jmob Posted May 22, 2010 ID:254336 Share Posted May 22, 2010 I am running windows xp sp3 on my netbook and keep getting what I think is a third party redirect while playing apps on myspace. what is happening is I will open a page in the app and it loads it then about 30sec later I get a popup and my firefox minimizes and and a popup saying something along the lines of your computer is in danger. I can not do anything except click the x at the top right corner of the pop up to get back to my browser and close the tab that has been redirected to a different site.I have had this issue for over 2 weeks off and on. I am getting it on my 3 other computers also and I even got it on a friends computer while at his house and he had just did a fresh install of windiws on his box. I have ran malwarebytes antimalware after updating from desktop but was curious if I need to do it from safe mode. I also do not see anything abnormal in system processes. I have a copy of the url I was redirected to if it will help in solving my issue. Sorry if this post is in the wrong place as I am new and wasnt sure where to post. Link to post Share on other sites More sharing options...
Maniac Posted May 22, 2010 ID:254338 Share Posted May 22, 2010 Hello jmob! Welcome to MalwareBytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Please follow these instructions:http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
jmob Posted May 22, 2010 Author ID:254364 Share Posted May 22, 2010 My computer gives me bsod and reboots when I try and run GMER Rootkit ScannerDDS.txtAttach.txtanti_virus_scan.txtDiagReport.txtmbam_log_2010_05_22__18_49_43_.txt Link to post Share on other sites More sharing options...
Maniac Posted May 22, 2010 ID:254367 Share Posted May 22, 2010 Step 1Please, uninstall the following applications:Adobe Reader 9.3.1You can read, how to this in:Windows XPWindows VistaWindows 7Step 2Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVAThen run this tool to help cleanup any left over JavaYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please download JavaRa and unzip it to your desktop.***Please close any instances of Internet Explorer (or other web browser) before continuing!***Double-click on JavaRa.exe to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location and post it back when you replyThen look for the following Java folders and if found delete them.C:\Program Files\JavaC:\Program Files\Common Files\JavaC:\Windows\SunC:\Documents and Settings\All Users\Application Data\JavaC:\Documents and Settings\All Users\Application Data\Sun\JavaC:\Documents and Settings\username\Application Data\JavaC:\Documents and Settings\username\Application Data\Sun\JavaStep 3Your database version of MBAM is 4052 , but the current is 4131 , so please:Launch Malwarebytes' Anti-MalwareGo to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Step 4Download RootRepeal Beta on your desktop.Double click RootRepeal.exe to start the programClick on the Report tab at the bottom of the program windowClick the Scan buttonIn the Select Scan dialog, check:DriversFilesProcessesSSDTStealth ObjectsHidden Services[*]Click the OK button[*]In the next dialog, select all drives showing[*]Click OK to start the scanNote: The scan can take some time. DO NOT run any other programs while the scan is running[*]When the scan is complete, the Save Report button will become available[*]Click this and save the report to your Desktop as RootRepeal.txt[*]Go to File, then Exit to close the programIf the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.In your next reply, please include these log(s) in this sequence:JavaRa logMalwareBytes' Anti-Malware logRootRepeal loga new fresh DDS log only Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254370 Share Posted May 23, 2010 When I try and update mbam I get an error that states : MBAM_ERROR_UPDATING (12150, 0, WinHttpQuerryHeaders) Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254414 Share Posted May 23, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187025/22/2010 9:18:03 PMmbam-log-2010-05-22 (21-18-03).txtScan type: Quick scanObjects scanned: 117358Time elapsed: 7 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)ROOTREPEAL © AD, 2007-2010==================================================Report Save Time: 2010/05/22 21:27Program Version: Version 2.0.0.0Windows Version: Windows XP SP3==================================================DRIVERS-------------------File Invisible dump_iaStor.sys 0xa029e000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys, 843776 bytesFile Invisible rootrepeal.sys 0x9df53000 C:\WINDOWS\system32\drivers\rootrepeal.sys, 49152 bytesPROCESSES-------------------4 - System252 - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe348 - C:\WINDOWS\system32\spoolsv.exe448 - C:\WINDOWS\system32\svchost.exe528 - C:\Program Files\Common Files\LightScribe\LSSrvc.exe612 - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe640 - C:\WINDOWS\system32\svchost.exe652 - C:\WINDOWS\system32\svchost.exe696 - C:\WINDOWS\system32\svchost.exe716 - C:\WINDOWS\system32\wbem\wmiprvse.exe720 - C:\WINDOWS\system32\svchost.exe868 - C:\Documents and Settings\Administrator\My Documents\My ISO Files\My ISO Files\Downloads\Defogger.exe876 - C:\WINDOWS\system32\smss.exe1024 - C:\Program Files\Microsoft ActiveSync\wcescomm.exe1092 - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe1104 - C:\WINDOWS\explorer.exe1136 - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE1204 - C:\WINDOWS\system32\wbem\unsecapp.exe1272 - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe1380 - C:\WINDOWS\system32\svchost.exe1464 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE1500 - C:\PROGRA~1\MI3AA1~1\rapimgr.exe1520 - C:\WINDOWS\system32\csrss.exe1544 - C:\WINDOWS\system32\winlogon.exe1588 - C:\WINDOWS\system32\services.exe1600 - C:\WINDOWS\system32\lsass.exe1768 - C:\WINDOWS\system32\svchost.exe1832 - C:\WINDOWS\system32\svchost.exe1872 - C:\WINDOWS\system32\svchost.exe1932 - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe2100 - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe2332 - C:\WINDOWS\snuvcdsm.exe2344 - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe2500 - C:\WINDOWS\system32\igfxtray.exe2508 - C:\WINDOWS\system32\hkcmd.exe2516 - C:\WINDOWS\system32\igfxpers.exe2532 - C:\WINDOWS\RTHDCPL.EXE2612 - C:\WINDOWS\system32\igfxsrvc.exe2656 - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe2760 - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE2840 - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe2848 - C:\WINDOWS\system32\alg.exe3136 - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe3300 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE3844 - C:\Documents and Settings\Administrator\My Documents\My ISO Files\My ISO Files\Downloads\RootRepeal.exe4040 - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe4052 - C:\WINDOWS\system32\ctfmon.exe4072 - C:\Program Files\RocketDock\RocketDock.exeFILES-------------------Locked C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\EXCMAW6Q.NW8\VMCVNCHR.YPT\manifests\clickonce_bootstrap.exe.cdf-msLocked C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\EXCMAW6Q.NW8\VMCVNCHR.YPT\manifests\clickonce_bootstrap.exe.manifestMismatch C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat, Allocation size mismatch (API: 104410861148500096, Raw: 4096)Mismatch C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\Gateway-00-1F-33-C1-6A-E6.txt, Allocation size mismatch (API: 104410861148500096, Raw: 0)Mismatch C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt, Size mismatch (API: 2648, Raw: 2466)Mismatch C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt, Size mismatch (API: 66056, Raw: 65222)Mismatch C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT, Allocation size mismatch (API: 104410861148500096, Raw: 1085440)Mismatch C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012010051020100517\index.dat, Allocation size mismatch (API: 104410861148500096, Raw: 16384)Mismatch C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012010051820100519\index.dat, Allocation size mismatch (API: 104410861148500096, Raw: 16384)STEALTH CODE-------------------HIDDEN SERVICES-------------------DDS.txt Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254417 Share Posted May 23, 2010 JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sat May 22 20:29:05 2010Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}------------------------------------Finished reporting. Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254433 Share Posted May 23, 2010 well I just booted in safe mode w/networking and was able to update mbam so i will post the results in a few minutes Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254695 Share Posted May 23, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4131Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187025/22/2010 11:22:32 PMmbam-log-2010-05-22 (23-22-32).txtScan type: Quick scanObjects scanned: 119184Time elapsed: 6 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2010 ID:254699 Share Posted May 23, 2010 **Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** If you are using Firefox, make sure that your download settings are as follows: Open Tools -> Options -> Main tab Set to Always ask me where to Save the files. [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other names, but only to the one indicated. [*]Close any open browsers. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combo-Fix.exe & follow the prompts. [*]When finished, it will produce a report for you. [*]Please post the C:\Combo-Fix.txt for further review. **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254792 Share Posted May 23, 2010 it was kind long so I attached it also in case it did run off the postComboFix 10-05-22.03 - Administrator 05/23/2010 14:00:33.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1446 [GMT -4:00]Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exeAV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Administrator\Application Data\Microsoft\HTML Help\hh.datc:\windows\Downloaded Program Files\popcaploader.dllc:\windows\Downloaded Program Files\popcaploader.infc:\windows\system32\Desktop_.ini.((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 ))))))))))))))))))))))))))))))).2010-05-23 02:55 . 2010-05-23 02:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-05-22 23:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-05-22 23:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-05-11 00:33 . 2010-05-11 00:46 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temporary Projects2010-05-03 22:45 . 2010-05-03 22:45 -------- dc----w- c:\documents and settings\Administrator\Application Data\Nvu2010-04-28 21:16 . 2010-04-28 21:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-05-23 16:25 . 2010-02-19 03:04 -------- dc----w- c:\program files\Common Files\Symantec Shared2010-05-23 00:50 . 2010-02-12 05:28 -------- dc----w- c:\program files\Common Files\Adobe2010-05-22 23:59 . 2010-02-14 01:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware2010-05-22 17:45 . 2010-03-10 20:56 -------- dc----w- c:\program files\eMule2010-05-22 05:01 . 2010-02-19 03:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec2010-05-15 19:31 . 2010-02-14 01:17 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2010-05-12 07:03 . 2010-02-17 19:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-05-03 23:32 . 2010-03-12 20:54 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP2010-04-10 18:24 . 2010-04-10 18:24 -------- dc----w- c:\program files\VB Decompiler Pro2010-04-10 18:13 . 2010-04-10 18:13 -------- dc----w- c:\program files\Common Files\SourceTec2010-04-10 18:13 . 2010-04-10 18:13 -------- dc----w- c:\program files\SourceTec2010-04-10 14:05 . 2010-04-10 14:05 -------- dc----w- c:\documents and settings\All Users\Application Data\PopCap2010-04-10 14:01 . 2010-04-10 14:01 -------- dc----w- c:\program files\PopCap Games2010-04-10 13:02 . 2010-04-10 13:02 -------- dc----w- c:\program files\Support Tools2010-04-09 14:03 . 2010-04-09 14:03 -------- dc----w- c:\program files\NeoSmart Technologies2010-04-06 09:12 . 2010-04-16 05:48 114360 -c--a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2jpyefkl.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll2010-04-05 02:07 . 2010-03-09 07:21 -------- dc----w- c:\documents and settings\All Users\Application Data\FLEXnet2010-03-30 06:47 . 2010-02-12 07:13 -------- dc----w- c:\program files\Windows Live2010-03-30 06:16 . 2010-03-30 06:16 -------- dc----w- c:\program files\everest2010-03-29 23:00 . 2010-03-02 22:52 -------- dc----w- c:\program files\Microsoft Visual Studio 82010-03-29 22:44 . 2010-03-29 22:43 -------- dc----w- c:\program files\JDownloader 0.6.1932010-03-29 01:49 . 2010-02-12 06:48 -------- dc----w- c:\program files\Windows Desktop Search2010-03-29 01:26 . 2010-02-12 04:30 -------- dc-h--w- c:\program files\InstallShield Installation Information2010-03-26 01:59 . 2010-03-26 01:59 -------- dc----w- c:\program files\Boson Software2010-03-26 01:59 . 2010-03-26 01:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Boson Software2010-03-12 05:46 . 2010-02-12 05:36 71928 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-03-10 06:15 . 2010-02-11 22:31 420352 ----a-w- c:\windows\system32\vbscript.dll2010-03-03 00:47 . 2010-02-28 23:05 1605864 ----a-w- c:\windows\system32\drivers\ts_athw.sys2010-02-25 06:24 . 2010-02-11 22:32 916480 ----a-w- c:\windows\system32\wininet.dll2010-02-24 13:11 . 2010-02-11 22:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-23 00:57 . 2010-02-19 03:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2010-02-23 00:57 . 2010-02-19 03:06 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2008-06-30 18:44 . 2010-02-19 10:43 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll.------- Sigcheck -------[-] 2010-02-11 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]"snuvcdsm"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-18 53248]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]"osCheck"="c:\program files\Norton\osCheck.exe" [2008-02-26 988512][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnkbackup=c:\windows\pss\Bluetooth.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]2008-06-12 03:43 640376 -c--a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]2008-06-12 07:25 37232 -c--a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]2008-08-14 12:58 611712 -c--a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2010-03-30 05:50 136176 -c--atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]2006-11-13 18:39 1289000 -c--a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]2009-07-26 21:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]2008-12-12 23:06 642856 -c--a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"67:UDP"= 67:UDP:DHCP Discovery Service"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"5353:TCP"= 5353:TCP:Adobe CSI CS4"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 ServerR2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/25/2010 10:13 PM 102448]R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 2:03 PM 49664]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2/14/2010 11:55 PM 162816]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/12/2010 12:43 AM 1684736]S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]--- Other Services/Drivers In Memory ---*NewlyCreated* - COMHOST[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]2007-07-28 13:53 1230848 -c--a-w- c:\program files\Windows Sidebar\sidebar.exe.Contents of the 'Scheduled Tasks' folder2010-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-839522115-515967899-500Core.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 05:50]2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-839522115-515967899-500UA.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 05:50]2010-05-23 c:\windows\Tasks\User_Feed_Synchronization-{F0568526-1B19-43CB-A376-CC54BFCF21F3}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmFF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2jpyefkl.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://www.mirostart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-73-0-0&q=FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2jpyefkl.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dllFF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dllFF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dllFF - plugin: c:\program files\Microsoft\Office Live\npOLW.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dllFF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exeMSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-05-23 14:07Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-583907252-839522115-515967899-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,0a,ed,4e,86,f3,0b,4e,96,d9,2b,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,0a,ed,4e,86,f3,0b,4e,96,d9,2b,\"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,0a,ed,4e,86,f3,0b,4e,96,d9,2b,\.Completion time: 2010-05-23 14:11:36ComboFix-quarantined-files.txt 2010-05-23 18:11Pre-Run: 74,864,406,528 bytes freePost-Run: 74,883,805,184 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT- - End Of File - - BAE212D57D29076562BF4A00A7F5C2B4combo_fixlog.txt Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2010 ID:254796 Share Posted May 23, 2010 Follow these instructions:http://www.bleepingcomputer.com/forums/topic43051.htmlFinally, let me know how are things now. Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254809 Share Posted May 23, 2010 that post was started Feb 2 2006, 05:35 PM over 4 years ago I do not have issues with my system files being corrupt. I have a multiboot system and have removed some of the other os's from my computer so there may still be files from the deleted os but that not going to cause problems with browsing the net. I just get this redirect to http://7e556.virus-radar7.com/content1/fssudp/plvwwqwsjx from myspace app. I have got it on 4 computers at my house and a friends brand new computer at his house. Do you think I am just getting redirects from third party's through myspace apps? Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254810 Share Posted May 23, 2010 and you told me to remove java but most programs require that platform to correctly run so when should I reinstall java Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2010 ID:254819 Share Posted May 23, 2010 Please follow my instructions closely! Your important system file - sfcfiles.dll is modified, we need a clean copy. Before this, please:Please read the following through carefully so that you understand what to do. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -vIf it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here. Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254841 Share Posted May 23, 2010 15:57:43:328 4720 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:1715:57:43:328 4720 ================================================================================15:57:43:328 4720 SystemInfo:15:57:43:328 4720 OS Version: 5.1.2600 ServicePack: 3.015:57:43:328 4720 Product type: Workstation15:57:43:328 4720 ComputerName: NETBOOK15:57:43:328 4720 UserName: Administrator15:57:43:328 4720 Windows directory: C:\WINDOWS15:57:43:328 4720 Processor architecture: Intel x8615:57:43:328 4720 Number of processors: 215:57:43:328 4720 Page size: 0x100015:57:43:328 4720 Boot type: Normal boot15:57:43:328 4720 ================================================================================15:57:43:343 4720 UnloadDriverW: NtUnloadDriver error 215:57:43:343 4720 ForceUnloadDriverW: UnloadDriverW(klmd23) error 215:57:43:359 4720 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system15:57:43:359 4720 wfopen_ex: MyNtCreateFileW error 32 (C0000043)15:57:43:359 4720 wfopen_ex: Trying to KLMD file open15:57:43:359 4720 wfopen_ex: File opened ok (Flags 2)15:57:43:359 4720 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software15:57:43:359 4720 wfopen_ex: MyNtCreateFileW error 32 (C0000043)15:57:43:359 4720 wfopen_ex: Trying to KLMD file open15:57:43:359 4720 wfopen_ex: File opened ok (Flags 2)15:57:43:359 4720 KLAVA engine initialized15:57:43:656 4720 Initialize success15:57:43:656 4720 15:57:43:656 4720 Scanning Services ...15:57:43:890 4720 Raw services enum returned 384 services15:57:43:906 4720 15:57:43:906 4720 Scanning Drivers ...15:57:44:093 4720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys15:57:44:125 4720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys15:57:44:171 4720 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys15:57:44:234 4720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys15:57:44:296 4720 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys15:57:44:437 4720 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys15:57:44:562 4720 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys15:57:44:656 4720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys15:57:44:687 4720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys15:57:44:750 4720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys15:57:44:796 4720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys15:57:44:859 4720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys15:57:44:921 4720 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys15:57:45:000 4720 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys15:57:45:046 4720 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys15:57:45:078 4720 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS15:57:45:265 4720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys15:57:45:312 4720 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys15:57:45:343 4720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys15:57:45:406 4720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys15:57:45:421 4720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys15:57:45:484 4720 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys15:57:45:562 4720 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys15:57:45:562 4720 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys15:57:45:625 4720 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\WINDOWS\system32\drivers\CO_Mon.sys15:57:45:687 4720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys15:57:45:765 4720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys15:57:45:796 4720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys15:57:45:812 4720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys15:57:45:859 4720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys15:57:45:875 4720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys15:57:46:015 4720 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys15:57:46:046 4720 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys15:57:46:093 4720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys15:57:46:109 4720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys15:57:46:140 4720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys15:57:46:140 4720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys15:57:46:187 4720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys15:57:46:203 4720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys15:57:46:218 4720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys15:57:46:265 4720 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys15:57:46:312 4720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys15:57:46:390 4720 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys15:57:46:437 4720 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys15:57:46:515 4720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys15:57:46:593 4720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys15:57:46:796 4720 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys15:57:46:921 4720 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\DRIVERS\iaStor.sys15:57:46:984 4720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys15:57:47:203 4720 IntcAzAudAddService (3fa02c6e3e9ebe8523a2d4e51d0ece1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys15:57:47:296 4720 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys15:57:47:312 4720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys15:57:47:343 4720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys15:57:47:390 4720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys15:57:47:421 4720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys15:57:47:453 4720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys15:57:47:484 4720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys15:57:47:546 4720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys15:57:47:593 4720 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys15:57:47:656 4720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys15:57:47:734 4720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys15:57:47:781 4720 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys15:57:47:828 4720 L1c (bb5ef34bcf516faa11193826c5b468ad) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys15:57:47:890 4720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys15:57:47:937 4720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys15:57:48:015 4720 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys15:57:48:093 4720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys15:57:48:140 4720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys15:57:48:187 4720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys15:57:48:218 4720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys15:57:48:281 4720 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys15:57:48:296 4720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys15:57:48:343 4720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys15:57:48:375 4720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys15:57:48:421 4720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys15:57:48:453 4720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys15:57:48:484 4720 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys15:57:48:515 4720 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys15:57:48:546 4720 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys15:57:48:734 4720 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100523.004\NAVENG.SYS15:57:48:828 4720 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100523.004\NAVEX15.SYS15:57:48:968 4720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys15:57:49:000 4720 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys15:57:49:031 4720 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys15:57:49:062 4720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys15:57:49:078 4720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys15:57:49:093 4720 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys15:57:49:109 4720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys15:57:49:140 4720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys15:57:49:171 4720 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys15:57:49:187 4720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys15:57:49:250 4720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys15:57:49:296 4720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys15:57:49:328 4720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys15:57:49:359 4720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys15:57:49:437 4720 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys15:57:49:453 4720 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys15:57:49:515 4720 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys15:57:49:531 4720 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys15:57:49:562 4720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys15:57:49:562 4720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys15:57:49:625 4720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys15:57:49:656 4720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys15:57:49:703 4720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys15:57:49:812 4720 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys15:57:49:843 4720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys15:57:49:859 4720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys15:57:49:890 4720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys15:57:49:921 4720 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys15:57:49:968 4720 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys15:57:50:046 4720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys15:57:50:109 4720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys15:57:50:125 4720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys15:57:50:156 4720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys15:57:50:187 4720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys15:57:50:203 4720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys15:57:50:250 4720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys15:57:50:281 4720 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys15:57:50:328 4720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys15:57:50:390 4720 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys15:57:50:421 4720 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys15:57:50:468 4720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys15:57:50:500 4720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys15:57:50:531 4720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys15:57:50:578 4720 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys15:57:50:671 4720 SNP2UVC (59c9b920a1767cb857c5fb2e1e66e7e4) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys15:57:50:859 4720 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys15:57:50:921 4720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys15:57:50:984 4720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys15:57:51:015 4720 SRTSP (e0e54a571d4323567e95e11fe76a5ff3) C:\WINDOWS\system32\Drivers\SRTSP.SYS15:57:51:046 4720 SRTSPL (4e44f0e22df824d318988caa6f321c30) C:\WINDOWS\system32\Drivers\SRTSPL.SYS15:57:51:093 4720 SRTSPX (d3bb40427cf3d02e56bba97feda0a3aa) C:\WINDOWS\system32\Drivers\SRTSPX.SYS15:57:51:156 4720 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys15:57:51:203 4720 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys15:57:51:250 4720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys15:57:51:296 4720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys15:57:51:343 4720 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS15:57:51:406 4720 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS15:57:51:437 4720 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS15:57:51:437 4720 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS15:57:51:656 4720 SYMIDSCO (d65255d470cd5103cce573cd7b5a88d2) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20100513.001\SymIDSCo.sys15:57:51:765 4720 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys15:57:51:765 4720 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys15:57:51:796 4720 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS15:57:51:812 4720 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS15:57:51:828 4720 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS15:57:51:906 4720 SynTP (e09c6ae9f84b5985979046e0a5896584) C:\WINDOWS\system32\DRIVERS\SynTP.sys15:57:51:968 4720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys15:57:52:031 4720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys15:57:52:109 4720 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys15:57:52:171 4720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys15:57:52:187 4720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys15:57:52:250 4720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys15:57:52:312 4720 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys15:57:52:343 4720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys15:57:52:406 4720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys15:57:52:453 4720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys15:57:52:500 4720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys15:57:52:515 4720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys15:57:52:578 4720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys15:57:52:625 4720 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS15:57:52:671 4720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys15:57:52:718 4720 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys15:57:52:781 4720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys15:57:52:828 4720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys15:57:52:843 4720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys15:57:52:906 4720 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys15:57:52:953 4720 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys15:57:53:015 4720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys15:57:53:062 4720 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys15:57:53:078 4720 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS15:57:53:125 4720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys15:57:53:140 4720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys15:57:53:156 4720 15:57:53:156 4720 Completed15:57:53:156 4720 15:57:53:156 4720 Results:15:57:53:156 4720 Registry objects infected / cured / cured on reboot: 0 / 0 / 015:57:53:156 4720 File objects infected / cured / cured on reboot: 0 / 0 / 015:57:53:156 4720 15:57:53:156 4720 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system15:57:53:156 4720 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software15:57:53:156 4720 KLMD(ARK) unloaded successfully Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2010 ID:254842 Share Posted May 23, 2010 Thanks!Now please follow these instructions:http://www.bleepingcomputer.com/forums/ind...st&p=231230 Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254868 Share Posted May 23, 2010 it keeps asking for win install cd and when I put it in it says it's the wrong cd Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2010 ID:254870 Share Posted May 23, 2010 Are you sure that this is the same disk that was used to reinstall Windows? Disk with Windows XP Professional? Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254873 Share Posted May 23, 2010 well this is a netbook and has no cd drive xp was installed from a flash drive that has been formated since installation but the cd I am using to burn image to flash drive is the same as the original xp cd i used when I installed xp on this netbook Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2010 ID:254874 Share Posted May 23, 2010 Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind*sfcfiles* Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254878 Share Posted May 23, 2010 SystemLook v1.0 by jpshortstuff (11.01.10)Log created at 17:35 on 23/05/2010 by Administrator (Administrator - Elevation successful)========== filefind ==========Searching for "*sfcfiles*"C:\i386\SFCFILES.DL_ -ra--c 80171 bytes [20:34 23/05/2010] [18:42 11/02/2010] 420E1B7B51331957FAEAD955FD33D838C:\WINDOWS\system32\sfcfiles.dll ------ 1614848 bytes [22:30 11/02/2010] [13:42 11/02/2010] 362BC5AF8EAF712832C58CC13AE05750-=End Of File=- Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2010 ID:254880 Share Posted May 23, 2010 STOP! Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2010 ID:254881 Share Posted May 23, 2010 Please check the following file in www.virustotal.com and post the resaul in your next reply:C:\WINDOWS\system32\sfcfiles.dll Link to post Share on other sites More sharing options...
jmob Posted May 23, 2010 Author ID:254890 Share Posted May 23, 2010 File has already been analysed:MD5: 362bc5af8eaf712832c58cc13ae05750First received: 2009.05.04 04:25:13 UTCDate: 2010.05.09 10:06:46 UTC [>14D]Results: 0/41 sfcfiles.dll received on 2010.05.09 10:06:46 (UTC)Current status: finished Result: 0/41 (0.00%) Link to post Share on other sites More sharing options...
Recommended Posts