Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have the boot.tidserv infection


  • This topic is locked This topic is locked
6 replies to this topic

#1 goodle

goodle

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 September 2011 - 11:13 PM

New to the forum can anyone let me know the first step. I have ran literally every virus/ad ware removal program out their and it remains the 1 and only virus on my computer. Would appreciate the help.

Would seriously appreciate the help guys, I have tried absolutely everything.

Here are both the files from running DDS.

Merged 3 posts. ~ OB

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Shawn at 21:29:31 on 2011-09-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1926 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost -k DcomLaunch
D:\WINDOWS\system32\svchost -k rpcss
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
D:\Program Files\IObit\Game Booster\gbtray.exe
D:\Program Files\Application Updater\ApplicationUpdater.exe
D:\Program Files\Hi-Rez Studios\HiPatchService.exe
D:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\WINDOWS\System32\svchost.exe -k itnetsvc
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\system32\RunDLL32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - d:\program files\iobit toolbar\ie\4.6\iobitToolbarIE.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - d:\program files\utorrentbar\tbuTo1.dll
uURLSearchHooks: H - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - d:\program files\iobit toolbar\ie\4.6\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - d:\program files\conduitengine\ConduitEngin0.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - d:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - d:\program files\utorrentbar\tbuTo1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - d:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - d:\program files\conduitengine\ConduitEngin0.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - d:\program files\iobit toolbar\ie\4.6\iobitToolbarIE.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [SpeedUpMyPC] "d:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] "RUNDLL32.EXE" d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "d:\program files\nvidia corporation\nview\nwiz.exe" /installquiet
mRun: [<NO NAME>]
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - d:\program files\superfish\window shopper\SuperfishIEAddon.dll
LSP: d:\program files\common files\pc tools\lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{9325E929-F2A7-4879-B75A-211DDB57AD28} : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: inetsw32 - inetsw32.dll
Notify: inetwork - inetsw32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [2010-4-11 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [2010-4-11 5248]
R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [2011-9-10 239168]
R0 pctDS;PC Tools Data Store;d:\windows\system32\drivers\pctDS.sys [2011-9-10 338880]
R0 pctEFA;PC Tools Extended File Attributes;d:\windows\system32\drivers\pctEFA.sys [2011-9-10 656320]
R0 SmartDefragDriver;SmartDefragDriver;d:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-25 14776]
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-9-9 340088]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-9-9 744568]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110901.001\BHDrvx86.sys [2011-9-2 815736]
R1 SBRE;SBRE;d:\windows\system32\drivers\SBREDrv.sys [2011-9-7 93360]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-9-9 136312]
R2 Application Updater;Application Updater;d:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\hi-rez studios\HiPatchService.exe [2011-4-21 23680]
R2 IS360service;IS360service;d:\program files\iobit\iobit security 360\is360srv.exe [2011-1-25 312152]
R2 itlperf;Network Location Awarenes;d:\windows\system32\svchost.exe -k itnetsvc [2008-4-13 14336]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-10 366640]
R2 NAV;Norton AntiVirus;d:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-9-9 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-29 2255464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-8 105592]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110909.030\IDSXpx86.sys [2011-9-9 356280]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2011-9-10 22712]
R3 NAVENG;NAVENG;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110911.002\NAVENG.SYS [2011-9-11 86136]
R3 NAVEX15;NAVEX15;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110911.002\NAVEX15.SYS [2011-9-11 1576312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2010-4-18 1691480]
S3 cpuz130;cpuz130; [x]
S3 GPU-Z;GPU-Z; [x]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\pc tools security\pctsAuxs.exe [2011-9-10 366840]
S3 sdCoreService;PC Tools Security Service;d:\program files\pc tools security\pctsSvc.exe [2011-9-10 1150936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-10 12:32:24 656320 ----a-w- d:\windows\system32\drivers\pctEFA.sys
2011-09-10 12:32:24 338880 ----a-w- d:\windows\system32\drivers\pctDS.sys
2011-09-10 12:32:24 251560 ----a-w- d:\windows\system32\drivers\pctgntdi.sys
2011-09-10 12:32:18 239168 ----a-w- d:\windows\system32\drivers\PCTCore.sys
2011-09-10 12:32:18 160448 ----a-w- d:\windows\system32\drivers\PCTAppEvent.sys
2011-09-10 12:32:13 70536 ----a-w- d:\windows\system32\drivers\pctplsg.sys
2011-09-10 12:32:06 -------- d-----w- d:\program files\PC Tools Security
2011-09-10 12:32:06 -------- d-----w- d:\program files\common files\PC Tools
2011-09-10 12:32:06 -------- d-----w- d:\documents and settings\shawn\application data\PC Tools
2011-09-10 12:30:51 -------- d-----w- d:\documents and settings\all users\application data\PC Tools
2011-09-10 12:00:53 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-09-10 12:00:49 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-09-10 11:43:55 -------- d-----w- d:\documents and settings\shawn\application data\Uniblue
2011-09-10 11:43:47 -------- dc-h--w- d:\documents and settings\all users\application data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-09-10 11:43:44 -------- d-----w- d:\program files\Uniblue
2011-09-10 11:42:13 -------- d-----w- d:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-10 11:37:20 -------- d-----w- d:\documents and settings\shawn\local settings\application data\PackageAware
2011-09-09 09:55:56 744568 ----a-w- d:\windows\system32\drivers\nav\1206000.01d\symefa.sys
2011-09-09 09:55:56 50168 ----a-w- d:\windows\system32\drivers\nav\1206000.01d\srtspx.sys
2011-09-09 09:55:56 369784 ----a-w- d:\windows\system32\drivers\nav\1206000.01d\symtdi.sys
2011-09-09 09:55:56 340088 ----a-w- d:\windows\system32\drivers\nav\1206000.01d\symds.sys
2011-09-09 09:55:56 331384 ----a-w- d:\windows\system32\drivers\nav\1206000.01d\symtdiv.sys
2011-09-09 09:55:56 296568 ----a-w- d:\windows\system32\drivers\nav\1206000.01d\symnets.sys
2011-09-09 09:55:55 516216 ----a-w- d:\windows\system32\drivers\nav\1206000.01d\srtsp.sys
2011-09-09 09:55:55 136312 ----a-w- d:\windows\system32\drivers\nav\1206000.01d\ironx86.sys
2011-09-09 09:55:33 -------- d-----w- d:\windows\system32\drivers\nav\1206000.01D
2011-09-09 02:54:03 60872 ----a-w- d:\windows\system32\S32EVNT1.DLL
2011-09-09 02:54:03 126584 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2011-09-09 02:54:03 -------- d-----w- d:\program files\Symantec
2011-09-09 02:53:28 -------- d-----w- d:\windows\system32\drivers\NAV
2011-09-09 02:53:26 -------- d-----w- d:\program files\Norton AntiVirus
2011-09-09 02:53:19 -------- d-----w- d:\program files\NortonInstaller
2011-09-09 02:43:22 -------- d-----w- d:\program files\MSSOAP
2011-09-09 02:43:10 -------- d-----w- d:\documents and settings\shawn\local settings\application data\Sunbelt Software
2011-09-08 11:09:25 218112 ----a-w- d:\windows\system32\itnetw32.dll
2011-09-08 11:07:25 35840 ----a-w- d:\windows\system32\inetsw32.dll
2011-09-08 08:37:42 -------- d-----w- d:\program files\Webroot
2011-09-08 08:37:42 -------- d-----w- d:\documents and settings\all users\application data\Webroot
2011-09-08 06:32:46 93360 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-09-08 06:09:06 -------- d-----w- d:\windows\system32\wbem\repository\FS
2011-09-08 06:09:06 -------- d-----w- d:\windows\system32\wbem\Repository
2011-09-08 05:31:49 -------- dc----w- d:\documents and settings\all users\application data\{83C91755-2546-441D-AC40-9A6B4B860800}
2011-09-08 05:31:40 -------- d-----w- d:\program files\Lavasoft
2011-08-30 03:32:09 -------- d-----w- d:\documents and settings\shawn\application data\Search Settings
2011-08-30 03:32:07 -------- d-----w- d:\program files\IObit Toolbar
2011-08-30 03:32:07 -------- d-----w- d:\program files\common files\Spigot
2011-08-30 03:32:07 -------- d-----w- d:\program files\Application Updater
2011-08-29 03:50:15 -------- d-----w- d:\documents and settings\shawn\local settings\application data\dxhr
2011-08-29 03:49:37 -------- d-----w- d:\documents and settings\shawn\local settings\application data\28050
2011-08-24 03:21:09 -------- d-----w- d:\program files\Alcohol Soft
2011-08-24 03:18:29 436792 ----a-w- d:\windows\system32\drivers\sptd.sys
2011-08-22 07:42:23 -------- d-----w- d:\documents and settings\shawn\application data\runic games
.
==================== Find3M ====================
.
2011-09-09 03:37:43 507904 ----a-w- d:\windows\system32\winlogon.exe
2011-09-08 08:08:10 0 ----a-w- d:\windows\Hnomujugerud.bin
2011-09-03 10:17:37 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-07-29 08:12:57 280140 ----a-w- d:\windows\system32\nvdrsdb1.bin
2011-07-29 08:12:57 1 ----a-w- d:\windows\system32\nvdrssel.bin
2011-07-29 08:12:54 280140 ----a-w- d:\windows\system32\nvdrsdb0.bin
2011-07-15 13:29:31 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- d:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18:34 81920 ----a-w- d:\windows\system32\ieencode.dll
2011-06-21 18:18:34 667136 ----a-w- d:\windows\system32\wininet.dll
2011-06-21 18:18:34 61952 ----a-w- d:\windows\system32\tdc.ocx
2011-06-21 12:58:45 369664 ----a-w- d:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- d:\windows\system32\winsrv.dll
2004-01-29 20:24:40 40960 ----a-w- d:\program files\MouseFix.exe
.
============= FINISH: 21:30:17.18 ===============

Attached Files


Edited by Noviciate, 12 September 2011 - 03:12 PM.
DDS log added from attachment


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:03 AM

Posted 12 September 2011 - 03:13 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 goodle

goodle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 12 September 2011 - 03:18 PM

2011/09/12 13:17:49.0312 1900 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/12 13:17:50.0984 1900 ================================================================================
2011/09/12 13:17:50.0984 1900 SystemInfo:
2011/09/12 13:17:50.0984 1900
2011/09/12 13:17:50.0984 1900 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/12 13:17:50.0984 1900 Product type: Workstation
2011/09/12 13:17:50.0984 1900 ComputerName: COMPUTER_1
2011/09/12 13:17:50.0984 1900 UserName: Shawn
2011/09/12 13:17:50.0984 1900 Windows directory: D:\WINDOWS
2011/09/12 13:17:50.0984 1900 System windows directory: D:\WINDOWS
2011/09/12 13:17:50.0984 1900 Processor architecture: Intel x86
2011/09/12 13:17:50.0984 1900 Number of processors: 2
2011/09/12 13:17:50.0984 1900 Page size: 0x1000
2011/09/12 13:17:50.0984 1900 Boot type: Normal boot
2011/09/12 13:17:50.0984 1900 ================================================================================
2011/09/12 13:17:52.0500 1900 Initialize success
2011/09/12 13:17:54.0187 3580 ================================================================================
2011/09/12 13:17:54.0187 3580 Scan started
2011/09/12 13:17:54.0187 3580 Mode: Manual;
2011/09/12 13:17:54.0187 3580 ================================================================================
2011/09/12 13:17:55.0281 3580 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/12 13:17:55.0328 3580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/12 13:17:55.0375 3580 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
2011/09/12 13:17:55.0421 3580 AFD (355556d9e580915118cd7ef736653a89) D:\WINDOWS\System32\drivers\afd.sys
2011/09/12 13:17:55.0531 3580 Ambfilt (267fc636801edc5ab28e14036349e3be) D:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/12 13:17:55.0625 3580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/12 13:17:55.0640 3580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/12 13:17:55.0671 3580 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/12 13:17:55.0703 3580 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/12 13:17:55.0750 3580 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/09/12 13:17:55.0921 3580 BHDrvx86 (378a5e067c170dc6046226ba61ff205f) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110901.001\BHDrvx86.sys
2011/09/12 13:17:55.0984 3580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/12 13:17:56.0046 3580 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/12 13:17:56.0046 3580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/12 13:17:56.0062 3580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/12 13:17:56.0140 3580 d347bus (5776322f93cdb91086111f5ffbfda2a0) D:\WINDOWS\system32\DRIVERS\d347bus.sys
2011/09/12 13:17:56.0140 3580 d347prt (b49f79ace459763f4e0380071be9cb45) D:\WINDOWS\system32\Drivers\d347prt.sys
2011/09/12 13:17:56.0187 3580 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/12 13:17:56.0218 3580 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
2011/09/12 13:17:56.0234 3580 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
2011/09/12 13:17:56.0234 3580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/09/12 13:17:56.0265 3580 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
2011/09/12 13:17:56.0281 3580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/12 13:17:56.0421 3580 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/09/12 13:17:56.0453 3580 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/12 13:17:56.0484 3580 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/12 13:17:56.0515 3580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/12 13:17:56.0515 3580 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
2011/09/12 13:17:56.0531 3580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/12 13:17:56.0578 3580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/12 13:17:56.0593 3580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/12 13:17:56.0609 3580 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/12 13:17:56.0640 3580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/12 13:17:56.0671 3580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/12 13:17:56.0687 3580 HDAudBus (573c7d0a32852b48f3058cfd8026f511) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/12 13:17:56.0718 3580 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/12 13:17:56.0765 3580 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) D:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/12 13:17:56.0781 3580 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) D:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/12 13:17:56.0859 3580 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) D:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/12 13:17:56.0937 3580 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/12 13:17:56.0984 3580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/12 13:17:57.0078 3580 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110909.030\IDSxpx86.sys
2011/09/12 13:17:57.0093 3580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/12 13:17:57.0656 3580 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) D:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/12 13:17:57.0703 3580 intelppm (8c953733d8f36eb2133f5bb58808b66b) D:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/12 13:17:57.0750 3580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/12 13:17:57.0781 3580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/12 13:17:57.0796 3580 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/12 13:17:57.0843 3580 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/12 13:17:57.0890 3580 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/12 13:17:57.0921 3580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/12 13:17:57.0953 3580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/12 13:17:58.0000 3580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/12 13:17:58.0031 3580 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/12 13:17:58.0062 3580 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
2011/09/12 13:17:58.0093 3580 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/12 13:17:58.0140 3580 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) D:\WINDOWS\system32\drivers\mbam.sys
2011/09/12 13:17:58.0187 3580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/12 13:17:58.0234 3580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
2011/09/12 13:17:58.0312 3580 Monfilt (c7d9f9717916b34c1b00dd4834af485c) D:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/12 13:17:58.0328 3580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/12 13:17:58.0359 3580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/12 13:17:58.0375 3580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/12 13:17:58.0421 3580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/12 13:17:58.0484 3580 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/12 13:17:58.0500 3580 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
2011/09/12 13:17:58.0546 3580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/12 13:17:58.0562 3580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/12 13:17:58.0578 3580 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/12 13:17:58.0625 3580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/12 13:17:58.0671 3580 Mup (de6a75f5c270e756c5508d94b6cf68f5) D:\WINDOWS\system32\drivers\Mup.sys
2011/09/12 13:17:58.0843 3580 NAVENG (862f55824ac81295837b0ab63f91071f) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110912.003\NAVENG.SYS
2011/09/12 13:17:58.0921 3580 NAVEX15 (529d571b551cb9da44237389b936f1ae) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110912.003\NAVEX15.SYS
2011/09/12 13:17:58.0984 3580 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
2011/09/12 13:17:59.0046 3580 NdisTapi (0109c4f3850dfbab279542515386ae22) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/12 13:17:59.0078 3580 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/12 13:17:59.0078 3580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/12 13:17:59.0125 3580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/12 13:17:59.0140 3580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/12 13:17:59.0187 3580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/12 13:17:59.0218 3580 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
2011/09/12 13:17:59.0234 3580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/12 13:17:59.0265 3580 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/09/12 13:17:59.0671 3580 nv (6720bf6ff522753b5c0514ed4bdb6e7f) D:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/12 13:18:00.0062 3580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/12 13:18:00.0093 3580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/12 13:18:00.0125 3580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/12 13:18:00.0125 3580 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/12 13:18:00.0140 3580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/12 13:18:00.0156 3580 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/12 13:18:00.0203 3580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/12 13:18:00.0218 3580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/12 13:18:00.0265 3580 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) D:\WINDOWS\system32\drivers\PCTCore.sys
2011/09/12 13:18:00.0296 3580 pctDS (f820b4c61d1e591325b679d479d4eea4) D:\WINDOWS\system32\drivers\pctDS.sys
2011/09/12 13:18:00.0328 3580 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) D:\WINDOWS\system32\drivers\pctEFA.sys
2011/09/12 13:18:00.0453 3580 PnkBstrK (3c14f9c6ad6fb22b6695cd120ae94308) D:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/09/12 13:18:00.0468 3580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/12 13:18:00.0500 3580 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/12 13:18:00.0515 3580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/12 13:18:00.0546 3580 PxHelp20 (153d02480a0a2f45785522e814c634b6) D:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/12 13:18:00.0609 3580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/12 13:18:00.0656 3580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/12 13:18:00.0671 3580 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/12 13:18:00.0671 3580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/12 13:18:00.0687 3580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/12 13:18:00.0703 3580 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/12 13:18:00.0734 3580 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/12 13:18:00.0781 3580 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/12 13:18:00.0812 3580 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/12 13:18:00.0828 3580 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/12 13:18:00.0875 3580 SBRE (72aecf54aac22b20956d08610972b5a1) D:\WINDOWS\system32\drivers\SBREdrv.sys
2011/09/12 13:18:00.0953 3580 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/12 13:18:01.0000 3580 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/12 13:18:01.0015 3580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/12 13:18:01.0062 3580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/12 13:18:01.0109 3580 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) D:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/09/12 13:18:01.0171 3580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
2011/09/12 13:18:01.0218 3580 sptd (a199171385be17973fd800fa91f8f78a) D:\WINDOWS\system32\Drivers\sptd.sys
2011/09/12 13:18:01.0218 3580 Suspicious file (NoAccess): D:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/09/12 13:18:01.0218 3580 sptd - detected LockedFile.Multi.Generic (1)
2011/09/12 13:18:01.0250 3580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/12 13:18:01.0296 3580 SRTSP (83726cf02eced69138948083e06b6eac) D:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
2011/09/12 13:18:01.0343 3580 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) D:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
2011/09/12 13:18:01.0359 3580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/12 13:18:01.0390 3580 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/12 13:18:01.0406 3580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
2011/09/12 13:18:01.0468 3580 SymDS (9bbeb8c6258e72d62e7560e6667aad39) D:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
2011/09/12 13:18:01.0562 3580 SymEFA (d5c02629c02a820a7e71bca3d44294a3) D:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
2011/09/12 13:18:01.0609 3580 SymEvent (ab33c3b196197ca467cbdda717860dba) D:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/09/12 13:18:01.0609 3580 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) D:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
2011/09/12 13:18:01.0656 3580 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) D:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
2011/09/12 13:18:01.0687 3580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/12 13:18:01.0750 3580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/12 13:18:01.0781 3580 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/12 13:18:01.0796 3580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/12 13:18:01.0812 3580 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/12 13:18:01.0859 3580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
2011/09/12 13:18:01.0921 3580 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
2011/09/12 13:18:01.0937 3580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/12 13:18:01.0953 3580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/12 13:18:01.0968 3580 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/12 13:18:02.0000 3580 usbprint (a717c8721046828520c9edf31288fc00) D:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/12 13:18:02.0031 3580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/12 13:18:02.0046 3580 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/12 13:18:02.0093 3580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/12 13:18:02.0109 3580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
2011/09/12 13:18:02.0156 3580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/12 13:18:02.0171 3580 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/12 13:18:02.0187 3580 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/12 13:18:02.0281 3580 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) D:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/12 13:18:02.0312 3580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/12 13:18:02.0484 3580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/09/12 13:18:02.0562 3580 Boot (0x1200) (55e074b175206d14705d2e9ecd893b85) \Device\Harddisk0\DR0\Partition0
2011/09/12 13:18:02.0593 3580 Boot (0x1200) (ce0c8ae017fa0d3d11687a847fd9e812) \Device\Harddisk1\DR1\Partition0
2011/09/12 13:18:02.0593 3580 ================================================================================
2011/09/12 13:18:02.0593 3580 Scan finished
2011/09/12 13:18:02.0593 3580 ================================================================================
2011/09/12 13:18:02.0609 2900 Detected object count: 1
2011/09/12 13:18:02.0609 2900 Actual detected object count: 1
2011/09/12 13:18:07.0046 2900 LockedFile.Multi.Generic(sptd) - User select action: Skip

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:03 AM

Posted 13 September 2011 - 02:32 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#5 goodle

goodle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 September 2011 - 09:04 PM

Whenever i download combo fix it only gives me the option to run or cancel not save. When i click run the program goes and just quits out and I have no idea where the log even goes. Combo fix is the only program so far I have had any trouble using.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:03 AM

Posted 14 September 2011 - 03:18 PM

Good evening. :)

Whenever i download combo fix it only gives me the option to run or cancel not save.

If you are using IE, right click the download button/link and select Save Target As... and rename the file before you download it.

So long, and thanks for all the fish.

 

 


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:03 AM

Posted 18 September 2011 - 03:20 PM

As there has been no response for four days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users