 PM - Windows Backup
RP167: 2/08/2011 4:38:35 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Acrobat.com
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Adobe Shockwave Player
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bonjour
BufferChm
Business Mobile Broadband
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Copy
CyberLink DVD Suite
Destinations
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
ENE CIR Receiver Driver
F4400
GEAR driver installer for x86 and x64
GPBaseService2
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP Games
HP Imaging Device Functions 13.0
HP Integrated Module with Bluetooth wireless technology
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Print Projects 1.0
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides 0154
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
IDT Audio
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 17
JMicron Flash Media Controller Driver
Junk Mail filter update
LabelPrint
LightScribe System Software
LSI HDA Modem
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Basic Edition 2003
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MYOB AccountRight Plus v19
MYOB ODBC Direct v10 AUS
MYOB ODBC Direct v9 AUS
Norton 360
OGA Notifier 2.0.0048.0
Optus Remote Diagnostics
Optus Wireless Broadband
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
SmartWebPrinting
SoftStylus
SolutionCenter
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TrayApp
Universal Document Converter (Demo)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
vividwireless
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
3/08/2011 5:44:37 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
3/08/2011 2:28:35 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user JustineDavies\Justine Davies (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
29/07/2011 6:05:11 PM, Error: Service Control Manager [7034] - The HP Service service terminated unexpectedly. It has done this 1 time(s).
2/08/2011 8:51:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83139eff, 0x906a1b94, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080211-20592-01.
2/08/2011 4:23:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
2/08/2011 11:30:43 PM, Error: Service Control Manager [7034] - The DCService.exe service terminated unexpectedly. It has done this 1 time(s).
1/08/2011 4:00:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
.
==== End Of File ===========================


As per the above instructions I have run

Attached Files

  • Attached File  DDS2.txt   17.31KB   0 downloads
  • Attached File  DDS3.txt   8.91KB   0 downloads
  • Attached File  ark.txt   27.19KB   1 downloads

Edited by Orange Blossom, 04 August 2011 - 06:55 PM.


BC AdBot (Login to Remove)

 


#2 Josh1980

Josh1980
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 08 August 2011 - 07:56 PM

hello???

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 10 August 2011 - 04:23 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Josh1980

Josh1980
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 August 2011 - 07:17 AM

Hi Elise,
thanks so much for your help!!! Please don't delete my post. I ended up having to disconnect my internet service due to the issue. I will have it back up and running tomorrow and I'll post my logs as per your instructions.

Thanks again!
Josh

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 15 August 2011 - 07:21 AM

Okay Josh, thank you for letting me know!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Josh1980

Josh1980
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 August 2011 - 04:39 AM

Thanks Elise! I am not sure if you want me to explain my issues again?

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Justine Davies at 17:34:18 on 2011-08-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3039.1841 [GMT 8:00]
.
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\Justine Davies\Optus\Remote Diagnostics\cpmmgrd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\Justine Davies\AppData\Roaming\Business Mobile Broadband\ouc.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [NortonUpdateAgent] c:\programdata\norton\NUA.exe
uRun: [HW_OPENEYE_OUC_Business Mobile Broadband] "c:\program files\business mobile broadband\updatedog\ouc.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [<NO NAME>]
StartupFolder: c:\users\justin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\starto~1.lnk - c:\users\justine davies\optus\remote diagnostics\cpmmgrd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: skillport.com\subway
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{13FA3134-C819-4C6B-B4F3-6672734ED005} : DhcpNameServer = 180.216.255.56 180.216.255.57 220.101.191.16 220.101.191.17
TCP: Interfaces\{4F749E61-1025-43A6-B369-2CD31EA2EB99}\75C414E4 : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{64436B9A-0C54-44D1-BD90-A14F2A27EB48} : NameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{FEB03BD7-3849-48B6-A7F3-AE8A6ED3B1F9} : NameServer = 198.142.0.51 61.88.88.88
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\justine davies\appdata\roaming\mozilla\firefox\profiles\037u33mi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-1-17 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-1-17 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-16 815736]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-1-17 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110815.030\IDSvix86.sys [2011-8-16 367736]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-13 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-1-17 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2011-1-17 339504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe [2010-2-14 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-9-29 249856]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-29 366640]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2011-1-17 126392]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-25 29472]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-7-20 72832]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-29 22712]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-25 185344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-7-20 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-7-20 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-8-15 180736]
S3 HuaweiWiMAXUSB;HuaweiWiMAXUSB Device driver;c:\windows\system32\drivers\HuaweiWiMAXUSB.sys [2011-7-19 66560]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-8-15 101248]
S3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw1v32.sys [2009-8-25 5958656]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]
.
=============== Created Last 30 ================
.
2011-08-15 09:00:13 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-08-15 09:00:13 180736 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-08-15 09:00:13 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-08-15 09:00:13 101248 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-08-09 01:01:14 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-09 01:01:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-04 10:42:52 -------- d-----w- c:\program files\common files\MSSoap
2011-08-03 10:28:08 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-08-02 08:52:53 -------- d-----w- c:\users\justine davies\appdata\roaming\SUPERAntiSpyware.com
2011-08-02 08:52:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-02 08:52:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-29 12:49:54 -------- d-----w- c:\users\justine davies\appdata\roaming\Malwarebytes
2011-07-29 12:49:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 12:49:48 -------- d-----w- c:\programdata\Malwarebytes
2011-07-29 12:49:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 12:49:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 10:07:02 -------- d-----w- c:\programdata\STOPzilla!
2011-07-20 07:27:53 -------- d-----w- c:\users\justine davies\appdata\roaming\Business Mobile Broadband
2011-07-20 07:25:36 -------- d-----w- c:\users\justine davies\Optus
2011-07-20 07:23:33 82816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2011-07-20 07:23:33 72832 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2011-07-20 07:23:33 51712 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2011-07-20 07:23:33 27008 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2011-07-20 07:23:33 19456 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2011-07-20 07:23:33 168960 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2011-07-20 07:23:33 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2011-07-20 07:23:24 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-07-20 07:23:15 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-07-20 07:22:53 -------- d-----w- c:\program files\Business Mobile Broadband
2011-07-20 07:22:37 -------- d-----w- c:\programdata\DatacardService
2011-07-19 10:12:51 8192 ----a-w- c:\windows\system32\drivers\HuaweiWiMAXUSBCo.dll
2011-07-19 10:12:51 66560 ----a-w- c:\windows\system32\drivers\HuaweiWiMAXUSB.sys
2011-07-19 10:12:35 8192 ----a-w- c:\windows\system32\HuaweiWiMAXUSBCo.dll
2011-07-19 10:12:29 -------- d-----w- c:\program files\vividwireless
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST950042 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83041000]<< >>UNKNOWN [0x8C039000]<< >>UNKNOWN [0x8CD94000]<< >>UNKNOWN [0x8CFF4000]<< >>UNKNOWN [0x8300A000]<< >>UNKNOWN [0x8C210000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8307D458] -> \Device\Harddisk0\DR0[0x87B3BAC8]
\Driver\Disk[0x87B35178] -> IRP_MJ_CREATE -> 0x8C03D39F
3 [0x8C03D59E] -> ntkrnlpa!IofCallDriver[0x8307D458] -> [0x87B36368]
\Driver\hpdskflt[0x87AE7448] -> IRP_MJ_CREATE -> 0x8CFF5FB0
5 [0x8CFF6090] -> ntkrnlpa!IofCallDriver[0x8307D458] -> \Device\Ide\IAAStorageDevice-1[0x870CB028]
\Driver\iaStor[0x870B5B80] -> IRP_MJ_CREATE -> 0x8C25492E
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:35:01.31 ===============
and...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/01/2010 10:02:39 PM
System Uptime: 16/08/2011 5:25:07 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3628
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 366.681 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.944 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP165: 30/07/2011 7:27:15 AM - StopZILLA! Restore Point.
RP166: 1/08/2011 4:09:32 PM - Windows Backup
RP167: 2/08/2011 4:38:35 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP169: 4/08/2011 6:36:52 PM - Configured MYOB AccountRight Plus v19
RP171: 4/08/2011 6:40:58 PM - Installed MYOB AccountRight Plus v19.6.1
RP172: 7/08/2011 9:33:32 PM - Windows Backup
RP173: 9/08/2011 9:00:18 AM - Installed Java™ 6 Update 26
RP174: 15/08/2011 5:08:04 PM - Windows Backup
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Acrobat.com
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Adobe Shockwave Player
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bonjour
BufferChm
Business Mobile Broadband
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Copy
CyberLink DVD Suite
Destinations
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
ENE CIR Receiver Driver
F4400
GEAR driver installer for x86 and x64
GPBaseService2
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP Games
HP Imaging Device Functions 13.0
HP Integrated Module with Bluetooth wireless technology
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Print Projects 1.0
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides 0154
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
IDT Audio
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 26
JMicron Flash Media Controller Driver
Junk Mail filter update
LabelPrint
LightScribe System Software
LSI HDA Modem
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Basic Edition 2003
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MYOB AccountRight Plus v19.6.1
MYOB ODBC Direct v10 AUS
MYOB ODBC Direct v9 AUS
Norton 360
OGA Notifier 2.0.0048.0
Optus Remote Diagnostics
Optus Wireless Broadband
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
SmartWebPrinting
SoftStylus
SolutionCenter
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TrayApp
Universal Document Converter (Demo)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
vividwireless
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Upload Tool
Windows Live Writer
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
16/08/2011 7:13:14 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
16/08/2011 5:31:39 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user JustineDavies\Justine Davies (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
15/08/2011 7:44:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
.
==== End Of File ===========================

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 16 August 2011 - 07:50 AM

Hi again, unfortunately you have a nasty rootkit on your computer. Please read the following information first.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Josh1980

Josh1980
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 August 2011 - 09:12 AM

Hi Elise,

That is crappy news! I would definatey like to try remove it for now. If I reformat and reinstall the OS will it then be 100% safe?

I ran the TDSkille.exe but it found no threats? I hope the this is the log you are after...

2011/08/16 22:02:52.0067 3576 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/16 22:02:54.0079 3576 ================================================================================
2011/08/16 22:02:54.0079 3576 SystemInfo:
2011/08/16 22:02:54.0079 3576
2011/08/16 22:02:54.0079 3576 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/16 22:02:54.0079 3576 Product type: Workstation
2011/08/16 22:02:54.0079 3576 ComputerName: JUSTINEDAVIES
2011/08/16 22:02:54.0079 3576 UserName: Justine Davies
2011/08/16 22:02:54.0079 3576 Windows directory: C:\Windows
2011/08/16 22:02:54.0079 3576 System windows directory: C:\Windows
2011/08/16 22:02:54.0079 3576 Processor architecture: Intel x86
2011/08/16 22:02:54.0079 3576 Number of processors: 2
2011/08/16 22:02:54.0079 3576 Page size: 0x1000
2011/08/16 22:02:54.0079 3576 Boot type: Normal boot
2011/08/16 22:02:54.0079 3576 ================================================================================
2011/08/16 22:02:54.0937 3576 Initialize success
2011/08/16 22:03:03.0392 5760 ================================================================================
2011/08/16 22:03:03.0392 5760 Scan started
2011/08/16 22:03:03.0392 5760 Mode: Manual;
2011/08/16 22:03:03.0392 5760 ================================================================================
2011/08/16 22:03:04.0219 5760 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/16 22:03:04.0422 5760 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/08/16 22:03:05.0249 5760 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/16 22:03:05.0295 5760 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/16 22:03:05.0342 5760 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/16 22:03:05.0389 5760 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/16 22:03:05.0436 5760 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/16 22:03:05.0498 5760 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/08/16 22:03:05.0607 5760 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/08/16 22:03:05.0717 5760 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/16 22:03:05.0748 5760 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/16 22:03:05.0810 5760 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/16 22:03:05.0857 5760 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/08/16 22:03:05.0888 5760 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/16 22:03:05.0935 5760 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/16 22:03:05.0966 5760 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/16 22:03:06.0013 5760 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/16 22:03:06.0060 5760 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/16 22:03:06.0091 5760 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/16 22:03:06.0122 5760 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/08/16 22:03:06.0185 5760 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/16 22:03:06.0216 5760 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/16 22:03:06.0247 5760 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/16 22:03:06.0309 5760 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/16 22:03:06.0372 5760 AtiHdmiService (0bf168115851f9a7e070dc16901cf7c1) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/16 22:03:06.0543 5760 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/16 22:03:06.0777 5760 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/16 22:03:06.0824 5760 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/16 22:03:06.0887 5760 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/16 22:03:06.0933 5760 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/16 22:03:07.0105 5760 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110812.001\BHDrvx86.sys
2011/08/16 22:03:07.0245 5760 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/16 22:03:07.0292 5760 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/16 22:03:07.0339 5760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/16 22:03:07.0355 5760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/16 22:03:07.0401 5760 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/16 22:03:07.0433 5760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/16 22:03:07.0448 5760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/16 22:03:07.0464 5760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/16 22:03:07.0526 5760 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/16 22:03:07.0604 5760 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/16 22:03:07.0635 5760 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/16 22:03:07.0667 5760 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/08/16 22:03:07.0745 5760 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/16 22:03:07.0791 5760 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/08/16 22:03:07.0869 5760 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/08/16 22:03:07.0947 5760 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/08/16 22:03:08.0025 5760 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/16 22:03:08.0181 5760 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
2011/08/16 22:03:08.0259 5760 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/16 22:03:08.0306 5760 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/16 22:03:08.0400 5760 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/16 22:03:08.0462 5760 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/16 22:03:08.0540 5760 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/16 22:03:08.0603 5760 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/16 22:03:08.0649 5760 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/16 22:03:08.0712 5760 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/16 22:03:08.0759 5760 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/16 22:03:08.0805 5760 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/16 22:03:08.0883 5760 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/08/16 22:03:08.0930 5760 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/16 22:03:08.0977 5760 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/16 22:03:09.0055 5760 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/16 22:03:09.0086 5760 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/16 22:03:09.0133 5760 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/16 22:03:09.0180 5760 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/16 22:03:09.0227 5760 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/16 22:03:09.0367 5760 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/16 22:03:09.0492 5760 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/16 22:03:09.0663 5760 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/16 22:03:09.0726 5760 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\Windows\system32\DRIVERS\enecir.sys
2011/08/16 22:03:09.0851 5760 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/16 22:03:09.0975 5760 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/16 22:03:10.0053 5760 ewusbnet (01fd440c181c2e2f993ccf7b677701e8) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/08/16 22:03:10.0100 5760 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
2011/08/16 22:03:10.0147 5760 ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
2011/08/16 22:03:10.0178 5760 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/16 22:03:10.0241 5760 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/16 22:03:10.0287 5760 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/16 22:03:10.0350 5760 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/16 22:03:10.0397 5760 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/16 22:03:10.0428 5760 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/16 22:03:10.0475 5760 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/16 22:03:10.0537 5760 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/16 22:03:10.0584 5760 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/16 22:03:10.0615 5760 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/16 22:03:10.0709 5760 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/16 22:03:10.0771 5760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/16 22:03:10.0833 5760 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/16 22:03:10.0896 5760 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/08/16 22:03:10.0927 5760 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/16 22:03:10.0958 5760 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/16 22:03:11.0005 5760 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/16 22:03:11.0067 5760 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/16 22:03:11.0145 5760 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/16 22:03:11.0301 5760 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/08/16 22:03:11.0379 5760 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/08/16 22:03:11.0473 5760 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/16 22:03:11.0535 5760 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/08/16 22:03:11.0598 5760 HuaweiWiMAXUSB (d1f93670e7bc09a1921bddb2cc398ab0) C:\Windows\system32\DRIVERS\HuaweiWiMAXUSB.sys
2011/08/16 22:03:11.0691 5760 huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
2011/08/16 22:03:11.0832 5760 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/16 22:03:11.0894 5760 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/16 22:03:11.0972 5760 hwusbdev (ac6b4aabf92867584445d0c435b9248f) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/08/16 22:03:12.0097 5760 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/16 22:03:12.0191 5760 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/16 22:03:12.0253 5760 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/16 22:03:12.0425 5760 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110815.030\IDSvix86.sys
2011/08/16 22:03:12.0549 5760 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/16 22:03:12.0705 5760 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/16 22:03:12.0737 5760 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/16 22:03:12.0799 5760 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/16 22:03:12.0846 5760 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/16 22:03:12.0893 5760 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/16 22:03:12.0939 5760 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/16 22:03:12.0986 5760 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/16 22:03:13.0017 5760 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/16 22:03:13.0095 5760 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\Windows\system32\DRIVERS\jmcr.sys
2011/08/16 22:03:13.0142 5760 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/16 22:03:13.0189 5760 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/16 22:03:13.0236 5760 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/16 22:03:13.0267 5760 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/16 22:03:13.0345 5760 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/16 22:03:13.0407 5760 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/16 22:03:13.0454 5760 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/16 22:03:13.0485 5760 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/16 22:03:13.0517 5760 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/16 22:03:13.0563 5760 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/16 22:03:13.0626 5760 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/16 22:03:13.0688 5760 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/16 22:03:13.0751 5760 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/16 22:03:13.0797 5760 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/16 22:03:13.0829 5760 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/16 22:03:13.0875 5760 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/16 22:03:13.0938 5760 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/16 22:03:14.0016 5760 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/08/16 22:03:14.0094 5760 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/16 22:03:14.0141 5760 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/16 22:03:14.0187 5760 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/16 22:03:14.0234 5760 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/16 22:03:14.0281 5760 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/16 22:03:14.0328 5760 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/16 22:03:14.0375 5760 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/16 22:03:14.0437 5760 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/16 22:03:14.0499 5760 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/16 22:03:14.0562 5760 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/16 22:03:14.0609 5760 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/16 22:03:14.0671 5760 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/16 22:03:14.0718 5760 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/16 22:03:14.0749 5760 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/16 22:03:14.0780 5760 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/16 22:03:14.0811 5760 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/16 22:03:14.0827 5760 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/16 22:03:14.0874 5760 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/16 22:03:14.0889 5760 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/16 22:03:14.0983 5760 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/16 22:03:15.0123 5760 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110815.034\NAVENG.SYS
2011/08/16 22:03:15.0233 5760 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110815.034\NAVEX15.SYS
2011/08/16 22:03:15.0389 5760 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/08/16 22:03:15.0435 5760 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/16 22:03:15.0482 5760 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/16 22:03:15.0529 5760 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/16 22:03:15.0560 5760 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/16 22:03:15.0623 5760 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/08/16 22:03:15.0716 5760 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/16 22:03:15.0747 5760 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/16 22:03:15.0919 5760 NETw1v32 (d1f531b61cb35422d691e545de60554c) C:\Windows\system32\DRIVERS\NETw1v32.sys
2011/08/16 22:03:16.0106 5760 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/08/16 22:03:16.0325 5760 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/16 22:03:16.0356 5760 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/16 22:03:16.0403 5760 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/16 22:03:16.0465 5760 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/08/16 22:03:16.0527 5760 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/16 22:03:16.0574 5760 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/08/16 22:03:16.0605 5760 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/16 22:03:16.0637 5760 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/16 22:03:16.0683 5760 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/16 22:03:16.0746 5760 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/16 22:03:16.0871 5760 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/16 22:03:16.0917 5760 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/08/16 22:03:16.0980 5760 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/16 22:03:17.0027 5760 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/08/16 22:03:17.0073 5760 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/16 22:03:17.0136 5760 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/16 22:03:17.0183 5760 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/16 22:03:17.0229 5760 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/16 22:03:17.0354 5760 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2011/08/16 22:03:17.0401 5760 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/16 22:03:17.0448 5760 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/16 22:03:17.0495 5760 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/16 22:03:17.0557 5760 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/16 22:03:17.0604 5760 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/16 22:03:17.0635 5760 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/16 22:03:17.0666 5760 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/16 22:03:17.0713 5760 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/16 22:03:17.0760 5760 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/16 22:03:17.0807 5760 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/16 22:03:17.0838 5760 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/16 22:03:17.0869 5760 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/16 22:03:17.0900 5760 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/16 22:03:17.0931 5760 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/16 22:03:17.0963 5760 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/16 22:03:17.0978 5760 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/16 22:03:18.0025 5760 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/08/16 22:03:18.0056 5760 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/08/16 22:03:18.0103 5760 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/16 22:03:18.0165 5760 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/16 22:03:18.0212 5760 RTL8167 (ae51516a7f70af7b5d9070fe41442e87) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/08/16 22:03:18.0306 5760 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/16 22:03:18.0337 5760 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/16 22:03:18.0384 5760 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/16 22:03:18.0431 5760 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/16 22:03:18.0477 5760 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/16 22:03:18.0509 5760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/16 22:03:18.0571 5760 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/16 22:03:18.0602 5760 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/16 22:03:18.0633 5760 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/16 22:03:18.0680 5760 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/16 22:03:18.0696 5760 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/16 22:03:18.0711 5760 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/16 22:03:18.0743 5760 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/16 22:03:18.0789 5760 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/08/16 22:03:18.0836 5760 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/16 22:03:18.0852 5760 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/16 22:03:18.0899 5760 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/16 22:03:18.0945 5760 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/16 22:03:19.0070 5760 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS
2011/08/16 22:03:19.0133 5760 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS
2011/08/16 22:03:19.0195 5760 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/08/16 22:03:19.0226 5760 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/16 22:03:19.0289 5760 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/16 22:03:19.0335 5760 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/16 22:03:19.0382 5760 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/16 22:03:19.0413 5760 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/16 22:03:19.0476 5760 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/16 22:03:19.0507 5760 STHDA (ffe2d0a09c9c806b005c97076cc1034c) C:\Windows\system32\DRIVERS\stwrt.sys
2011/08/16 22:03:19.0601 5760 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/16 22:03:19.0694 5760 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS
2011/08/16 22:03:19.0757 5760 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS
2011/08/16 22:03:19.0803 5760 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/08/16 22:03:19.0959 5760 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS
2011/08/16 22:03:20.0069 5760 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
2011/08/16 22:03:20.0147 5760 SynTP (c93aa00fb1386cc00d0a66ba41847421) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/16 22:03:20.0240 5760 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/08/16 22:03:20.0318 5760 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/16 22:03:20.0365 5760 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/16 22:03:20.0396 5760 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/08/16 22:03:20.0427 5760 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/16 22:03:20.0443 5760 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/16 22:03:20.0537 5760 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/16 22:03:20.0599 5760 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/16 22:03:20.0646 5760 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/16 22:03:20.0693 5760 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/16 22:03:20.0786 5760 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/16 22:03:20.0833 5760 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/16 22:03:20.0880 5760 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/16 22:03:20.0958 5760 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/16 22:03:21.0005 5760 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/16 22:03:21.0020 5760 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/16 22:03:21.0052 5760 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/16 22:03:21.0067 5760 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/16 22:03:21.0114 5760 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/16 22:03:21.0145 5760 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/16 22:03:21.0161 5760 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/16 22:03:21.0208 5760 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/16 22:03:21.0239 5760 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/16 22:03:21.0270 5760 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/16 22:03:21.0301 5760 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/16 22:03:21.0379 5760 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/16 22:03:21.0426 5760 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/16 22:03:21.0457 5760 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/16 22:03:21.0520 5760 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/16 22:03:21.0551 5760 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/08/16 22:03:21.0582 5760 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/16 22:03:21.0598 5760 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/16 22:03:21.0629 5760 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/16 22:03:21.0676 5760 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/16 22:03:21.0738 5760 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/16 22:03:21.0769 5760 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/16 22:03:21.0816 5760 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/16 22:03:21.0847 5760 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/16 22:03:21.0894 5760 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/16 22:03:21.0941 5760 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/16 22:03:21.0941 5760 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/16 22:03:22.0003 5760 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/16 22:03:22.0050 5760 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/16 22:03:22.0128 5760 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/16 22:03:22.0144 5760 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/16 22:03:22.0237 5760 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/16 22:03:22.0268 5760 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/16 22:03:22.0346 5760 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/16 22:03:22.0409 5760 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/16 22:03:22.0456 5760 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/16 22:03:22.0534 5760 MBR (0x1B8) (506b0e168f1982e9487925e5b25871b8) \Device\Harddisk0\DR0
2011/08/16 22:03:22.0549 5760 Boot (0x1200) (8199e96840a5de9c241bc1cd514424c2) \Device\Harddisk0\DR0\Partition0
2011/08/16 22:03:22.0565 5760 Boot (0x1200) (5f2930e9f8e26d1465073601f58f31d6) \Device\Harddisk0\DR0\Partition1
2011/08/16 22:03:22.0612 5760 Boot (0x1200) (0a2bd7ee859a276241f18a6e25db1513) \Device\Harddisk0\DR0\Partition2
2011/08/16 22:03:22.0612 5760 ================================================================================
2011/08/16 22:03:22.0612 5760 Scan finished
2011/08/16 22:03:22.0612 5760 ================================================================================
2011/08/16 22:03:22.0627 3160 Detected object count: 0
2011/08/16 22:03:22.0627 3160 Actual detected object count: 0

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 16 August 2011 - 10:25 AM

Hi again, yes that is the correct log.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Josh1980

Josh1980
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 August 2011 - 06:38 PM

Thanks Elise! Even though I disabled the Norton 360 AV and Firewall, Combofix advised it was still active and ran anyway??

ComboFix 11-08-16.05 - Justine Davies 17/08/2011 7:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3039.1673 [GMT 8:00]
Running from: c:\users\Justine Davies\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 23:19 . 2011-08-16 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-15 09:00 . 2009-09-10 07:31 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-08-15 09:00 . 2009-09-04 07:12 180736 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-08-15 09:00 . 2009-07-24 07:51 101248 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-08-15 09:00 . 2007-08-08 20:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-08-09 01:05 . 2011-08-09 01:05 -------- d-----w- c:\program files\Common Files\Java
2011-08-09 01:01 . 2011-05-03 20:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-09 01:01 . 2011-05-03 20:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-03 10:28 . 2011-08-03 10:28 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-08-02 08:52 . 2011-08-02 08:52 -------- d-----w- c:\users\Justine Davies\AppData\Roaming\SUPERAntiSpyware.com
2011-08-02 08:52 . 2011-08-02 08:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-02 08:52 . 2011-08-02 08:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-29 12:49 . 2011-07-29 12:49 -------- d-----w- c:\users\Justine Davies\AppData\Roaming\Malwarebytes
2011-07-29 12:49 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 12:49 . 2011-07-29 12:49 -------- d-----w- c:\programdata\Malwarebytes
2011-07-29 12:49 . 2011-07-29 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 12:49 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 10:07 . 2011-08-02 08:39 -------- d-----w- c:\programdata\STOPzilla!
2011-07-20 07:27 . 2011-08-04 08:51 -------- d-----w- c:\users\Justine Davies\AppData\Roaming\Business Mobile Broadband
2011-07-20 07:25 . 2011-07-20 07:25 -------- d-----w- c:\users\Justine Davies\Optus
2011-07-20 07:23 . 2010-09-03 09:35 168960 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2011-07-20 07:23 . 2010-09-03 09:34 27008 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2011-07-20 07:23 . 2010-08-24 14:52 82816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2011-07-20 07:23 . 2010-07-27 07:25 72832 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2011-07-20 07:23 . 2010-07-27 07:25 51712 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2011-07-20 07:23 . 2010-05-04 08:50 19456 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2011-07-20 07:23 . 2009-07-14 04:27 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2011-07-20 07:23 . 2010-03-20 04:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-07-20 07:23 . 2010-07-27 01:52 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-07-20 07:22 . 2011-08-03 10:38 -------- d-----w- c:\program files\Business Mobile Broadband
2011-07-20 07:22 . 2011-08-15 09:01 -------- d-----w- c:\programdata\DatacardService
2011-07-19 10:12 . 2009-12-12 06:49 8192 ----a-w- c:\windows\system32\drivers\HuaweiWiMAXUSBCo.dll
2011-07-19 10:12 . 2009-12-12 06:49 66560 ----a-w- c:\windows\system32\drivers\HuaweiWiMAXUSB.sys
2011-07-19 10:12 . 2009-12-12 06:49 8192 ----a-w- c:\windows\system32\HuaweiWiMAXUSBCo.dll
2011-07-19 10:12 . 2011-07-22 00:12 -------- d-----w- c:\program files\vividwireless
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 03:32 . 2011-05-06 11:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2011-04-05 2692024]
"HW_OPENEYE_OUC_Business Mobile Broadband"="c:\program files\Business Mobile Broadband\UpdateDog\ouc.exe" [2009-07-27 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-14 467036]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\users\Justine Davies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start Optus Remote Diagnostics.lnk - c:\users\Justine Davies\Optus\Remote Diagnostics\cpmmgrd.exe [2010-9-13 296448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-31 795936]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-09-04 180736]
R3 HuaweiWiMAXUSB;HuaweiWiMAXUSB Device driver;c:\windows\system32\DRIVERS\HuaweiWiMAXUSB.sys [2009-12-12 66560]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
R3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-23 815736]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110815.030\IDSvix86.sys [2011-08-01 367736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2010-02-14 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-09-29 249856]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: skillport.com\subway
TCP: Interfaces\{64436B9A-0C54-44D1-BD90-A14F2A27EB48}: NameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{FEB03BD7-3849-48B6-A7F3-AE8A6ED3B1F9}: NameServer = 198.142.0.51 61.88.88.88
FF - ProfilePath - c:\users\Justine Davies\AppData\Roaming\Mozilla\Firefox\Profiles\037u33mi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,9c,d5,9f,36,bf,4f,4e,91,50,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,9c,d5,9f,36,bf,4f,4e,91,50,f9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-17 07:22:18
ComboFix-quarantined-files.txt 2011-08-16 23:22
.
Pre-Run: 394,272,325,632 bytes free
Post-Run: 394,177,249,280 bytes free
.
- - End Of File - - FCD128A531AD7477839CBC1C4F4162EF

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 17 August 2011 - 04:02 AM

I see no signs of malware here. What problems are you still having at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Josh1980

Josh1980
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 17 August 2011 - 07:11 AM

Hi Elise,

I wasn't having any real functionality problems... it was just that I started getting massive data usage on my internet plan which included both upload data and download data. Usage when I wasn't actually using my computer.... I generally don't really do anything that causes high data usage. The ISP changed my sim, mobile broadband dongle, service number and it keeps going. They seem to think it some sort of virus (or malware)?
When I started running some tests (i.e. Malwarebytes) it found a few trojans (Hiloti Trojan) and deleted them but it didn't stop the data usage issues I was having. I am just unsure if there is anything on else on my computer causing the issue or if it's something else??

So you don't think I have a rootkit?

Cheers,

Josh

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 17 August 2011 - 02:58 PM

No, I see no sings of rootkit activity. Is it possible someone could be using your internet connection without your knowledge (if it is wireless, a neighbour or so)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Josh1980

Josh1980
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 17 August 2011 - 06:35 PM

Nah, there is no wireless network created with these.. That is all I really needed to know though so thanks very much!!!!

I have disconnected from that ISP so I'll just monitor my usage with the new one I've got.

Thanks Elise!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 18 August 2011 - 03:01 AM

You are most welcome. :) Lets do a last few steps to make sure everything is okay and up to date.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users