Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Infection?


  • This topic is locked This topic is locked
12 replies to this topic

#1 rserwin

rserwin

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 16 November 2011 - 08:12 AM

Hello,

During a freeware install I think I got hit by a Trojan; I scanned the files with Norton beforehand and it found nothing, but during the setup the hourglass took too long so I checked the services and noted multiple instances of setup running. I killed them, checked winpatrol and saw that a number of Microsoft services had been started at the same time along with a large number of hidden files being created. I ran ESET, Norton, and mbam - ESET found the hidden files and mbam found one other file, all listed as Trojans; these were quarantined and deleted. I used TFC to clean my temp files. I also used WinPatrol to terminate/disable the new services started.

I completed the preparation instructions (defogger, dds) with the exception of GMER, which I ran but which terminated with an error.

Thanks in advance for any assistance you can provide.

Scott

============== DDS Logfile =============================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Scott Erwin at 23:28:17 on 2011-11-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2593 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Scott Erwin\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WinPatrol System Monitor] c:\program files\billp studios\winpatrol\WinPatrol.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
StartupFolder: c:\docume~1\scotte~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\scott erwin\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scott erwin\application data\mozilla\firefox\profiles\ia5r4vav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\scott erwin\application data\mozilla\firefox\profiles\ia5r4vav.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\scott erwin\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-14 239168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-14 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-7 116608]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-10-22 5335416]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-8 108160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20111115.030\IDSXpx86.sys [2011-11-15 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20111115.002\NAVENG.SYS [2011-11-15 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20111115.002\NAVEX15.SYS [2011-11-15 1576312]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-5-8 160256]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-9-24 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-9-24 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-9-24 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-9-24 24960]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-6 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 12872]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-5-16 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-5-16 5248]
S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
.
=============== Created Last 30 ================
.
2011-11-15 05:26:51 -------- d-----w- c:\program files\Activision
2011-11-15 03:24:50 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-15 03:20:11 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-11-15 02:56:37 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-12 02:31:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-12 02:31:06 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-12 02:31:06 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-12 02:31:06 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-12 02:31:06 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-12 02:31:06 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-12 02:31:06 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-12 02:31:06 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-11 03:52:48 -------- d-----w- c:\documents and settings\scott erwin\application data\DDMSettings
2011-10-23 16:08:42 -------- d-----w- c:\program files\common files\ffdshowEx
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-18 01:42:32 -------- d-----w- c:\documents and settings\scott erwin\.amu
.
==================== Find3M ====================
.
2011-11-15 21:47:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 23:29:37.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 AM

Posted 16 November 2011 - 10:44 AM

Hi,

Please do the following:


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 17 November 2011 - 06:07 AM

Hi CatByte,

I ran aswMBR per instructions; wasn't sure if we wanted "C:/" or "QuickScan", so did "C:/"; got BSOD; rebooted, tried again, got BSOD. Rebooted, did "QuickScan", ran through, produced report below (I saved a few times while it was running just in case it crashed again).

Thanks much,

Scott

------------------------------

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-17 02:46:40
-----------------------------
02:46:40.578 OS Version: Windows 5.1.2600 Service Pack 3
02:46:40.578 Number of processors: 2 586 0x170A
02:46:40.578 ComputerName: BLUEBOMBER UserName:
02:46:41.687 Initialize success
02:46:50.578 AVAST engine defs: 11111601
02:46:52.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:46:52.562 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
02:46:52.578 Disk 0 MBR read successfully
02:46:52.578 Disk 0 MBR scan
02:46:52.640 Disk 0 unknown MBR code
02:46:52.656 Disk 0 scanning sectors +312576705
02:46:52.734 Disk 0 scanning C:\WINDOWS\system32\drivers
02:47:05.515 Service scanning
02:47:06.906 Modules scanning
02:47:19.437 Disk 0 trace - called modules:
02:47:19.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
02:47:19.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0f6868]
02:47:19.468 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b041028]
02:47:20.765 AVAST engine scan C:\WINDOWS
02:47:36.468 File: C:\WINDOWS\onupadaxu.dll **INFECTED** Win32:Renosator [Cryp]
02:47:40.328 AVAST engine scan C:\WINDOWS\system32
02:48:46.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Scott Erwin\Desktop\MBR.dat"
02:48:46.906 The log file has been saved successfully to "C:\Documents and Settings\Scott Erwin\Desktop\aswMBR.txt"
02:49:59.468 AVAST engine scan C:\WINDOWS\system32\drivers
02:50:13.890 AVAST engine scan C:\Documents and Settings\Scott Erwin
02:59:29.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Scott Erwin\Desktop\MBR.dat"
02:59:29.640 The log file has been saved successfully to "C:\Documents and Settings\Scott Erwin\Desktop\aswMBR.txt"
03:28:36.968 AVAST engine scan C:\Documents and Settings\All Users
03:40:26.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Scott Erwin\Desktop\MBR.dat"
03:40:26.109 The log file has been saved successfully to "C:\Documents and Settings\Scott Erwin\Desktop\aswMBR.txt"
03:48:21.375 Scan finished successfully
03:52:39.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Scott Erwin\Desktop\MBR.dat"
03:52:39.406 The log file has been saved successfully to "C:\Documents and Settings\Scott Erwin\Desktop\aswMBR.txt"

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 AM

Posted 17 November 2011 - 08:35 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 19 November 2011 - 10:21 AM

Hello CatByte,

No issues with above instructions; ComboFix logfile is below.

Scott

---------------------------------------

ComboFix 11-11-19.03 - Scott Erwin 11/19/2011 8:06.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2509 [GMT -7:00]
Running from: c:\documents and settings\Scott Erwin\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-15 05:26 . 2011-11-15 05:26 -------- d-----w- c:\program files\Activision
2011-11-15 03:24 . 2011-11-16 06:16 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-15 03:20 . 2011-11-15 03:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-11-15 02:56 . 2011-11-15 03:20 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-12 02:31 . 2011-11-05 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-12 02:31 . 2011-11-05 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-12 02:31 . 2011-11-05 06:53 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-12 02:31 . 2011-11-05 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-12 02:31 . 2011-11-05 06:53 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-12 02:31 . 2011-11-05 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-12 02:31 . 2011-11-05 03:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-12 02:31 . 2011-11-05 03:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-11 03:52 . 2011-11-11 03:52 -------- d-----w- c:\documents and settings\Scott Erwin\Application Data\DDMSettings
2011-11-06 21:50 . 2011-11-06 21:50 -------- d-----w- c:\windows\system32\config\systemprofile\.autobahn
2011-10-27 09:30 . 2011-10-27 09:30 -------- d-----w- c:\documents and settings\Kim Erwin\Application Data\SUPERAntiSpyware.com
2011-10-23 16:08 . 2011-10-23 16:08 -------- d-----w- c:\program files\Common Files\ffdshowEx
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 21:47 . 2011-06-08 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-15 13:18 . 2011-09-15 13:18 388096 ----a-r- c:\documents and settings\Scott Erwin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00 . 2009-05-16 13:08 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-05 06:53 . 2011-11-12 02:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-12 4617600]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"WinPatrol System Monitor"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2011-05-15 325512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe" [2011-10-16 243360]
.
c:\documents and settings\Scott Erwin\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Scott Erwin\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 14:23 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-08 07:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Scott Erwin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MediaMall\\MediaMallServer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/2/2011 3:26 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/2/2011 3:26 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [11/14/2011 12:28 PM 819320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/14/2011 8:24 PM 239168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/14/2009 1:22 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 1:22 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/2/2011 3:26 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/7/2010 2:26 PM 116608]
R2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [10/22/2011 10:59 AM 5335416]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 3:26 PM 130008]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/8/2009 2:58 AM 108160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 10:25 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111118.030\IDSXpx86.sys [11/18/2011 7:49 PM 356280]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/8/2009 2:58 AM 160256]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2011 11:51 AM 136176]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [9/24/2011 8:24 AM 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [9/24/2011 8:24 AM 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [9/24/2011 8:24 AM 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [9/24/2011 8:24 AM 24960]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2011 11:51 AM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/6/2010 7:07 PM 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 1:22 PM 12872]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [5/16/2009 6:05 AM 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [5/16/2009 6:05 AM 5248]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 18:50]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 18:50]
.
2011-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2711413373-85637788-2482939975-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
2011-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2711413373-85637788-2482939975-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
2011-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2711413373-85637788-2482939975-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
2011-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2711413373-85637788-2482939975-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
2011-11-13 c:\windows\Tasks\SyncBack Ian's Document Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-16 18:00]
.
2011-11-13 c:\windows\Tasks\SyncBack Kim's Document Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-16 18:00]
.
2011-11-14 c:\windows\Tasks\SyncBack Scott's Document Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-16 18:00]
.
2011-11-13 c:\windows\Tasks\SyncBack Shared Documents Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-16 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Scott Erwin\Application Data\Mozilla\Firefox\Profiles\ia5r4vav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-TVersity Media Server - c:\program files\TVersity\Media Server\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 08:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1328)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'winlogon.exe'(24300)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(19244)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'explorer.exe'(20976)
c:\windows\system32\WININET.dll
c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-19 08:13:51
ComboFix-quarantined-files.txt 2011-11-19 15:13
.
Pre-Run: 35,642,413,056 bytes free
Post-Run: 35,817,611,264 bytes free
.
- - End Of File - - ED65C8282FE5EE6CF4D863989A2B2CC6

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 AM

Posted 19 November 2011 - 01:35 PM

Please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic428112.html/page__pid__2479890#entry2479890

Collect::
C:\WINDOWS\onupadaxu.dll

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Edited by CatByte, 19 November 2011 - 01:35 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 19 November 2011 - 06:40 PM

Hi CatByte

All steps accomplished, no issues. Logfiles are below.

-------------------- ComboFix -------------------------------------

ComboFix 11-11-19.04 - Scott Erwin 11/19/2011 12:07:13.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2726 [GMT -7:00]
Running from: c:\documents and settings\Scott Erwin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scott Erwin\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
file zipped: c:\windows\onupadaxu.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\onupadaxu.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-15 05:26 . 2011-11-15 05:26 -------- d-----w- c:\program files\Activision
2011-11-15 03:24 . 2011-11-16 06:16 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-15 03:20 . 2011-11-15 03:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-11-15 02:56 . 2011-11-15 03:20 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-12 02:31 . 2011-11-05 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-12 02:31 . 2011-11-05 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-12 02:31 . 2011-11-05 06:53 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-12 02:31 . 2011-11-05 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-12 02:31 . 2011-11-05 06:53 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-12 02:31 . 2011-11-05 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-12 02:31 . 2011-11-05 03:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-12 02:31 . 2011-11-05 03:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-11 03:52 . 2011-11-11 03:52 -------- d-----w- c:\documents and settings\Scott Erwin\Application Data\DDMSettings
2011-11-06 21:50 . 2011-11-06 21:50 -------- d-----w- c:\windows\system32\config\systemprofile\.autobahn
2011-10-27 09:30 . 2011-10-27 09:30 -------- d-----w- c:\documents and settings\Kim Erwin\Application Data\SUPERAntiSpyware.com
2011-10-23 16:08 . 2011-10-23 16:08 -------- d-----w- c:\program files\Common Files\ffdshowEx
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 21:47 . 2011-06-08 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-15 13:18 . 2011-09-15 13:18 388096 ----a-r- c:\documents and settings\Scott Erwin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00 . 2009-05-16 13:08 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-05 06:53 . 2011-11-12 02:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-19_15.11.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-19 19:13 . 2011-11-19 19:13 16384 c:\windows\Temp\Perflib_Perfdata_ec.dat
+ 2011-11-19 19:14 . 2011-11-19 19:14 16384 c:\windows\Temp\Perflib_Perfdata_350.dat
- 2008-04-25 16:16 . 2011-11-17 11:13 79690 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2011-11-19 19:17 79690 c:\windows\system32\perfc009.dat
- 2011-11-16 06:13 . 2011-11-19 09:15 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-16 06:13 . 2011-11-19 19:13 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-15 23:47 . 2011-11-19 09:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-15 23:47 . 2011-11-19 19:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-06-09 18:10 . 2011-11-19 09:14 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-06-09 18:10 . 2011-11-19 19:13 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-10-16 00:59 . 2011-11-19 19:13 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-10-16 00:59 . 2011-11-19 09:15 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-25 16:16 . 2011-11-19 19:17 464580 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2011-11-17 11:13 464580 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-12 4617600]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"WinPatrol System Monitor"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2011-05-15 325512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe" [2011-10-16 243360]
.
c:\documents and settings\Scott Erwin\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Scott Erwin\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 14:23 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-08 07:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Scott Erwin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MediaMall\\MediaMallServer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/2/2011 3:26 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/2/2011 3:26 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [11/14/2011 12:28 PM 819320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/14/2011 8:24 PM 239168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/14/2009 1:22 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 1:22 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/2/2011 3:26 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/7/2010 2:26 PM 116608]
R2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [10/22/2011 10:59 AM 5335416]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 3:26 PM 130008]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/8/2009 2:58 AM 108160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 10:25 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111118.030\IDSXpx86.sys [11/18/2011 7:49 PM 356280]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/8/2009 2:58 AM 160256]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2011 11:51 AM 136176]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [9/24/2011 8:24 AM 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [9/24/2011 8:24 AM 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [9/24/2011 8:24 AM 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [9/24/2011 8:24 AM 24960]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2011 11:51 AM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/6/2010 7:07 PM 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 1:22 PM 12872]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [5/16/2009 6:05 AM 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [5/16/2009 6:05 AM 5248]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 18:50]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 18:50]
.
2011-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2711413373-85637788-2482939975-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
2011-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2711413373-85637788-2482939975-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
2011-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2711413373-85637788-2482939975-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
2011-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2711413373-85637788-2482939975-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
2011-11-13 c:\windows\Tasks\SyncBack Ian's Document Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-16 18:00]
.
2011-11-13 c:\windows\Tasks\SyncBack Kim's Document Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-16 18:00]
.
2011-11-14 c:\windows\Tasks\SyncBack Scott's Document Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-16 18:00]
.
2011-11-13 c:\windows\Tasks\SyncBack Shared Documents Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-05-16 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Scott Erwin\Application Data\Mozilla\Firefox\Profiles\ia5r4vav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1332)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\NETUI2.dll
.
- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\documents and settings\Scott Erwin\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\drivers\audio\r203425\STacSV.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
.
**************************************************************************
.
Completion time: 2011-11-19 12:19:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 19:19
ComboFix2.txt 2011-11-19 15:13
.
Pre-Run: 35,796,078,592 bytes free
Post-Run: 37,220,847,616 bytes free
.
- - End Of File - - 01D89F390A30EA47AF1E1BFEC11D59CC
Upload was successful


-------------------------------------- TDSSKiller --------------------------------------------------------

12:21:47.0985 3292 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
12:21:48.0485 3292 ============================================================
12:21:48.0485 3292 Current date / time: 2011/11/19 12:21:48.0485
12:21:48.0485 3292 SystemInfo:
12:21:48.0485 3292
12:21:48.0485 3292 OS Version: 5.1.2600 ServicePack: 3.0
12:21:48.0485 3292 Product type: Workstation
12:21:48.0485 3292 ComputerName: BLUEBOMBER
12:21:48.0485 3292 UserName: Scott Erwin
12:21:48.0485 3292 Windows directory: C:\WINDOWS
12:21:48.0485 3292 System windows directory: C:\WINDOWS
12:21:48.0485 3292 Processor architecture: Intel x86
12:21:48.0485 3292 Number of processors: 2
12:21:48.0485 3292 Page size: 0x1000
12:21:48.0485 3292 Boot type: Normal boot
12:21:48.0485 3292 ============================================================
12:21:48.0829 3292 Initialize success
12:21:53.0892 3744 ============================================================
12:21:53.0892 3744 Scan started
12:21:53.0892 3744 Mode: Manual;
12:21:53.0892 3744 ============================================================
12:21:54.0283 3744 Abiosdsk - ok
12:21:54.0345 3744 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:21:54.0345 3744 abp480n5 - ok
12:21:54.0361 3744 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:21:54.0376 3744 ACPI - ok
12:21:54.0376 3744 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:21:54.0376 3744 ACPIEC - ok
12:21:54.0408 3744 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:21:54.0408 3744 adpu160m - ok
12:21:54.0454 3744 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:21:54.0454 3744 aec - ok
12:21:54.0517 3744 AESTAud (fde8ed2c9280afb8975894aa78eef59f) C:\WINDOWS\system32\drivers\AESTAud.sys
12:21:54.0517 3744 AESTAud - ok
12:21:54.0564 3744 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:21:54.0564 3744 AFD - ok
12:21:54.0580 3744 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:21:54.0580 3744 agp440 - ok
12:21:54.0580 3744 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:21:54.0580 3744 agpCPQ - ok
12:21:54.0595 3744 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:21:54.0595 3744 Aha154x - ok
12:21:54.0611 3744 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:21:54.0611 3744 aic78u2 - ok
12:21:54.0626 3744 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:21:54.0626 3744 aic78xx - ok
12:21:54.0642 3744 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:21:54.0642 3744 AliIde - ok
12:21:54.0658 3744 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:21:54.0658 3744 alim1541 - ok
12:21:54.0658 3744 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:21:54.0658 3744 amdagp - ok
12:21:54.0673 3744 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:21:54.0673 3744 amsint - ok
12:21:54.0736 3744 Andbus (45039ad240754b3bd789668c2c986ea7) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
12:21:54.0736 3744 Andbus - ok
12:21:54.0783 3744 AndDiag (f7ec18db02c9fb26aed52e0e1bb98960) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
12:21:54.0783 3744 AndDiag - ok
12:21:54.0845 3744 AndGps (6d79f0c7f33dd85f50d69c7d7efec9e0) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
12:21:54.0845 3744 AndGps - ok
12:21:54.0892 3744 ANDModem (881837e816b948f7a94098add21afd7c) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
12:21:54.0892 3744 ANDModem - ok
12:21:54.0939 3744 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:21:54.0955 3744 ApfiltrService - ok
12:21:55.0001 3744 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
12:21:55.0001 3744 APPDRV - ok
12:21:55.0064 3744 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:21:55.0064 3744 asc - ok
12:21:55.0095 3744 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:21:55.0095 3744 asc3350p - ok
12:21:55.0111 3744 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:21:55.0111 3744 asc3550 - ok
12:21:55.0126 3744 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:21:55.0126 3744 AsyncMac - ok
12:21:55.0142 3744 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:21:55.0142 3744 atapi - ok
12:21:55.0158 3744 Atdisk - ok
12:21:55.0205 3744 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:21:55.0205 3744 Atmarpc - ok
12:21:55.0220 3744 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:21:55.0220 3744 audstub - ok
12:21:55.0236 3744 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:21:55.0236 3744 Beep - ok
12:21:55.0439 3744 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
12:21:55.0439 3744 BHDrvx86 - ok
12:21:55.0455 3744 catchme - ok
12:21:55.0486 3744 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:21:55.0486 3744 cbidf - ok
12:21:55.0486 3744 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:21:55.0502 3744 cbidf2k - ok
12:21:55.0517 3744 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:21:55.0517 3744 CCDECODE - ok
12:21:55.0533 3744 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:21:55.0533 3744 cd20xrnt - ok
12:21:55.0548 3744 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:21:55.0548 3744 Cdaudio - ok
12:21:55.0564 3744 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:21:55.0564 3744 Cdfs - ok
12:21:55.0595 3744 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:21:55.0595 3744 Cdrom - ok
12:21:55.0611 3744 Changer - ok
12:21:55.0627 3744 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:21:55.0627 3744 CmBatt - ok
12:21:55.0627 3744 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:21:55.0627 3744 CmdIde - ok
12:21:55.0642 3744 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:21:55.0642 3744 Compbatt - ok
12:21:55.0658 3744 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:21:55.0658 3744 Cpqarray - ok
12:21:55.0798 3744 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
12:21:55.0798 3744 CrystalSysInfo - ok
12:21:55.0845 3744 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
12:21:55.0845 3744 d347bus - ok
12:21:55.0861 3744 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
12:21:55.0861 3744 d347prt - ok
12:21:55.0877 3744 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:21:55.0877 3744 dac2w2k - ok
12:21:55.0892 3744 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:21:55.0892 3744 dac960nt - ok
12:21:55.0908 3744 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:21:55.0908 3744 Disk - ok
12:21:55.0970 3744 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:21:56.0002 3744 dmboot - ok
12:21:56.0002 3744 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:21:56.0002 3744 dmio - ok
12:21:56.0017 3744 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:21:56.0017 3744 dmload - ok
12:21:56.0064 3744 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:21:56.0064 3744 DMusic - ok
12:21:56.0080 3744 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:21:56.0080 3744 dpti2o - ok
12:21:56.0095 3744 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:21:56.0095 3744 drmkaud - ok
12:21:56.0173 3744 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
12:21:56.0173 3744 dtsoftbus01 - ok
12:21:56.0314 3744 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:21:56.0314 3744 eeCtrl - ok
12:21:56.0345 3744 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:21:56.0345 3744 EraserUtilRebootDrv - ok
12:21:56.0361 3744 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:21:56.0361 3744 Fastfat - ok
12:21:56.0408 3744 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:21:56.0408 3744 Fdc - ok
12:21:56.0439 3744 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
12:21:56.0439 3744 FilterService - ok
12:21:56.0470 3744 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:21:56.0470 3744 Fips - ok
12:21:56.0486 3744 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:21:56.0486 3744 Flpydisk - ok
12:21:56.0502 3744 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:21:56.0502 3744 FltMgr - ok
12:21:56.0533 3744 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:21:56.0533 3744 Fs_Rec - ok
12:21:56.0564 3744 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:21:56.0564 3744 Ftdisk - ok
12:21:56.0611 3744 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:21:56.0611 3744 Gpc - ok
12:21:56.0674 3744 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:21:56.0674 3744 HDAudBus - ok
12:21:56.0705 3744 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:21:56.0705 3744 hidusb - ok
12:21:56.0720 3744 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:21:56.0736 3744 hpn - ok
12:21:56.0767 3744 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
12:21:56.0767 3744 HTCAND32 - ok
12:21:56.0814 3744 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:21:56.0814 3744 HTTP - ok
12:21:56.0830 3744 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:21:56.0830 3744 i2omgmt - ok
12:21:56.0877 3744 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:21:56.0877 3744 i2omp - ok
12:21:56.0924 3744 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:21:56.0924 3744 i8042prt - ok
12:21:57.0174 3744 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:21:57.0377 3744 ialm - ok
12:21:57.0439 3744 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\drivers\iaStor.sys
12:21:57.0439 3744 iaStor - ok
12:21:57.0642 3744 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111118.030\IDSxpx86.sys
12:21:57.0658 3744 IDSxpx86 - ok
12:21:57.0705 3744 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:21:57.0705 3744 Imapi - ok
12:21:57.0752 3744 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:21:57.0752 3744 ini910u - ok
12:21:57.0783 3744 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:21:57.0783 3744 IntelIde - ok
12:21:57.0799 3744 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:21:57.0799 3744 intelppm - ok
12:21:57.0830 3744 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:21:57.0830 3744 Ip6Fw - ok
12:21:57.0846 3744 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:21:57.0846 3744 IpFilterDriver - ok
12:21:57.0877 3744 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:21:57.0877 3744 IpInIp - ok
12:21:57.0908 3744 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:21:57.0908 3744 IpNat - ok
12:21:57.0939 3744 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:21:57.0939 3744 IPSec - ok
12:21:57.0971 3744 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:21:57.0971 3744 IRENUM - ok
12:21:58.0017 3744 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:21:58.0017 3744 isapnp - ok
12:21:58.0080 3744 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:21:58.0080 3744 Kbdclass - ok
12:21:58.0111 3744 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:21:58.0111 3744 kbdhid - ok
12:21:58.0174 3744 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:21:58.0174 3744 kmixer - ok
12:21:58.0205 3744 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:21:58.0205 3744 KSecDD - ok
12:21:58.0221 3744 lbrtfdc - ok
12:21:58.0267 3744 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
12:21:58.0283 3744 lvpopflt - ok
12:21:58.0330 3744 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
12:21:58.0330 3744 LVPr2Mon - ok
12:21:58.0361 3744 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys
12:21:58.0377 3744 LVRS - ok
12:21:58.0518 3744 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
12:21:58.0627 3744 LVUVC - ok
12:21:58.0674 3744 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
12:21:58.0674 3744 MaRdPnp - ok
12:21:58.0705 3744 MBAMSwissArmy - ok
12:21:58.0752 3744 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:21:58.0752 3744 mnmdd - ok
12:21:58.0799 3744 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:21:58.0799 3744 Modem - ok
12:21:58.0846 3744 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:21:58.0846 3744 Mouclass - ok
12:21:58.0861 3744 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:21:58.0861 3744 mouhid - ok
12:21:58.0893 3744 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:21:58.0893 3744 MountMgr - ok
12:21:58.0939 3744 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:21:58.0939 3744 mraid35x - ok
12:21:58.0955 3744 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:21:58.0955 3744 MRxDAV - ok
12:21:59.0018 3744 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:21:59.0018 3744 MRxSmb - ok
12:21:59.0049 3744 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:21:59.0049 3744 Msfs - ok
12:21:59.0096 3744 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:21:59.0096 3744 MSKSSRV - ok
12:21:59.0111 3744 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:21:59.0111 3744 MSPCLOCK - ok
12:21:59.0143 3744 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:21:59.0143 3744 MSPQM - ok
12:21:59.0189 3744 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:21:59.0189 3744 mssmbios - ok
12:21:59.0236 3744 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:21:59.0236 3744 MSTEE - ok
12:21:59.0283 3744 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
12:21:59.0299 3744 msvad_simple - ok
12:21:59.0314 3744 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:21:59.0330 3744 Mup - ok
12:21:59.0393 3744 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:21:59.0393 3744 NABTSFEC - ok
12:21:59.0643 3744 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111118.035\NAVENG.SYS
12:21:59.0643 3744 NAVENG - ok
12:21:59.0752 3744 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111118.035\NAVEX15.SYS
12:21:59.0877 3744 NAVEX15 - ok
12:21:59.0924 3744 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:21:59.0940 3744 NDIS - ok
12:21:59.0971 3744 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:21:59.0971 3744 NdisIP - ok
12:22:00.0002 3744 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:22:00.0018 3744 NdisTapi - ok
12:22:00.0033 3744 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:22:00.0033 3744 Ndisuio - ok
12:22:00.0049 3744 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:22:00.0049 3744 NdisWan - ok
12:22:00.0096 3744 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:22:00.0096 3744 NDProxy - ok
12:22:00.0111 3744 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:22:00.0111 3744 NetBIOS - ok
12:22:00.0143 3744 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:22:00.0158 3744 NetBT - ok
12:22:00.0362 3744 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
12:22:00.0502 3744 NETw5x32 - ok
12:22:00.0518 3744 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:22:00.0518 3744 Npfs - ok
12:22:00.0596 3744 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:22:00.0612 3744 Ntfs - ok
12:22:00.0658 3744 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:22:00.0658 3744 Null - ok
12:22:00.0690 3744 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:22:00.0690 3744 NwlnkFlt - ok
12:22:00.0737 3744 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:22:00.0737 3744 NwlnkFwd - ok
12:22:00.0799 3744 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
12:22:00.0799 3744 PalmUSBD - ok
12:22:00.0830 3744 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:22:00.0830 3744 Parport - ok
12:22:00.0846 3744 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:22:00.0846 3744 PartMgr - ok
12:22:00.0877 3744 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:22:00.0877 3744 ParVdm - ok
12:22:00.0908 3744 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:22:00.0924 3744 PCI - ok
12:22:00.0924 3744 PCIDump - ok
12:22:00.0955 3744 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:22:00.0955 3744 PCIIde - ok
12:22:00.0987 3744 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:22:01.0002 3744 Pcmcia - ok
12:22:01.0002 3744 PDCOMP - ok
12:22:01.0018 3744 PDFRAME - ok
12:22:01.0033 3744 PDRELI - ok
12:22:01.0049 3744 PDRFRAME - ok
12:22:01.0080 3744 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:22:01.0080 3744 perc2 - ok
12:22:01.0096 3744 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:22:01.0112 3744 perc2hib - ok
12:22:01.0143 3744 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:22:01.0143 3744 PptpMiniport - ok
12:22:01.0158 3744 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:22:01.0158 3744 PSched - ok
12:22:01.0174 3744 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:22:01.0174 3744 Ptilink - ok
12:22:01.0205 3744 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:22:01.0205 3744 PxHelp20 - ok
12:22:01.0221 3744 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:22:01.0237 3744 ql1080 - ok
12:22:01.0252 3744 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:22:01.0252 3744 Ql10wnt - ok
12:22:01.0283 3744 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:22:01.0283 3744 ql12160 - ok
12:22:01.0299 3744 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:22:01.0299 3744 ql1240 - ok
12:22:01.0330 3744 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:22:01.0330 3744 ql1280 - ok
12:22:01.0362 3744 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:22:01.0362 3744 RasAcd - ok
12:22:01.0377 3744 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:22:01.0377 3744 Rasl2tp - ok
12:22:01.0393 3744 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:22:01.0393 3744 RasPppoe - ok
12:22:01.0409 3744 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:22:01.0409 3744 Raspti - ok
12:22:01.0424 3744 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:22:01.0424 3744 Rdbss - ok
12:22:01.0455 3744 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:22:01.0455 3744 RDPCDD - ok
12:22:01.0471 3744 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:22:01.0471 3744 rdpdr - ok
12:22:01.0502 3744 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:22:01.0518 3744 RDPWD - ok
12:22:01.0549 3744 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:22:01.0549 3744 redbook - ok
12:22:01.0612 3744 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
12:22:01.0612 3744 RSUSBSTOR - ok
12:22:01.0721 3744 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:22:01.0721 3744 SASDIFSV - ok
12:22:01.0752 3744 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
12:22:01.0768 3744 SASENUM - ok
12:22:01.0784 3744 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
12:22:01.0784 3744 SASKUTIL - ok
12:22:01.0830 3744 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:22:01.0830 3744 Secdrv - ok
12:22:01.0877 3744 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:22:01.0877 3744 Serial - ok
12:22:01.0893 3744 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:22:01.0893 3744 Sfloppy - ok
12:22:01.0909 3744 Simbad - ok
12:22:01.0940 3744 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:22:01.0940 3744 sisagp - ok
12:22:01.0987 3744 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:22:01.0987 3744 SLIP - ok
12:22:02.0034 3744 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:22:02.0034 3744 Sparrow - ok
12:22:02.0080 3744 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:22:02.0080 3744 splitter - ok
12:22:02.0080 3744 sptd - ok
12:22:02.0096 3744 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:22:02.0096 3744 sr - ok
12:22:02.0190 3744 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
12:22:02.0205 3744 SRTSP - ok
12:22:02.0221 3744 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
12:22:02.0221 3744 SRTSPX - ok
12:22:02.0252 3744 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:22:02.0252 3744 Srv - ok
12:22:02.0346 3744 STHDA (a6bb841c40aaa1dc692484bd3912a961) C:\WINDOWS\system32\drivers\sthda.sys
12:22:02.0362 3744 STHDA - ok
12:22:02.0409 3744 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:22:02.0409 3744 StillCam - ok
12:22:02.0518 3744 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:22:02.0518 3744 streamip - ok
12:22:02.0690 3744 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:22:02.0690 3744 swenum - ok
12:22:02.0799 3744 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:22:02.0799 3744 swmidi - ok
12:22:02.0862 3744 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:22:02.0862 3744 symc810 - ok
12:22:02.0924 3744 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:22:02.0924 3744 symc8xx - ok
12:22:03.0065 3744 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
12:22:03.0065 3744 SymDS - ok
12:22:03.0127 3744 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
12:22:03.0143 3744 SymEFA - ok
12:22:03.0190 3744 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:22:03.0190 3744 SymEvent - ok
12:22:03.0284 3744 SymIM (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:22:03.0284 3744 SymIM - ok
12:22:03.0284 3744 SymIMMP (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:22:03.0284 3744 SymIMMP - ok
12:22:03.0378 3744 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
12:22:03.0378 3744 SymIRON - ok
12:22:03.0471 3744 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
12:22:03.0487 3744 SYMTDI - ok
12:22:03.0581 3744 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:22:03.0581 3744 sym_hi - ok
12:22:03.0706 3744 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:22:03.0706 3744 sym_u3 - ok
12:22:03.0768 3744 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:22:03.0768 3744 sysaudio - ok
12:22:03.0862 3744 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:22:03.0862 3744 Tcpip - ok
12:22:03.0909 3744 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:22:03.0909 3744 TDPIPE - ok
12:22:04.0081 3744 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:22:04.0081 3744 TDTCP - ok
12:22:04.0143 3744 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:22:04.0143 3744 TermDD - ok
12:22:04.0315 3744 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:22:04.0331 3744 TosIde - ok
12:22:04.0409 3744 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:22:04.0409 3744 Udfs - ok
12:22:04.0675 3744 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:22:04.0675 3744 ultra - ok
12:22:04.0925 3744 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:22:04.0925 3744 Update - ok
12:22:05.0018 3744 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:22:05.0018 3744 usbaudio - ok
12:22:05.0065 3744 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:22:05.0065 3744 usbccgp - ok
12:22:05.0112 3744 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:22:05.0128 3744 usbehci - ok
12:22:05.0159 3744 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:22:05.0159 3744 usbhub - ok
12:22:05.0206 3744 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:22:05.0206 3744 usbprint - ok
12:22:05.0268 3744 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:22:05.0268 3744 usbscan - ok
12:22:05.0315 3744 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:22:05.0315 3744 USBSTOR - ok
12:22:05.0362 3744 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:22:05.0362 3744 usbuhci - ok
12:22:05.0425 3744 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:22:05.0425 3744 usbvideo - ok
12:22:05.0487 3744 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12:22:05.0487 3744 usb_rndisx - ok
12:22:05.0550 3744 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:22:05.0550 3744 VgaSave - ok
12:22:05.0597 3744 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:22:05.0612 3744 viaagp - ok
12:22:05.0643 3744 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:22:05.0643 3744 ViaIde - ok
12:22:05.0690 3744 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:22:05.0690 3744 VolSnap - ok
12:22:05.0753 3744 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:22:05.0753 3744 Wanarp - ok
12:22:05.0815 3744 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:22:05.0831 3744 Wdf01000 - ok
12:22:05.0831 3744 WDICA - ok
12:22:05.0893 3744 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:22:05.0893 3744 wdmaud - ok
12:22:05.0956 3744 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:22:05.0956 3744 WmiAcpi - ok
12:22:06.0034 3744 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:22:06.0034 3744 WpdUsb - ok
12:22:06.0112 3744 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:22:06.0112 3744 WSTCODEC - ok
12:22:06.0175 3744 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:22:06.0175 3744 WudfPf - ok
12:22:06.0222 3744 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
12:22:06.0222 3744 WUDFRd - ok
12:22:06.0269 3744 yukonwxp (109b497d481490be0a31c390fce9bffe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:22:06.0284 3744 yukonwxp - ok
12:22:06.0347 3744 MBR (0x1B8) (7b53936afa31aa818ddee1f13c3004e3) \Device\Harddisk0\DR0
12:22:06.0362 3744 \Device\Harddisk0\DR0 - ok
12:22:06.0378 3744 Boot (0x1200) (d9739ad80c896bad07a1891675167f68) \Device\Harddisk0\DR0\Partition0
12:22:06.0378 3744 \Device\Harddisk0\DR0\Partition0 - ok
12:22:06.0378 3744 ============================================================
12:22:06.0378 3744 Scan finished
12:22:06.0378 3744 ============================================================
12:22:06.0394 2540 Detected object count: 0
12:22:06.0394 2540 Actual detected object count: 0
12:23:38.0218 3012 Deinitialize success

------------------------------------------ MBAM ----------------------------------------------------------------------



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8196

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/19/2011 12:28:11 PM
mbam-log-2011-11-19 (12-28-11).txt

Scan type: Quick scan
Objects scanned: 225382
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------- ESET -----------------------------------------------------

C:\Documents and Settings\Scott Erwin\My Documents\Downloads\doubleTwistSetup.exe Win32/OpenCandy application
C:\Documents and Settings\Scott Erwin\My Documents\Downloads\Winamp\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 AM

Posted 19 November 2011 - 07:27 PM

Hi

Please do the following:

Posted Image Your Java is out of date.
Java™ 6 Update 26 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 19 November 2011 - 08:19 PM

Hi CatByte,

DDS log follows. Computer is running fine, I'm not noticing any issues right now.

Scott

-------------------------------- DDS Logfile ---------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Scott Erwin at 18:04:58 on 2011-11-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2467 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Documents and Settings\Scott Erwin\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\71608551-ffbb-4e47-a90f-4adf40dcab77.com
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WinPatrol System Monitor] c:\program files\billp studios\winpatrol\WinPatrol.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
StartupFolder: c:\docume~1\scotte~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\scott erwin\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4700E6A8-D843-40D9-BA3E-09344FD288F2} : DhcpNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scott erwin\application data\mozilla\firefox\profiles\ia5r4vav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\scott erwin\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-14 239168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-14 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-7 116608]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-10-22 5335416]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-8 108160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20111118.030\IDSXpx86.sys [2011-11-18 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20111118.035\NAVENG.SYS [2011-11-19 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20111118.035\NAVEX15.SYS [2011-11-19 1576312]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-5-8 160256]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-9-24 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-9-24 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-9-24 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-9-24 24960]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-6 24576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 12872]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-5-16 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-5-16 5248]
S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
.
=============== Created Last 30 ================
.
2011-11-19 15:05:29 98816 ----a-w- c:\windows\sed.exe
2011-11-19 15:05:29 518144 ----a-w- c:\windows\SWREG.exe
2011-11-19 15:05:29 256000 ----a-w- c:\windows\PEV.exe
2011-11-19 15:05:29 208896 ----a-w- c:\windows\MBR.exe
2011-11-15 05:26:51 -------- d-----w- c:\program files\Activision
2011-11-15 03:24:50 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-15 03:20:11 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-11-15 02:56:37 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-12 02:31:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-12 02:31:06 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-12 02:31:06 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-12 02:31:06 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-12 02:31:06 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-12 02:31:06 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-12 02:31:06 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-12 02:31:06 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-11 03:52:48 -------- d-----w- c:\documents and settings\scott erwin\application data\DDMSettings
2011-10-23 16:08:42 -------- d-----w- c:\program files\common files\ffdshowEx
.
==================== Find3M ====================
.
2011-11-15 21:47:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:11:45.17 ===============

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 AM

Posted 19 November 2011 - 08:29 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 19 November 2011 - 08:57 PM

CatByte,

OK, I think I'm clean. Thanks so much for all your help!

Scott

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 AM

Posted 19 November 2011 - 08:58 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:56 AM

Posted 28 November 2011 - 04:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users