Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan


  • This topic is locked This topic is locked
14 replies to this topic

#1 big_dog22088

big_dog22088

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 20 September 2011 - 11:42 AM

I noticed yesterday while surfing the internet that I most likely had a Trojan virus because when I would go to a page, some sort of popup came up saying it was going to run a quick antivirus scan. I immediately closed out of it and ran a full scan with my Norton Antivirus. It found a Trojan called Trojan.Bamital.B!inf. Norton states manual removal is required. The Norton website recommended running Norton Power Eraser and that did nothing. It then recommends installing Norton Bootable Recovery Tool. I did so and set it up on a disk but never ran it. I am trying to avoid having to do a system recovery. Your help would be greatly appreciated. Besides the antivirus scan that tried to run, the only other problem I've noticed is my computer has slowed down greatly in the last couple months. Mainly my Firefox and Chrome. I was using Firefox but switched to Chrome. Thank you for your time!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:57 PM

Posted 20 September 2011 - 09:15 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 big_dog22088

big_dog22088
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 21 September 2011 - 12:33 AM

Here are the logs from the guide.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_27
Run by Fisher at 20:47:04 on 2011-09-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.366 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: @c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\fisher\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [NDSTray.exe] NDSTray.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1363.0\mswinext.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{68B7825B-0004-47C7-8EBF-E91A63600B54} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fisher\application data\mozilla\firefox\profiles\7978nk1l.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\fisher\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110909.001\BHDrvx86.sys [2011-9-9 816760]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-7-4 266240]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-4 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110917.033\IDSXpx86.sys [2011-9-19 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110920.019\NAVENG.SYS [2011-9-20 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110920.019\NAVEX15.SYS [2011-9-20 1576312]
S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi10.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI10.sys [?]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi9.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
.
=============== Created Last 30 ================
.
2011-09-20 15:51:53 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0401000.00F
2011-09-20 15:51:53 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-09-20 15:51:49 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-08-25 23:22:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-24 22:35:34 -------- d-----w- c:\program files\Blackboard
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-24 16:50:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 12:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-10-19 19:27:38 18216 ----a-w- c:\program files\common files\ufuzalysev.sys
2009-10-19 19:27:38 11047 ----a-w- c:\program files\common files\ofohe.sys
.
============= FINISH: 20:48:56.23 ===============

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 25 September 2011 - 11:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419733 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 big_dog22088

big_dog22088
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 27 September 2011 - 04:54 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_27
Run by Fisher at 11:53:57 on 2011-09-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.251 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fisher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: @c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\fisher\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [NDSTray.exe] NDSTray.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1363.0\mswinext.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{68B7825B-0004-47C7-8EBF-E91A63600B54} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fisher\application data\mozilla\firefox\profiles\7978nk1l.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\fisher\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-7-4 266240]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-4 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110924.030\IDSXpx86.sys [2011-9-26 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110926.019\NAVENG.SYS [2011-9-26 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110926.019\NAVEX15.SYS [2011-9-26 1576312]
S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi10.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI10.sys [?]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi9.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
.
=============== Created Last 30 ================
.
2011-09-20 15:51:53 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0401000.00F
2011-09-20 15:51:53 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-09-20 15:51:49 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-24 16:50:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 12:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 09:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2009-10-19 19:27:38 18216 ----a-w- c:\program files\common files\ufuzalysev.sys
2009-10-19 19:27:38 11047 ----a-w- c:\program files\common files\ofohe.sys
.
============= FINISH: 11:55:37.64 ===============

Attached Files



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:57 PM

Posted 27 September 2011 - 05:21 PM

Hello big_dog22088,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.




2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 big_dog22088

big_dog22088
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 27 September 2011 - 06:17 PM

15:29:40.0396 4420 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
15:29:40.0927 4420 ============================================================
15:29:40.0927 4420 Current date / time: 2011/09/27 15:29:40.0927
15:29:40.0927 4420 SystemInfo:
15:29:40.0927 4420
15:29:40.0927 4420 OS Version: 5.1.2600 ServicePack: 3.0
15:29:40.0927 4420 Product type: Workstation
15:29:40.0927 4420 ComputerName: ADAM
15:29:40.0927 4420 UserName: Fisher
15:29:40.0927 4420 Windows directory: C:\WINDOWS
15:29:40.0927 4420 System windows directory: C:\WINDOWS
15:29:40.0927 4420 Processor architecture: Intel x86
15:29:40.0927 4420 Number of processors: 1
15:29:40.0927 4420 Page size: 0x1000
15:29:40.0927 4420 Boot type: Normal boot
15:29:40.0927 4420 ============================================================
15:29:45.0990 4420 Initialize success
15:30:06.0084 5000 ============================================================
15:30:06.0084 5000 Scan started
15:30:06.0084 5000 Mode: Manual;
15:30:06.0084 5000 ============================================================
15:30:08.0397 5000 Abiosdsk - ok
15:30:08.0897 5000 abp480n5 - ok
15:30:09.0741 5000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:30:09.0834 5000 ACPI - ok
15:30:10.0553 5000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:30:10.0569 5000 ACPIEC - ok
15:30:11.0053 5000 adpu160m - ok
15:30:11.0897 5000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:30:11.0960 5000 aec - ok
15:30:12.0725 5000 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:30:12.0741 5000 AegisP - ok
15:30:13.0647 5000 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
15:30:13.0725 5000 AFD - ok
15:30:15.0085 5000 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:30:15.0897 5000 AgereSoftModem - ok
15:30:16.0397 5000 Aha154x - ok
15:30:17.0132 5000 aic78u2 - ok
15:30:17.0944 5000 aic78xx - ok
15:30:18.0460 5000 AliIde - ok
15:30:19.0163 5000 amsint - ok
15:30:19.0960 5000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:30:19.0991 5000 Arp1394 - ok
15:30:20.0475 5000 asc - ok
15:30:21.0179 5000 asc3350p - ok
15:30:21.0679 5000 asc3550 - ok
15:30:22.0444 5000 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
15:30:22.0444 5000 ASCTRM - ok
15:30:23.0194 5000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:30:23.0194 5000 AsyncMac - ok
15:30:23.0851 5000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:30:23.0851 5000 atapi - ok
15:30:24.0632 5000 Atdisk - ok
15:30:25.0397 5000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:30:25.0429 5000 Atmarpc - ok
15:30:25.0960 5000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:30:25.0976 5000 audstub - ok
15:30:26.0491 5000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:30:26.0491 5000 Beep - ok
15:30:27.0194 5000 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx86.sys
15:30:27.0648 5000 BHDrvx86 - ok
15:30:27.0663 5000 catchme - ok
15:30:28.0304 5000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:30:28.0319 5000 cbidf2k - ok
15:30:28.0866 5000 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:30:28.0866 5000 CCDECODE - ok
15:30:29.0366 5000 cd20xrnt - ok
15:30:29.0898 5000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:30:29.0913 5000 Cdaudio - ok
15:30:30.0460 5000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:30:30.0491 5000 Cdfs - ok
15:30:31.0038 5000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:30:31.0085 5000 Cdrom - ok
15:30:31.0585 5000 Changer - ok
15:30:32.0179 5000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:30:32.0179 5000 CmBatt - ok
15:30:32.0679 5000 CmdIde - ok
15:30:33.0195 5000 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:30:33.0195 5000 Compbatt - ok
15:30:33.0695 5000 Cpqarray - ok
15:30:34.0257 5000 dac2w2k - ok
15:30:34.0742 5000 dac960nt - ok
15:30:35.0273 5000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:30:35.0304 5000 Disk - ok
15:30:35.0820 5000 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:30:35.0851 5000 DLABOIOM - ok
15:30:36.0351 5000 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:30:36.0367 5000 DLACDBHM - ok
15:30:36.0851 5000 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
15:30:36.0851 5000 DLADResN - ok
15:30:37.0507 5000 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:30:37.0570 5000 DLAIFS_M - ok
15:30:38.0038 5000 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:30:38.0054 5000 DLAOPIOM - ok
15:30:38.0523 5000 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:30:38.0554 5000 DLAPoolM - ok
15:30:39.0085 5000 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
15:30:39.0117 5000 DLARTL_N - ok
15:30:39.0632 5000 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:30:39.0695 5000 DLAUDFAM - ok
15:30:40.0210 5000 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:30:40.0273 5000 DLAUDF_M - ok
15:30:41.0226 5000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:30:41.0648 5000 dmboot - ok
15:30:42.0304 5000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:30:42.0382 5000 dmio - ok
15:30:42.0976 5000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:30:42.0992 5000 dmload - ok
15:30:43.0554 5000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:30:43.0570 5000 DMusic - ok
15:30:44.0070 5000 dpti2o - ok
15:30:44.0601 5000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:30:44.0601 5000 drmkaud - ok
15:30:45.0148 5000 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:30:45.0195 5000 DRVMCDB - ok
15:30:45.0711 5000 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:30:45.0757 5000 DRVNDDM - ok
15:30:46.0570 5000 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:30:46.0664 5000 E100B - ok
15:30:47.0367 5000 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:30:47.0461 5000 e1express - ok
15:30:47.0804 5000 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:30:48.0008 5000 eeCtrl - ok
15:30:48.0070 5000 EraserUtilDrvI10 - ok
15:30:48.0101 5000 EraserUtilDrvI9 - ok
15:30:48.0226 5000 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:30:48.0289 5000 EraserUtilRebootDrv - ok
15:30:48.0992 5000 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
15:30:49.0054 5000 ezplay - ok
15:30:49.0648 5000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:30:49.0726 5000 Fastfat - ok
15:30:50.0273 5000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:30:50.0289 5000 Fdc - ok
15:30:50.0836 5000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:30:50.0867 5000 Fips - ok
15:30:51.0383 5000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:30:51.0398 5000 Flpydisk - ok
15:30:51.0992 5000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:30:52.0055 5000 FltMgr - ok
15:30:52.0680 5000 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
15:30:52.0711 5000 fssfltr - ok
15:30:53.0398 5000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:30:53.0398 5000 Fs_Rec - ok
15:30:53.0961 5000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:30:54.0039 5000 Ftdisk - ok
15:30:54.0617 5000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:30:54.0633 5000 GEARAspiWDM - ok
15:30:55.0195 5000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:30:55.0211 5000 Gpc - ok
15:30:55.0820 5000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:30:55.0898 5000 HDAudBus - ok
15:30:56.0445 5000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:30:56.0461 5000 HidUsb - ok
15:30:56.0977 5000 hpn - ok
15:30:57.0570 5000 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:30:57.0602 5000 HPZid412 - ok
15:30:58.0195 5000 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:30:58.0195 5000 HPZipr12 - ok
15:30:58.0727 5000 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:30:58.0742 5000 HPZius12 - ok
15:30:59.0430 5000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:30:59.0586 5000 HTTP - ok
15:31:00.0102 5000 i2omgmt - ok
15:31:00.0602 5000 i2omp - ok
15:31:01.0211 5000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:31:01.0242 5000 i8042prt - ok
15:31:02.0571 5000 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:31:03.0305 5000 ialm - ok
15:31:03.0696 5000 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110924.030\IDSxpx86.sys
15:31:03.0899 5000 IDSxpx86 - ok
15:31:04.0571 5000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:31:04.0586 5000 Imapi - ok
15:31:05.0086 5000 ini910u - ok
15:31:05.0618 5000 IntcAzAudAddService (179d9fcef5c60b5f8bd5fe8d098f1ed7) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:31:08.0039 5000 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: 179d9fcef5c60b5f8bd5fe8d098f1ed7, Fake md5: b12a9fc49cd2765a43829d834f518aed
15:31:08.0055 5000 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
15:31:08.0055 5000 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
15:31:08.0649 5000 IntelIde - ok
15:31:09.0196 5000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:31:09.0227 5000 intelppm - ok
15:31:09.0758 5000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:31:09.0774 5000 Ip6Fw - ok
15:31:10.0305 5000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:31:10.0321 5000 IpFilterDriver - ok
15:31:10.0868 5000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:31:10.0883 5000 IpInIp - ok
15:31:11.0477 5000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:31:11.0571 5000 IpNat - ok
15:31:12.0133 5000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:31:12.0180 5000 IPSec - ok
15:31:12.0727 5000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:31:12.0727 5000 IRENUM - ok
15:31:13.0274 5000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:31:13.0290 5000 isapnp - ok
15:31:13.0837 5000 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
15:31:13.0852 5000 Iviaspi - ok
15:31:14.0368 5000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:31:14.0383 5000 Kbdclass - ok
15:31:15.0133 5000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:31:15.0227 5000 kmixer - ok
15:31:15.0837 5000 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
15:31:15.0946 5000 KR10N - ok
15:31:16.0524 5000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:31:16.0571 5000 KSecDD - ok
15:31:17.0118 5000 lbrtfdc - ok
15:31:17.0805 5000 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
15:31:17.0868 5000 meiudf - ok
15:31:18.0384 5000 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:31:18.0399 5000 MHNDRV - ok
15:31:18.0915 5000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:31:18.0930 5000 mnmdd - ok
15:31:19.0509 5000 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:31:19.0555 5000 Modem - ok
15:31:20.0118 5000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:31:20.0149 5000 Mouclass - ok
15:31:20.0946 5000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:31:21.0009 5000 mouhid - ok
15:31:21.0649 5000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:31:21.0681 5000 MountMgr - ok
15:31:22.0227 5000 mraid35x - ok
15:31:22.0852 5000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:31:22.0962 5000 MRxDAV - ok
15:31:23.0743 5000 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:31:23.0993 5000 MRxSmb - ok
15:31:24.0540 5000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:31:24.0556 5000 Msfs - ok
15:31:25.0087 5000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:31:25.0087 5000 MSKSSRV - ok
15:31:25.0587 5000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:31:25.0603 5000 MSPCLOCK - ok
15:31:26.0103 5000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:31:26.0118 5000 MSPQM - ok
15:31:26.0634 5000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:31:26.0649 5000 mssmbios - ok
15:31:27.0181 5000 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:31:27.0181 5000 MSTEE - ok
15:31:27.0853 5000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:31:27.0915 5000 Mup - ok
15:31:28.0462 5000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:31:28.0524 5000 NABTSFEC - ok
15:31:28.0806 5000 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110926.019\NAVENG.SYS
15:31:28.0853 5000 NAVENG - ok
15:31:29.0775 5000 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110926.019\NAVEX15.SYS
15:31:30.0618 5000 NAVEX15 - ok
15:31:31.0431 5000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:31:31.0525 5000 NDIS - ok
15:31:32.0056 5000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:31:32.0071 5000 NdisIP - ok
15:31:32.0603 5000 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:31:32.0603 5000 NdisTapi - ok
15:31:33.0165 5000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:31:33.0181 5000 Ndisuio - ok
15:31:33.0728 5000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:31:33.0790 5000 NdisWan - ok
15:31:34.0337 5000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:31:34.0368 5000 NDProxy - ok
15:31:34.0900 5000 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:31:34.0915 5000 NetBIOS - ok
15:31:35.0603 5000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:31:35.0697 5000 NetBT - ok
15:31:36.0212 5000 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
15:31:36.0228 5000 Netdevio - ok
15:31:36.0775 5000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:31:36.0822 5000 NIC1394 - ok
15:31:37.0369 5000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:31:37.0400 5000 Npfs - ok
15:31:38.0290 5000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:31:38.0603 5000 Ntfs - ok
15:31:39.0134 5000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:31:39.0134 5000 Null - ok
15:31:39.0665 5000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:31:39.0681 5000 NwlnkFlt - ok
15:31:40.0228 5000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:31:40.0244 5000 NwlnkFwd - ok
15:31:40.0791 5000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:31:40.0822 5000 ohci1394 - ok
15:31:41.0384 5000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:31:41.0447 5000 Parport - ok
15:31:42.0056 5000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:31:42.0087 5000 PartMgr - ok
15:31:42.0603 5000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:31:42.0619 5000 ParVdm - ok
15:31:43.0181 5000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:31:43.0228 5000 PCI - ok
15:31:43.0712 5000 PCIDump - ok
15:31:44.0212 5000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:31:44.0228 5000 PCIIde - ok
15:31:44.0791 5000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:31:44.0853 5000 Pcmcia - ok
15:31:45.0353 5000 PDCOMP - ok
15:31:45.0838 5000 PDFRAME - ok
15:31:46.0322 5000 PDRELI - ok
15:31:46.0822 5000 PDRFRAME - ok
15:31:47.0322 5000 perc2 - ok
15:31:47.0806 5000 perc2hib - ok
15:31:48.0369 5000 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
15:31:48.0385 5000 Pfc - ok
15:31:48.0931 5000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:31:48.0963 5000 PptpMiniport - ok
15:31:49.0572 5000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:31:49.0619 5000 PSched - ok
15:31:50.0150 5000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:31:50.0166 5000 Ptilink - ok
15:31:50.0697 5000 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:31:50.0713 5000 PxHelp20 - ok
15:31:51.0213 5000 ql1080 - ok
15:31:51.0697 5000 Ql10wnt - ok
15:31:52.0197 5000 ql12160 - ok
15:31:52.0682 5000 ql1240 - ok
15:31:53.0197 5000 ql1280 - ok
15:31:53.0791 5000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:31:53.0838 5000 RasAcd - ok
15:31:54.0463 5000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:31:54.0478 5000 Rasl2tp - ok
15:31:55.0041 5000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:31:55.0072 5000 RasPppoe - ok
15:31:55.0682 5000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:31:55.0728 5000 Raspti - ok
15:31:56.0447 5000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:31:56.0557 5000 Rdbss - ok
15:31:57.0150 5000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:31:57.0150 5000 RDPCDD - ok
15:31:57.0775 5000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:31:57.0869 5000 rdpdr - ok
15:31:58.0541 5000 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:31:58.0619 5000 RDPWD - ok
15:31:59.0197 5000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:31:59.0229 5000 redbook - ok
15:31:59.0791 5000 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:31:59.0807 5000 s24trans - ok
15:32:00.0416 5000 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:32:00.0463 5000 sdbus - ok
15:32:01.0010 5000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:32:01.0026 5000 Secdrv - ok
15:32:01.0635 5000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:32:01.0682 5000 Serial - ok
15:32:02.0213 5000 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:32:02.0229 5000 sffdisk - ok
15:32:02.0744 5000 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:32:02.0760 5000 sffp_sd - ok
15:32:03.0260 5000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:32:03.0276 5000 Sfloppy - ok
15:32:03.0807 5000 Simbad - ok
15:32:04.0323 5000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:32:04.0323 5000 SLIP - ok
15:32:04.0823 5000 Sparrow - ok
15:32:05.0354 5000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:32:05.0369 5000 splitter - ok
15:32:05.0932 5000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:32:05.0979 5000 sr - ok
15:32:06.0823 5000 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
15:32:07.0104 5000 SRTSP - ok
15:32:07.0729 5000 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
15:32:07.0744 5000 SRTSPX - ok
15:32:08.0541 5000 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:32:08.0760 5000 Srv - ok
15:32:09.0291 5000 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:32:09.0307 5000 streamip - ok
15:32:09.0823 5000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:32:09.0823 5000 swenum - ok
15:32:10.0370 5000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:32:10.0401 5000 swmidi - ok
15:32:10.0901 5000 symc810 - ok
15:32:11.0401 5000 symc8xx - ok
15:32:12.0104 5000 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
15:32:12.0292 5000 SymDS - ok
15:32:13.0245 5000 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
15:32:13.0745 5000 SymEFA - ok
15:32:14.0448 5000 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
15:32:14.0510 5000 SymEvent - ok
15:32:15.0120 5000 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
15:32:15.0198 5000 SymIRON - ok
15:32:15.0964 5000 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
15:32:16.0167 5000 SYMTDI - ok
15:32:16.0667 5000 sym_hi - ok
15:32:17.0151 5000 sym_u3 - ok
15:32:17.0776 5000 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:32:17.0885 5000 SynTP - ok
15:32:18.0417 5000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:32:18.0448 5000 sysaudio - ok
15:32:19.0026 5000 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
15:32:19.0042 5000 tbiosdrv - ok
15:32:19.0761 5000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:32:19.0964 5000 Tcpip - ok
15:32:20.0620 5000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:32:20.0636 5000 TDPIPE - ok
15:32:21.0167 5000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:32:21.0198 5000 TDTCP - ok
15:32:21.0745 5000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:32:21.0761 5000 TermDD - ok
15:32:22.0386 5000 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
15:32:22.0479 5000 tifm21 - ok
15:32:22.0995 5000 TosIde - ok
15:32:23.0526 5000 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
15:32:23.0542 5000 tosrfec - ok
15:32:24.0073 5000 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
15:32:24.0089 5000 TVALD - ok
15:32:24.0620 5000 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
15:32:24.0651 5000 Tvs - ok
15:32:25.0214 5000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:32:25.0245 5000 Udfs - ok
15:32:25.0761 5000 ultra - ok
15:32:26.0604 5000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:32:26.0808 5000 Update - ok
15:32:27.0464 5000 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:32:27.0495 5000 USBAAPL - ok
15:32:28.0042 5000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:32:28.0073 5000 usbccgp - ok
15:32:28.0620 5000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:32:28.0636 5000 usbehci - ok
15:32:29.0230 5000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:32:29.0261 5000 usbhub - ok
15:32:29.0808 5000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:32:29.0823 5000 usbprint - ok
15:32:30.0370 5000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:32:30.0370 5000 usbscan - ok
15:32:30.0901 5000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:32:30.0917 5000 USBSTOR - ok
15:32:31.0511 5000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:32:31.0527 5000 usbuhci - ok
15:32:32.0105 5000 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:32:32.0183 5000 usbvideo - ok
15:32:32.0714 5000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:32:32.0714 5000 VgaSave - ok
15:32:33.0214 5000 ViaIde - ok
15:32:33.0761 5000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:32:33.0792 5000 VolSnap - ok
15:32:35.0120 5000 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
15:32:35.0964 5000 w39n51 - ok
15:32:36.0558 5000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:32:36.0574 5000 Wanarp - ok
15:32:37.0214 5000 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
15:32:37.0230 5000 wanatw - ok
15:32:37.0730 5000 WDICA - ok
15:32:38.0292 5000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:32:38.0339 5000 wdmaud - ok
15:32:38.0902 5000 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:32:38.0917 5000 WS2IFSL - ok
15:32:39.0464 5000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:32:39.0480 5000 WSTCODEC - ok
15:32:40.0074 5000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:32:40.0105 5000 WudfPf - ok
15:32:40.0667 5000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:32:40.0714 5000 WudfRd - ok
15:32:40.0777 5000 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
15:32:41.0058 5000 \Device\Harddisk0\DR0 - ok
15:32:41.0074 5000 Boot (0x1200) (5b34c19b0e43d7363cadd70f8d9548df) \Device\Harddisk0\DR0\Partition0
15:32:41.0074 5000 \Device\Harddisk0\DR0\Partition0 - ok
15:32:41.0074 5000 ============================================================
15:32:41.0074 5000 Scan finished
15:32:41.0074 5000 ============================================================
15:32:41.0089 0636 Detected object count: 1
15:32:41.0089 0636 Actual detected object count: 1
15:34:42.0843 0636 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
15:34:42.0843 0636 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip
15:36:35.0253 4608 Deinitialize success





ComboFix 11-09-27.01 - Fisher 09/27/2011 15:53:50.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.435 [GMT -7:00]
Running from: c:\documents and settings\Fisher\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17e5e154.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.269f8317.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.86175743.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.935cd69c.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.a947503a.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c6ac0d4f.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.cb6c347c.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL12.tmp.a36f932a.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL15.tmp.6f34b02d.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL47.tmp.399291ec.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLBE.tmp.6a051d6c.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLDA.tmp.86ac63e6.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLE0.tmp.9c9a95f4.ini
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17e5e154.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.269f8317.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.86175743.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.935cd69c.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.a947503a.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c6ac0d4f.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.cb6c347c.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\SL12.tmp.a36f932a.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\SL15.tmp.6f34b02d.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\SL47.tmp.399291ec.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\SLBE.tmp.6a051d6c.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\SLDA.tmp.86ac63e6.ini
c:\documents and settings\Fisher\Local Settings\Application Data\ApplicationHistory\SLE0.tmp.9c9a95f4.ini
c:\documents and settings\Fisher\My Documents\~WRL2801.tmp
c:\documents and settings\Fisher\WINDOWS
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
c:\windows\system32\dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-27 22:45 . 2011-09-27 22:45 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-09-27 22:45 . 2011-09-27 22:45 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-09-27 22:45 . 2011-09-27 22:45 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-09-27 22:45 . 2011-09-27 22:45 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-09-27 22:45 . 2011-09-27 22:45 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-09-27 22:45 . 2011-09-27 22:45 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-09-27 22:45 . 2011-09-27 22:45 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-09-27 22:45 . 2011-09-27 22:45 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-09-27 22:44 . 2011-09-27 22:44 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-09-27 22:44 . 2011-09-27 22:44 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-09-27 22:44 . 2011-09-27 22:44 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-09-27 22:44 . 2011-09-27 22:44 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-09-27 22:44 . 2011-09-27 22:44 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-09-27 22:44 . 2011-09-27 22:44 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-09-27 22:44 . 2011-09-27 22:44 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-09-27 22:44 . 2011-09-27 22:44 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-09-27 22:44 . 2011-09-27 22:44 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-09-20 15:51 . 2011-09-20 15:51 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-09-20 15:51 . 2011-09-20 15:51 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2006-02-15 14:02 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-24 16:50 . 2011-06-24 01:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 12:05 . 2010-12-30 16:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 09:40 . 2011-08-25 23:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2006-02-15 14:03 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-02-15 14:03 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2009-10-19 19:27 . 2009-10-19 19:27 18216 ----a-w- c:\program files\Common Files\ufuzalysev.sys
2009-10-19 19:27 . 2009-10-19 19:27 11047 ----a-w- c:\program files\Common Files\ofohe.sys
2011-08-24 16:45 . 2011-06-23 06:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"NDSTray.exe"="NDSTray.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe" [2010-01-27 243032]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/2/2011 3:58 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/2/2011 3:58 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [9/26/2011 3:52 PM 816760]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/2/2011 3:58 PM 136312]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 3:57 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/28/2011 4:42 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110924.030\IDSXpx86.sys [9/26/2011 3:52 PM 356280]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [7/4/2010 11:50 PM 266240]
S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049948306-1616638780-2285927669-1005Core.job
- c:\documents and settings\Fisher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-24 01:54]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049948306-1616638780-2285927669-1005UA.job
- c:\documents and settings\Fisher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-24 01:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Fisher\Application Data\Mozilla\Firefox\Profiles\7978nk1l.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-27 16:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
Completion time: 2011-09-27 16:07:26
ComboFix-quarantined-files.txt 2011-09-27 23:07
ComboFix2.txt 2010-12-23 20:05
.
Pre-Run: 68,741,672,960 bytes free
Post-Run: 69,121,380,352 bytes free
.
- - End Of File - - B87446E6C7C3B7A4371F79C9F7F39B09


After running the TDSS Killer, I restarted my computer and Windows wouldn't load. I was required to "Start Windows from last known working setting". As far as I can tell, it seems to be running OK. My web browsers have slowed down a lot in the last few days. Don't know if this is connected.

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:57 PM

Posted 27 September 2011 - 11:22 PM

Hello,

Some of your critical files where infected. All seems good now. We need to check a couple of files and see if they are malware..

1.
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\program files\Common Files\ufuzalysev.sys
c:\program files\Common Files\ofohe.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Things to include in your next reply::
JOtti Results
MBAM log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 big_dog22088

big_dog22088
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 28 September 2011 - 01:32 PM

After running the JOtti Scan the results showed 0 out of 20 scanners reported malware on both files.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7820

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

9/28/2011 11:30:25 AM
mbam-log-2011-09-28 (11-30-25).txt

Scan type: Quick scan
Objects scanned: 190460
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


As far as I can tell, my computer seems to be running fine now. Just curious if I should delete all the programs you and the help bot had me install.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:57 PM

Posted 28 September 2011 - 03:04 PM

Hello, big_dog22088 .
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".




We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



    Are things running okay? Do you have any more questions?

    System Still Slow?
    You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.



Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 big_dog22088

big_dog22088
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 29 September 2011 - 09:59 AM

I am still having the problem whenever I restart my computer, it won't go past the Windows page. When it is at that page I have to hold the power button until it shuts off and then turn it back on and select "Start Windows from last good condition". It began doing this after I downloaded one of these programs.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:57 PM

Posted 29 September 2011 - 03:54 PM

Hello,

I dont see anything that would indicate that we erased any thing that would have caused this.


1.
We need to check your hard disk for errors.

To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
*NOTE: This scan could take along time to complete, but let it finish.


2.
You may have corrupt critical system files. Let's see if we can fix that.

1. SelectPosted Image
2. Select All Programs
3. Select Accessories
4. Right click Command Prompt

Posted Image

  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Windows CD for this process to continue. This can be done with a borrowed CD if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.


3.
Run TDssKiller again this time pick delete or fix or quarantine whichever it gives you.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

4.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 big_dog22088

big_dog22088
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 30 September 2011 - 12:28 PM

08:52:49.0203 1636 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
08:52:49.0687 1636 ============================================================
08:52:49.0687 1636 Current date / time: 2011/09/30 08:52:49.0687
08:52:49.0687 1636 SystemInfo:
08:52:49.0687 1636
08:52:49.0687 1636 OS Version: 5.1.2600 ServicePack: 3.0
08:52:49.0687 1636 Product type: Workstation
08:52:49.0687 1636 ComputerName: ADAM
08:52:49.0687 1636 UserName: Fisher
08:52:49.0687 1636 Windows directory: C:\WINDOWS
08:52:49.0687 1636 System windows directory: C:\WINDOWS
08:52:49.0687 1636 Processor architecture: Intel x86
08:52:49.0687 1636 Number of processors: 1
08:52:49.0687 1636 Page size: 0x1000
08:52:49.0687 1636 Boot type: Normal boot
08:52:49.0703 1636 ============================================================
08:52:51.0546 1636 Initialize success
08:52:56.0281 3108 ============================================================
08:52:56.0281 3108 Scan started
08:52:56.0281 3108 Mode: Manual;
08:52:56.0281 3108 ============================================================
08:52:58.0312 3108 Abiosdsk - ok
08:52:58.0328 3108 abp480n5 - ok
08:52:58.0406 3108 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:52:58.0406 3108 ACPI - ok
08:52:58.0437 3108 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:52:58.0437 3108 ACPIEC - ok
08:52:58.0453 3108 adpu160m - ok
08:52:58.0500 3108 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:52:58.0500 3108 aec - ok
08:52:58.0531 3108 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:52:58.0531 3108 AegisP - ok
08:52:58.0609 3108 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
08:52:58.0609 3108 AFD - ok
08:52:58.0703 3108 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:52:58.0734 3108 AgereSoftModem - ok
08:52:58.0765 3108 Aha154x - ok
08:52:58.0796 3108 aic78u2 - ok
08:52:58.0812 3108 aic78xx - ok
08:52:58.0843 3108 AliIde - ok
08:52:58.0875 3108 amsint - ok
08:52:58.0937 3108 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:52:58.0937 3108 Arp1394 - ok
08:52:59.0062 3108 asc - ok
08:52:59.0093 3108 asc3350p - ok
08:52:59.0109 3108 asc3550 - ok
08:52:59.0156 3108 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
08:52:59.0156 3108 ASCTRM - ok
08:52:59.0234 3108 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:52:59.0234 3108 AsyncMac - ok
08:52:59.0281 3108 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:52:59.0281 3108 atapi - ok
08:52:59.0296 3108 Atdisk - ok
08:52:59.0343 3108 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:52:59.0343 3108 Atmarpc - ok
08:52:59.0406 3108 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:52:59.0421 3108 audstub - ok
08:52:59.0437 3108 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:52:59.0437 3108 Beep - ok
08:52:59.0640 3108 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx86.sys
08:52:59.0656 3108 BHDrvx86 - ok
08:52:59.0687 3108 catchme - ok
08:52:59.0890 3108 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:52:59.0890 3108 cbidf2k - ok
08:52:59.0921 3108 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:52:59.0937 3108 CCDECODE - ok
08:52:59.0953 3108 cd20xrnt - ok
08:53:00.0000 3108 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:53:00.0000 3108 Cdaudio - ok
08:53:00.0031 3108 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:53:00.0031 3108 Cdfs - ok
08:53:00.0093 3108 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:53:00.0093 3108 Cdrom - ok
08:53:00.0125 3108 Changer - ok
08:53:00.0171 3108 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:53:00.0171 3108 CmBatt - ok
08:53:00.0203 3108 CmdIde - ok
08:53:00.0218 3108 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:53:00.0218 3108 Compbatt - ok
08:53:00.0250 3108 Cpqarray - ok
08:53:00.0281 3108 dac2w2k - ok
08:53:00.0296 3108 dac960nt - ok
08:53:00.0328 3108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:53:00.0343 3108 Disk - ok
08:53:00.0359 3108 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
08:53:00.0375 3108 DLABOIOM - ok
08:53:00.0390 3108 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:53:00.0390 3108 DLACDBHM - ok
08:53:00.0421 3108 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
08:53:00.0421 3108 DLADResN - ok
08:53:00.0437 3108 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
08:53:00.0453 3108 DLAIFS_M - ok
08:53:00.0468 3108 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
08:53:00.0468 3108 DLAOPIOM - ok
08:53:00.0484 3108 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
08:53:00.0484 3108 DLAPoolM - ok
08:53:00.0515 3108 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
08:53:00.0515 3108 DLARTL_N - ok
08:53:00.0531 3108 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
08:53:00.0531 3108 DLAUDFAM - ok
08:53:00.0562 3108 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
08:53:00.0562 3108 DLAUDF_M - ok
08:53:00.0640 3108 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:53:00.0656 3108 dmboot - ok
08:53:00.0843 3108 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:53:00.0843 3108 dmio - ok
08:53:00.0890 3108 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:53:00.0890 3108 dmload - ok
08:53:00.0953 3108 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:53:00.0953 3108 DMusic - ok
08:53:00.0984 3108 dpti2o - ok
08:53:01.0000 3108 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:53:01.0000 3108 drmkaud - ok
08:53:01.0031 3108 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:53:01.0031 3108 DRVMCDB - ok
08:53:01.0062 3108 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:53:01.0062 3108 DRVNDDM - ok
08:53:01.0156 3108 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:53:01.0171 3108 E100B - ok
08:53:01.0218 3108 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
08:53:01.0218 3108 e1express - ok
08:53:01.0359 3108 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:53:01.0375 3108 eeCtrl - ok
08:53:01.0390 3108 EraserUtilDrvI10 - ok
08:53:01.0406 3108 EraserUtilDrvI9 - ok
08:53:01.0656 3108 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
08:53:01.0656 3108 ezplay - ok
08:53:01.0703 3108 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:53:01.0718 3108 Fastfat - ok
08:53:01.0765 3108 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:53:01.0765 3108 Fdc - ok
08:53:01.0812 3108 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:53:01.0812 3108 Fips - ok
08:53:01.0828 3108 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:53:01.0828 3108 Flpydisk - ok
08:53:01.0906 3108 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:53:01.0906 3108 FltMgr - ok
08:53:01.0984 3108 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
08:53:01.0984 3108 fssfltr - ok
08:53:02.0031 3108 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:53:02.0031 3108 Fs_Rec - ok
08:53:02.0062 3108 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:53:02.0062 3108 Ftdisk - ok
08:53:02.0125 3108 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:53:02.0125 3108 GEARAspiWDM - ok
08:53:02.0187 3108 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:53:02.0187 3108 Gpc - ok
08:53:02.0218 3108 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:53:02.0234 3108 HDAudBus - ok
08:53:02.0437 3108 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:53:02.0437 3108 HidUsb - ok
08:53:02.0468 3108 hpn - ok
08:53:02.0515 3108 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:53:02.0515 3108 HPZid412 - ok
08:53:02.0562 3108 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:53:02.0562 3108 HPZipr12 - ok
08:53:02.0593 3108 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:53:02.0609 3108 HPZius12 - ok
08:53:02.0671 3108 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:53:02.0671 3108 HTTP - ok
08:53:02.0765 3108 i2omgmt - ok
08:53:02.0781 3108 i2omp - ok
08:53:02.0828 3108 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:53:02.0828 3108 i8042prt - ok
08:53:02.0968 3108 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:53:03.0000 3108 ialm - ok
08:53:03.0203 3108 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSxpx86.sys
08:53:03.0203 3108 IDSxpx86 - ok
08:53:03.0421 3108 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:53:03.0437 3108 Imapi - ok
08:53:03.0468 3108 ini910u - ok
08:53:03.0750 3108 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:53:03.0859 3108 IntcAzAudAddService - ok
08:53:04.0015 3108 IntelIde - ok
08:53:04.0093 3108 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:53:04.0093 3108 intelppm - ok
08:53:04.0140 3108 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:53:04.0140 3108 Ip6Fw - ok
08:53:04.0187 3108 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:53:04.0187 3108 IpFilterDriver - ok
08:53:04.0218 3108 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:53:04.0218 3108 IpInIp - ok
08:53:04.0265 3108 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:53:04.0265 3108 IpNat - ok
08:53:04.0296 3108 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:53:04.0296 3108 IPSec - ok
08:53:04.0343 3108 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:53:04.0343 3108 IRENUM - ok
08:53:04.0390 3108 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:53:04.0390 3108 isapnp - ok
08:53:04.0421 3108 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
08:53:04.0421 3108 Iviaspi - ok
08:53:04.0453 3108 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:53:04.0453 3108 Kbdclass - ok
08:53:04.0500 3108 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:53:04.0500 3108 kmixer - ok
08:53:04.0531 3108 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
08:53:04.0531 3108 KR10N - ok
08:53:04.0593 3108 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:53:04.0609 3108 KSecDD - ok
08:53:04.0781 3108 lbrtfdc - ok
08:53:04.0843 3108 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
08:53:04.0843 3108 meiudf - ok
08:53:04.0890 3108 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:53:04.0890 3108 MHNDRV - ok
08:53:04.0937 3108 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:53:04.0937 3108 mnmdd - ok
08:53:04.0968 3108 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:53:04.0968 3108 Modem - ok
08:53:05.0000 3108 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:53:05.0000 3108 Mouclass - ok
08:53:05.0031 3108 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:53:05.0046 3108 mouhid - ok
08:53:05.0062 3108 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:53:05.0062 3108 MountMgr - ok
08:53:05.0093 3108 mraid35x - ok
08:53:05.0140 3108 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:53:05.0156 3108 MRxDAV - ok
08:53:05.0234 3108 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:53:05.0250 3108 MRxSmb - ok
08:53:05.0343 3108 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:53:05.0343 3108 Msfs - ok
08:53:05.0390 3108 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:53:05.0390 3108 MSKSSRV - ok
08:53:05.0515 3108 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:53:05.0515 3108 MSPCLOCK - ok
08:53:05.0531 3108 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:53:05.0531 3108 MSPQM - ok
08:53:05.0578 3108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:53:05.0578 3108 mssmbios - ok
08:53:05.0625 3108 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:53:05.0625 3108 MSTEE - ok
08:53:05.0656 3108 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:53:05.0656 3108 Mup - ok
08:53:05.0687 3108 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:53:05.0703 3108 NABTSFEC - ok
08:53:05.0890 3108 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110929.032\NAVENG.SYS
08:53:05.0890 3108 NAVENG - ok
08:53:06.0000 3108 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110929.032\NAVEX15.SYS
08:53:06.0031 3108 NAVEX15 - ok
08:53:06.0265 3108 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:53:06.0265 3108 NDIS - ok
08:53:06.0312 3108 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:53:06.0312 3108 NdisIP - ok
08:53:06.0359 3108 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:53:06.0359 3108 NdisTapi - ok
08:53:06.0390 3108 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:53:06.0390 3108 Ndisuio - ok
08:53:06.0421 3108 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:53:06.0421 3108 NdisWan - ok
08:53:06.0484 3108 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:53:06.0484 3108 NDProxy - ok
08:53:06.0531 3108 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:53:06.0531 3108 NetBIOS - ok
08:53:06.0562 3108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:53:06.0578 3108 NetBT - ok
08:53:06.0625 3108 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
08:53:06.0625 3108 Netdevio - ok
08:53:06.0687 3108 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:53:06.0687 3108 NIC1394 - ok
08:53:06.0718 3108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:53:06.0718 3108 Npfs - ok
08:53:06.0750 3108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:53:06.0765 3108 Ntfs - ok
08:53:06.0968 3108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:53:06.0968 3108 Null - ok
08:53:07.0015 3108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:53:07.0015 3108 NwlnkFlt - ok
08:53:07.0046 3108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:53:07.0046 3108 NwlnkFwd - ok
08:53:07.0078 3108 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:53:07.0078 3108 ohci1394 - ok
08:53:07.0156 3108 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:53:07.0171 3108 Parport - ok
08:53:07.0187 3108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:53:07.0187 3108 PartMgr - ok
08:53:07.0250 3108 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:53:07.0250 3108 ParVdm - ok
08:53:07.0281 3108 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:53:07.0281 3108 PCI - ok
08:53:07.0296 3108 PCIDump - ok
08:53:07.0328 3108 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:53:07.0328 3108 PCIIde - ok
08:53:07.0343 3108 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:53:07.0343 3108 Pcmcia - ok
08:53:07.0375 3108 PDCOMP - ok
08:53:07.0390 3108 PDFRAME - ok
08:53:07.0406 3108 PDRELI - ok
08:53:07.0421 3108 PDRFRAME - ok
08:53:07.0453 3108 perc2 - ok
08:53:07.0468 3108 perc2hib - ok
08:53:07.0531 3108 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
08:53:07.0531 3108 Pfc - ok
08:53:07.0578 3108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:53:07.0578 3108 PptpMiniport - ok
08:53:07.0609 3108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:53:07.0609 3108 PSched - ok
08:53:07.0656 3108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:53:07.0656 3108 Ptilink - ok
08:53:07.0671 3108 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:53:07.0687 3108 PxHelp20 - ok
08:53:07.0703 3108 ql1080 - ok
08:53:07.0718 3108 Ql10wnt - ok
08:53:07.0750 3108 ql12160 - ok
08:53:07.0765 3108 ql1240 - ok
08:53:07.0781 3108 ql1280 - ok
08:53:07.0796 3108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:53:07.0796 3108 RasAcd - ok
08:53:07.0843 3108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:53:07.0859 3108 Rasl2tp - ok
08:53:07.0875 3108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:53:07.0890 3108 RasPppoe - ok
08:53:07.0906 3108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:53:07.0906 3108 Raspti - ok
08:53:07.0953 3108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:53:07.0953 3108 Rdbss - ok
08:53:07.0984 3108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:53:07.0984 3108 RDPCDD - ok
08:53:08.0031 3108 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:53:08.0031 3108 rdpdr - ok
08:53:08.0109 3108 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:53:08.0109 3108 RDPWD - ok
08:53:08.0296 3108 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:53:08.0296 3108 redbook - ok
08:53:08.0421 3108 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
08:53:08.0421 3108 s24trans - ok
08:53:08.0515 3108 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
08:53:08.0515 3108 sdbus - ok
08:53:08.0562 3108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:53:08.0578 3108 Secdrv - ok
08:53:08.0640 3108 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:53:08.0640 3108 Serial - ok
08:53:08.0687 3108 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
08:53:08.0703 3108 sffdisk - ok
08:53:08.0718 3108 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
08:53:08.0718 3108 sffp_sd - ok
08:53:08.0750 3108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
08:53:08.0765 3108 Sfloppy - ok
08:53:08.0781 3108 Simbad - ok
08:53:08.0812 3108 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:53:08.0812 3108 SLIP - ok
08:53:08.0843 3108 Sparrow - ok
08:53:08.0890 3108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:53:08.0890 3108 splitter - ok
08:53:08.0937 3108 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:53:08.0937 3108 sr - ok
08:53:09.0250 3108 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
08:53:09.0265 3108 SRTSP - ok
08:53:09.0296 3108 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
08:53:09.0296 3108 SRTSPX - ok
08:53:09.0375 3108 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:53:09.0390 3108 Srv - ok
08:53:09.0453 3108 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:53:09.0453 3108 streamip - ok
08:53:09.0625 3108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:53:09.0640 3108 swenum - ok
08:53:09.0671 3108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:53:09.0671 3108 swmidi - ok
08:53:09.0718 3108 symc810 - ok
08:53:09.0750 3108 symc8xx - ok
08:53:09.0828 3108 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
08:53:09.0843 3108 SymDS - ok
08:53:09.0906 3108 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
08:53:09.0937 3108 SymEFA - ok
08:53:10.0156 3108 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
08:53:10.0156 3108 SymEvent - ok
08:53:10.0281 3108 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
08:53:10.0281 3108 SymIRON - ok
08:53:10.0359 3108 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
08:53:10.0375 3108 SYMTDI - ok
08:53:10.0390 3108 sym_hi - ok
08:53:10.0421 3108 sym_u3 - ok
08:53:10.0500 3108 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
08:53:10.0500 3108 SynTP - ok
08:53:10.0562 3108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:53:10.0578 3108 sysaudio - ok
08:53:10.0765 3108 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
08:53:10.0765 3108 tbiosdrv - ok
08:53:10.0843 3108 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:53:10.0859 3108 Tcpip - ok
08:53:10.0906 3108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:53:10.0906 3108 TDPIPE - ok
08:53:10.0953 3108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:53:10.0953 3108 TDTCP - ok
08:53:11.0000 3108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:53:11.0000 3108 TermDD - ok
08:53:11.0046 3108 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
08:53:11.0046 3108 tifm21 - ok
08:53:11.0078 3108 TosIde - ok
08:53:11.0125 3108 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
08:53:11.0140 3108 tosrfec - ok
08:53:11.0171 3108 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
08:53:11.0171 3108 TVALD - ok
08:53:11.0234 3108 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
08:53:11.0234 3108 Tvs - ok
08:53:11.0265 3108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:53:11.0265 3108 Udfs - ok
08:53:11.0296 3108 ultra - ok
08:53:11.0359 3108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:53:11.0375 3108 Update - ok
08:53:11.0593 3108 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:53:11.0593 3108 USBAAPL - ok
08:53:11.0671 3108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:53:11.0671 3108 usbccgp - ok
08:53:11.0687 3108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:53:11.0703 3108 usbehci - ok
08:53:11.0734 3108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:53:11.0734 3108 usbhub - ok
08:53:11.0781 3108 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:53:11.0781 3108 usbprint - ok
08:53:11.0812 3108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:53:11.0812 3108 usbscan - ok
08:53:11.0843 3108 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:53:11.0843 3108 USBSTOR - ok
08:53:11.0890 3108 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:53:11.0890 3108 usbuhci - ok
08:53:11.0921 3108 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:53:11.0921 3108 usbvideo - ok
08:53:11.0937 3108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:53:11.0937 3108 VgaSave - ok
08:53:11.0968 3108 ViaIde - ok
08:53:12.0000 3108 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:53:12.0000 3108 VolSnap - ok
08:53:12.0203 3108 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
08:53:12.0250 3108 w39n51 - ok
08:53:12.0484 3108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:53:12.0484 3108 Wanarp - ok
08:53:12.0546 3108 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
08:53:12.0546 3108 wanatw - ok
08:53:12.0562 3108 WDICA - ok
08:53:12.0609 3108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:53:12.0609 3108 wdmaud - ok
08:53:12.0703 3108 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:53:12.0703 3108 WS2IFSL - ok
08:53:12.0750 3108 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:53:12.0750 3108 WSTCODEC - ok
08:53:12.0796 3108 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:53:12.0812 3108 WudfPf - ok
08:53:12.0828 3108 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:53:12.0843 3108 WudfRd - ok
08:53:12.0875 3108 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
08:53:13.0062 3108 \Device\Harddisk0\DR0 - ok
08:53:13.0062 3108 Boot (0x1200) (5b34c19b0e43d7363cadd70f8d9548df) \Device\Harddisk0\DR0\Partition0
08:53:13.0062 3108 \Device\Harddisk0\DR0\Partition0 - ok
08:53:13.0078 3108 ============================================================
08:53:13.0078 3108 Scan finished
08:53:13.0078 3108 ============================================================
08:53:13.0078 1484 Detected object count: 0
08:53:13.0078 1484 Actual detected object count: 0
08:54:07.0125 3396 Deinitialize success





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-30 10:14:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541010G9SA00 rev.MBZOC60R
Running: yvvs96m7.exe; Driver: C:\DOCUME~1\Fisher\LOCALS~1\Temp\fgtdrpod.sys


---- System - GMER 1.0.15 ----

SSDT 86F8ABA0 ZwConnectPort
SSDT 86D88BE8 ZwLoadDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 4 Bytes [E8, 8B, D8, 86]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6A1DEBF]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A81CF400
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Control\Session Manager@PendingFileRenameOperations ????e?????? ????????255.255.255.0?????????H??????????????????????????.??????Display????????????????????r?????????????1???????s???7??fgtdrpod?.??????????????????????????192.168.1.1?????????20000???USERNAME?????????????p?????????????sht???????????????????????????????????5??????????????????????????Disk\???????? ???????????????????????????????????????????r???????? ?? ?i? ??CurrentControlSet\Control\CriticalDeviceDatabase\???????? ?????????????????????@????????????????????? ????????????????????????????L?????????????????%SystemRoot%\repair\asr.log?????%SystemRoot%\repair\asr.err???????.???????????????e???????8???????????????r???????8?????? ???????a??????????????????????????????? ??? ???????????????????????????? ???????????????????M????????????????&???????????????????????????>???.??????????????????????????????0??????h????D?????76487-OEM-0011903-00817??????????????c???????????7??????????????192.168.1.1?????? ??????? ??????????????Mobile Intel® 945GM Express Chipset Family?????????????????G?????????????????????????

---- EOF - GMER 1.0.15 ----


I was unable to perform step two because I do not have access to a Windows CD. However, after completing the scans, I restarted my computer and it rebooted normally. As far as I can see, everything seems to be working great.

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:57 PM

Posted 30 September 2011 - 04:56 PM

Hello,

You can still run step2. It will look in your i386 folder first to see if there is a replacement file if it finds one bad. It will ask for the cd if it cant find a replacement for it on your machine. Also if it runs and does tell you it needs the cd then we know there is a bad driver file.

Tell me how it goes.

Edited by fireman4it, 30 September 2011 - 04:57 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:57 PM

Posted 06 October 2011 - 05:32 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users