Jump to content

Pop ups and other internet attacks

Flyer

By Flyer
in Resolved Malware Removal Logs

 Share

Recommended Posts

Flyer

Flyer

Posted
Posted

Hi, I need some help with my laptop. Here is the history:

- it was infected by the AV Antivirus scareware somehow

- I ran rkill and Malwarebytes. rkill came up with nothing but Malwarebytes found and cleaned several problems, including trojans

- That scareware is gone but other problems were left behind

- I tried to update the AVast program, but it would not load correctly so I removed it and loaded Norton

- Norton and Malwarebytes were run and each found and removed several infections; they both run clean now

- I still get random popups including News-11-Today.com and a few other sites

- The hibernate function only turns the screen off, the computer hangs up part way through the process and must be rebooted to bring it back to life

- I frequently get a Norton message saying it blocked an attack from the internet (example below):

An intrusion attempt by lj1i16b0.com was blocked. Network traffic from lj1i16b0.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST32.EXE.

- Ran deffogger, DDS, and GMER. GMER ran for a couple hours and then I got a blue screen as Windows had shutdown with the following error: PFN_LIST_CORRUPT. I tried to run GMER in Safemode; it ran for a short while but did not give me a file to save. So I don't have an attachment from GMER. The others are below.

Thanks for the help!

Flyer :)

----Malwarebytes Log-----------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4313

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/14/2010 10:45:34 AM

mbam-log-2010-07-14 (10-45-34).txt

Scan type: Quick scan

Objects scanned: 145279

Time elapsed: 13 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------DDS----------------

DDS (Ver_10-03-17.01) - NTFSx86

Run by Doug at 11:04:01.57 on Wed 07/14/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.329 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

D:\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Upromise\dca-ua.exe

C:\Program Files\Upromise\UpromiseTray.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\DOCUME~1\Doug\LOCALS~1\Temp\clclean.0001

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\MCUI32.EXE

C:\Documents and Settings\Doug\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.foxnews.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060912

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060912

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java? Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

uRun: [upromise Update] c:\program files\upromise\dca-ua.exe

uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://www.cpatswcbt.com/SWA_Production/launch_course.asp"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [fsimolrs] c:\documents and settings\networkservice\local settings\application data\appcoapcd\mtrcodqtssd.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: microsoft.com\office

Trusted Zone: swalife.com\www

Trusted Zone: swalife.com\www15

Trusted Zone: turbotax.com

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-7-11 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-7-11 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-12 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-7-11 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-7-11 116784]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-7-11 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-11 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100713.001\IDSXpx86.sys [2010-7-14 331640]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100713.040\NAVENG.SYS [2010-7-14 85424]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100713.040\NAVEX15.SYS [2010-7-14 1362608]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

=============== Created Last 30 ================

2010-07-14 16:02:48 0 ----a-w- c:\documents and settings\doug\defogger_reenable

2010-07-13 18:59:49 0 d-----w- c:\documents and settings\doug\.ehdc

2010-07-11 17:04:39 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-07-11 17:04:39 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-07-11 17:04:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-07-11 17:04:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-07-11 17:04:39 0 d-----w- c:\program files\Symantec

2010-07-11 17:03:44 0 d-----w- c:\windows\system32\drivers\N360

2010-07-11 17:03:41 0 d-----w- c:\program files\Norton Security Suite

2010-07-11 17:00:51 0 d-----w- c:\program files\NortonInstaller

2010-07-11 17:00:51 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-07-11 16:40:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-07-10 18:08:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-07-10 16:58:27 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-07-10 16:58:27 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-05 22:58:33 0 d-----w- c:\program files\Broadcom

2010-07-03 15:59:19 0 d-----w- c:\docume~1\doug\applic~1\Malwarebytes

2010-07-03 15:58:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-03 15:58:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-03 15:58:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-03 15:58:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-03 13:36:51 2716 ----a-w- c:\windows\awuvumax.dll

2010-07-03 06:24:33 0 ----a-w- c:\windows\Jxiqunogewusuya.bin

2010-07-03 06:24:32 120 ----a-w- c:\windows\Uwujuqoti.dat

2010-06-29 19:41:27 0 d-----w- c:\program files\Microsoft Synchronization Services

2010-06-29 19:40:19 0 d-----w- c:\documents and settings\all users\Microsoft

2010-06-29 19:40:18 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-29 19:33:04 0 d-----w- c:\program files\Microsoft Visual Studio 8

2010-06-29 19:32:00 0 d-----w- c:\program files\Microsoft Analysis Services

==================== Find3M ====================

2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2008-02-29 05:59:30 251 ----a-w- c:\program files\wt3d.ini

2010-03-19 14:52:04 88 --sh--r- c:\windows\system32\63591E1DC9.sys

2010-03-19 14:52:06 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-09-11 16:39:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat

============= FINISH: 11:05:48.18 ===============

Attach.zip

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Flyer! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 2

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 3

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

In your next reply, please include these log(s):

  1. JavaRa log
  2. TDSSKiller log

Link to post
Share on other sites
Flyer

Flyer

Posted
  • Author
Posted

Borislav,

Thank you very much for your help!

Step 1: I removed all Java, ran JavaRa, and deleted any of the folders you listed. Log below.

Step 2: I removed Viewpoint Media Player.

Step 3: I ran TDSSKiller per your instructions. Log Below.

Flyer

------JavaRa Log-------

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jul 15 08:49:20 2010

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Documents and Settings\Doug\Application Data\Sun\Java\jre1.6.0_12

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

------------------------------------

Finished reporting.

---------TDSSKiller Log------------

09:04:59:593 4352 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49

09:04:59:593 4352 ================================================================================

09:04:59:593 4352 SystemInfo:

09:04:59:593 4352 OS Version: 5.1.2600 ServicePack: 3.0

09:04:59:593 4352 Product type: Workstation

09:04:59:593 4352 ComputerName: LAPTOP

09:04:59:593 4352 UserName: Doug

09:04:59:593 4352 Windows directory: C:\WINDOWS

09:04:59:593 4352 System windows directory: C:\WINDOWS

09:04:59:593 4352 Processor architecture: Intel x86

09:04:59:593 4352 Number of processors: 2

09:04:59:593 4352 Page size: 0x1000

09:04:59:593 4352 Boot type: Normal boot

09:04:59:593 4352 ================================================================================

09:05:00:250 4352 Initialize success

09:05:00:250 4352

09:05:00:250 4352 Scanning Services ...

09:05:01:062 4352 Raw services enum returned 420 services

09:05:01:078 4352

09:05:01:078 4352 Scanning Drivers ...

09:05:01:828 4352 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

09:05:01:937 4352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:05:01:984 4352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:05:02:046 4352 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

09:05:02:093 4352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:05:02:140 4352 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

09:05:02:218 4352 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

09:05:02:250 4352 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

09:05:02:359 4352 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

09:05:02:406 4352 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

09:05:02:468 4352 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

09:05:02:515 4352 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

09:05:02:546 4352 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

09:05:02:593 4352 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

09:05:02:625 4352 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

09:05:02:640 4352 APPDRV (37105ef3bbce8a6b2970128896291985) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

09:05:02:640 4352 Suspicious file (Forged): C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS. Real md5: 37105ef3bbce8a6b2970128896291985, Fake md5: ec94e05b76d033b74394e7b2175103cf

09:05:02:640 4352 File "C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS" infected by TDSS rootkit ... 09:05:10:515 4352 Backup copy not found, trying to cure infected file..

09:05:10:515 4352 Cure success, using it..

09:05:10:796 4352 will be cured on next reboot

09:05:10:968 4352 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:05:11:031 4352 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

09:05:11:046 4352 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

09:05:11:078 4352 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

09:05:11:109 4352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:05:11:171 4352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:05:11:265 4352 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:05:11:453 4352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:05:11:515 4352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:05:11:578 4352 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

09:05:11:640 4352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:05:11:828 4352 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys

09:05:12:046 4352 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

09:05:12:078 4352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:05:12:125 4352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:05:12:187 4352 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys

09:05:12:234 4352 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

09:05:12:265 4352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:05:12:296 4352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:05:12:328 4352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:05:12:359 4352 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:05:12:390 4352 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

09:05:12:406 4352 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:05:12:453 4352 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

09:05:12:593 4352 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

09:05:12:671 4352 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

09:05:12:734 4352 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

09:05:12:750 4352 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

09:05:12:781 4352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:05:12:843 4352 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

09:05:12:937 4352 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

09:05:12:953 4352 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS

09:05:12:984 4352 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

09:05:13:015 4352 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

09:05:13:031 4352 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

09:05:13:046 4352 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

09:05:13:078 4352 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

09:05:13:125 4352 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

09:05:13:218 4352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:05:13:281 4352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:05:13:312 4352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:05:13:343 4352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:05:13:390 4352 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

09:05:13:421 4352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:05:13:453 4352 drvmcdb (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

09:05:13:468 4352 drvnddm (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

09:05:13:578 4352 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

09:05:13:750 4352 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

09:05:13:796 4352 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

09:05:13:953 4352 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

09:05:13:984 4352 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:05:14:046 4352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:05:14:109 4352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:05:14:171 4352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:05:14:203 4352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:05:14:312 4352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:05:14:375 4352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:05:14:406 4352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:05:14:453 4352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:05:14:531 4352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:05:14:578 4352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:05:14:640 4352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:05:14:671 4352 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

09:05:14:750 4352 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

09:05:14:937 4352 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

09:05:15:031 4352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:05:15:109 4352 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

09:05:15:140 4352 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

09:05:15:187 4352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:05:15:359 4352 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100714.003\IDSxpx86.sys

09:05:15:468 4352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:05:15:531 4352 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

09:05:15:578 4352 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:05:15:625 4352 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:05:15:656 4352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:05:15:703 4352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:05:15:734 4352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:05:15:781 4352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:05:15:875 4352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:05:16:125 4352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:05:16:343 4352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:05:16:421 4352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:05:16:500 4352 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys

09:05:16:562 4352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:05:16:578 4352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:05:16:734 4352 LVcKap (140fba3c639cf44648674cd11f697f37) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

09:05:17:062 4352 LVMVDrv (f52f3e700910518e3eb7a8b493ba2086) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

09:05:17:156 4352 LVPr2Mon (fbb46bc3cd3c7ff063178bf8e8bc7c67) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

09:05:17:234 4352 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\WINDOWS\system32\drivers\LVUSBSta.sys

09:05:17:296 4352 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:05:17:437 4352 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

09:05:17:484 4352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:05:17:531 4352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:05:17:640 4352 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

09:05:17:718 4352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:05:17:765 4352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:05:17:812 4352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:05:17:953 4352 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

09:05:17:984 4352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:05:18:046 4352 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:05:18:093 4352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:05:18:125 4352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:05:18:156 4352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:05:18:171 4352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:05:18:234 4352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:05:18:265 4352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

09:05:18:296 4352 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

09:05:18:343 4352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:05:18:531 4352 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100714.040\NAVENG.SYS

09:05:18:640 4352 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100714.040\NAVEX15.SYS

09:05:18:828 4352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:05:18:906 4352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:05:19:062 4352 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:05:19:093 4352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:05:19:109 4352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:05:19:125 4352 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

09:05:19:140 4352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:05:19:171 4352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:05:19:281 4352 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

09:05:19:531 4352 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

09:05:19:656 4352 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:05:19:671 4352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:05:19:718 4352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:05:19:828 4352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:05:20:031 4352 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:05:20:125 4352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:05:20:140 4352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:05:20:171 4352 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:05:20:218 4352 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

09:05:20:250 4352 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

09:05:20:296 4352 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys

09:05:20:421 4352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:05:20:468 4352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:05:20:500 4352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:05:20:515 4352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:05:20:546 4352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:05:20:578 4352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:05:20:687 4352 pepifilter (d30eda6e1ab3c8c82f2ca085ab79040a) C:\WINDOWS\system32\DRIVERS\lv302af.sys

09:05:20:750 4352 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

09:05:20:796 4352 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

09:05:20:937 4352 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

09:05:21:109 4352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:05:21:125 4352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:05:21:140 4352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:05:21:203 4352 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:05:21:250 4352 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

09:05:21:312 4352 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

09:05:21:343 4352 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

09:05:21:375 4352 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

09:05:21:390 4352 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

09:05:21:437 4352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:05:21:468 4352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:05:21:484 4352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:05:21:484 4352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:05:21:515 4352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:05:21:531 4352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:05:21:562 4352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:05:21:703 4352 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

09:05:21:750 4352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:05:21:796 4352 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

09:05:21:843 4352 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

09:05:21:859 4352 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

09:05:21:890 4352 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

09:05:21:984 4352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:05:22:046 4352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:05:22:078 4352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:05:22:125 4352 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

09:05:22:140 4352 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

09:05:22:171 4352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:05:22:281 4352 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

09:05:22:328 4352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:05:22:421 4352 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

09:05:22:484 4352 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

09:05:22:515 4352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:05:22:546 4352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:05:22:609 4352 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS

09:05:22:750 4352 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS

09:05:22:796 4352 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

09:05:22:859 4352 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

09:05:22:953 4352 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

09:05:23:015 4352 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

09:05:23:062 4352 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

09:05:23:171 4352 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

09:05:23:343 4352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:05:23:390 4352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:05:23:421 4352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:05:23:468 4352 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

09:05:23:484 4352 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

09:05:23:562 4352 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS

09:05:23:625 4352 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS

09:05:23:671 4352 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

09:05:23:734 4352 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS

09:05:23:921 4352 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS

09:05:23:968 4352 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

09:05:24:000 4352 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

09:05:24:046 4352 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

09:05:24:109 4352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:05:24:171 4352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:05:24:218 4352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:05:24:250 4352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:05:24:312 4352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:05:24:406 4352 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

09:05:24:453 4352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:05:24:500 4352 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

09:05:24:562 4352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:05:24:609 4352 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

09:05:24:687 4352 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

09:05:24:718 4352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:05:24:750 4352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:05:24:765 4352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:05:24:796 4352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:05:24:968 4352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:05:25:015 4352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:05:25:046 4352 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:05:25:078 4352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:05:25:140 4352 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

09:05:25:156 4352 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

09:05:25:203 4352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:05:25:296 4352 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys

09:05:25:484 4352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:05:25:578 4352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:05:25:656 4352 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

09:05:25:703 4352 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

09:05:25:750 4352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:05:25:796 4352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:05:25:984 4352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:05:26:031 4352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:05:26:046 4352 Reboot required for cure complete..

09:05:26:875 4352 Cure on reboot scheduled successfully

09:05:26:875 4352

09:05:26:875 4352 Completed

09:05:26:875 4352

09:05:26:875 4352 Results:

09:05:26:875 4352 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

09:05:26:875 4352 File objects infected / cured / cured on reboot: 1 / 0 / 1

09:05:26:875 4352

09:05:27:015 4352 KLMD(ARK) unloaded successfully

Link to post
Share on other sites
Flyer

Flyer

Posted
  • Author
Posted

I have not had any unwanted popups or Norton warnings about blocking internet attacks since i followed your steps. Windows did install an automatic update despite my attempts to stop it. I had wanted to finish this cleaning process prior but Windows had other ideas.

Just currious what the next step is. Should I run DDS and/or GMER again and upload the log files?

Thanks,

Flyer

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

One last check:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites
Flyer

Flyer

Posted
  • Author
Posted

OK, I ran ESET (log below) and it came out clear. However, while it was running or after it finished, Norton ran its own scan on its own and Norton found and quarentined three Trojans:

- applet.class contained threat Trojan Horse (two of these)

- eroxoheseweri.dll contained threat Trojan.Zefarch

What do you make of this? This is not the first time the second one (Trojan.Zefarch) has been detected on this laptop. How do i get rid of it for good?

I ran a Malwarebytes quick scan and it can up clean.

Again, I appreciate your help!

Flyer

---------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=41217

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=a87d5d93822fb14c83634024c1062191

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-07-18 04:34:17

# local_time=2010-07-18 11:34:17 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=3589 16777189 80 86 0 42744773 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=100740

# found=0

# cleaned=0

# scan_time=4380

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
Flyer

Flyer

Posted
  • Author
Posted

Ok, here is the Combo-Fix log:

Thanks!!!!

ComboFix 10-07-16.02 - Doug 07/18/2010 15:21:27.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.536 [GMT -5:00]

Running from: c:\documents and settings\Doug\Desktop\Combo-Fix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Doug\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp

c:\documents and settings\Doug\GoToAssistDownloadHelper.exe

c:\documents and settings\Doug\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp

c:\windows\awuvumax.dll

c:\windows\system32\Data

c:\windows\system32\Settings

c:\windows\system32\Settings\Settings.ini

c:\system volume information\EfaData . . . . failed to delete

c:\system volume information\EfaData\SYMEFA.DB . . . . failed to delete

.

((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))

.

2010-07-18 14:51 . 2010-07-18 14:51 -------- d-----w- c:\program files\ESET

2010-07-16 14:43 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-13 18:59 . 2010-07-13 19:03 -------- d-----w- c:\documents and settings\Doug\.ehdc

2010-07-11 17:04 . 2010-07-11 17:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-07-11 17:04 . 2010-07-11 17:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-07-11 17:04 . 2010-07-11 17:04 -------- d-----w- c:\program files\Symantec

2010-07-11 17:03 . 2010-07-12 12:53 -------- d-----w- c:\windows\system32\drivers\N360

2010-07-11 17:03 . 2010-07-11 17:03 -------- d-----w- c:\program files\Norton Security Suite

2010-07-11 17:03 . 2010-07-11 17:03 -------- d-----w- c:\program files\Windows Sidebar

2010-07-11 17:00 . 2010-07-11 17:00 -------- d-----w- c:\program files\NortonInstaller

2010-07-11 17:00 . 2010-07-11 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-07-11 16:40 . 2010-07-11 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-07-10 18:08 . 2010-07-11 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-07-10 16:58 . 2010-07-10 16:58 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-10 12:48 . 2010-07-10 12:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\appcoapcd

2010-07-05 22:58 . 2010-07-10 12:48 -------- d-----w- c:\program files\Broadcom

2010-07-05 22:52 . 2010-07-10 12:47 -------- d-----w- c:\program files\DIFX

2010-07-04 13:33 . 2010-07-04 13:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-07-03 15:59 . 2010-07-03 15:59 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes

2010-07-03 15:58 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-03 15:58 . 2010-07-03 15:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-03 15:58 . 2010-07-03 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-03 15:58 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-03 06:24 . 2010-07-11 15:18 0 ----a-w- c:\windows\Jxiqunogewusuya.bin

2010-07-03 06:24 . 2010-07-11 17:18 120 ----a-w- c:\windows\Uwujuqoti.dat

2010-07-03 06:24 . 2010-07-03 06:24 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\{99DC5A55-8783-484F-AD4A-514ED79C5C63}

2010-07-03 06:21 . 2010-07-03 16:42 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\ycokfnksm

2010-06-29 19:41 . 2010-06-29 19:41 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-06-29 19:40 . 2010-06-29 19:40 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-06-29 19:40 . 2010-06-29 19:40 -------- d-----w- c:\documents and settings\All Users\Microsoft

2010-06-29 19:40 . 2010-06-29 19:40 -------- d-----w- c:\program files\Microsoft.NET

2010-06-29 19:40 . 2010-06-29 19:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-29 19:33 . 2010-06-29 19:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-06-29 19:32 . 2010-06-29 19:32 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-06-29 19:31 . 2010-06-29 19:31 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\Microsoft Help

2010-06-29 19:31 . 2010-07-16 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-15 14:07 . 2006-09-12 07:34 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS

2010-07-11 17:12 . 2006-09-12 07:46 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-11 17:04 . 2010-07-11 17:04 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-07-11 17:04 . 2010-07-11 17:04 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-07-10 18:08 . 2009-09-28 03:26 -------- d-----w- c:\program files\Alwil Software

2010-07-10 12:48 . 2006-11-08 02:24 -------- d-----w- c:\program files\WBid

2010-07-10 12:47 . 2007-02-03 01:42 -------- d-----w- c:\program files\Savings Bond Wizard

2010-07-07 21:28 . 2006-09-12 07:31 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-07 21:28 . 2006-09-12 07:35 -------- d-----w- c:\program files\ATI Technologies

2010-07-04 07:01 . 2006-10-12 03:42 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-29 20:40 . 2006-09-18 15:53 82656 ----a-w- c:\documents and settings\Doug\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-29 19:42 . 2009-08-15 14:07 -------- d-----w- c:\program files\MSBuild

2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-09 12:58 . 2009-08-21 14:54 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-06 10:41 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2005-08-16 09:18 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 19:33 . 2010-04-29 19:33 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

2010-04-20 05:30 . 2005-08-16 09:18 285696 ----a-w- c:\windows\system32\atmfd.dll

2008-02-29 05:59 . 2008-02-29 05:59 251 ----a-w- c:\program files\wt3d.ini

2010-03-19 14:52 . 2006-09-22 00:10 88 --sh--r- c:\windows\system32\63591E1DC9.sys

2010-03-19 14:52 . 2006-09-22 00:10 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

2010-02-28 07:20 561552 ----a-w- c:\progra~1\MI1933~1\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2009-10-07 81920]

"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2009-10-10 167936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-12 169984]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]

"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-04-28 142120]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-12 202256]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk

backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware InterCom.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MySoftware InterCom.lnk

backup=c:\windows\pss\MySoftware InterCom.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-05-17 15:53 780312 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]

2008-03-26 22:40 2577120 ----a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-17 17:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-03-12 14:33 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

2006-02-16 14:20 1118208 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"IntuitUpdateService"=2 (0x2)

"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\WBid\\WBid.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [7/11/2010 4:31 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [7/11/2010 4:31 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/12/2010 10:34 PM 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [7/11/2010 4:31 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [7/11/2010 4:31 PM 116784]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [7/11/2010 4:30 PM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/11/2010 12:12 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100716.001\IDSXpx86.sys [7/18/2010 9:16 AM 331640]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

.

Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-430985571-1763092298-3837956967-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-430985571-1763092298-3837956967-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-07-18 c:\windows\Tasks\User_Feed_Synchronization-{C76EFDDD-AA01-4350-84DA-B49A5F3C8D24}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

2010-07-04 c:\windows\Tasks\WBid 3.1 Updates.job

- c:\windows\Installer\WBid 3.1 Updates for All Users.lnk [2008-08-08 03:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060912

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: microsoft.com\office

Trusted Zone: swalife.com\www

Trusted Zone: swalife.com\www15

Trusted Zone: turbotax.com

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

MSConfigStartUp-PC Pitstop Optimize Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe

MSConfigStartUp-PC Pitstop Optimize2 Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe

MSConfigStartUp-Pqakosulizego - c:\windows\eroxoheseweri.dll

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

AddRemove-StudioWorks - c:\windows\system32\javaws.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-18 15:35

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-430985571-1763092298-3837956967-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5484)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\stsystra.exe

c:\windows\system32\Rundll32.exe

c:\docume~1\Doug\LOCALS~1\Temp\clclean.0001

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-07-18 15:41:17 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-18 20:41

Pre-Run: 20,554,821,632 bytes free

Post-Run: 20,544,827,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

- - End Of File - - 8E26B75086F3BB46024F938421DB376B

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Good work! :)

Yes, you can turn it on. Last steps:

Step 1

To enable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 2

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 3

Please manually delete Defogger, JavaRa, TDSSKiller, DDS and GMER.

Step 4

Please download and install the latest version of Java from:

www.java.com/en

Step 5

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.