Jump to content

Random pop ups


Recommended Posts

Hello all, I am new to the forums and would really appreciate any help with my current problem. I have been trying to rid my computer of what i suspect is very well hidden spyware. My web browser keeps redirecting itself to random sites. Also a google window keeps opening by itself. I have tried reinstalling the OS to no avail. I have lost most of my files that i have not had backed up. The problem has persisted for a week now. I have attatched the logs that have been requested beforehand. I know that people that help around here are extremely busy. I just want to say thanks on advance for your help.

DDS.txt

Attach.zip

Link to post
Share on other sites

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Hi Tyler_Durden And Welcome to Malwarebytes Forum!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

DeFogger

Download DeFogger by jpshortstuff from here & save it to your desktop.

  • Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If not reboot your PC

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hello Kenny94, thank you for your time in helping me with my problem! Firstly, I disabled my antivirus protection then I finished running Defogger, it didn't ask me to reboot, so I did so myself. I ran it again to be sure and it said ERROR could not access files. So here is the log that it produced.

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 12:34 on 27/07/2010 (Administrator)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Then i ran combofix and it did everything it was supposed to except that it did not create a log.

I will post the Hijackthis log just in case you need it.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:59:34 PM, on 7/27/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\IPSBHO.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.cnet.com

O15 - Trusted Zone: http://www.eohpoker.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe

--

End of file - 5892 bytes

Lastly, I noticed this in the Highjackthis results, it looks kind of suspicious to me but I'm no professional

O2-BHO:WormRadar.com IESiteblocker.NavFilter -{3CA2F312-6F6E-A66E-4E65E497C8CO} - C:\Program Files\AVG9\avgssie.dll (file missing)

Link to post
Share on other sites

oh ok sorry, I had to look in the Combo Fix folder to retrieve it though it is kind of short

ComboFix 10-07-26.04 - Administrator 07/27/2010 12:45:10.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3055.2461 [GMT -5:00]

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

.

Also i forgot to mention that when Combofix was done running I recieved an error message from microsoft, but i could not copy past the info it gave me.

Link to post
Share on other sites

Here it is

ComboFix 10-07-26.04 - Administrator 07/27/2010 14:31:21.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3055.2510 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))

.

2010-07-27 09:44 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-07-27 09:43 . 2010-07-27 09:43 -------- d-----w- c:\program files\Windows Defender

2010-07-27 09:27 . 2010-07-27 09:27 -------- d-----w- c:\program files\Common Files\Java

2010-07-27 09:26 . 2010-07-27 09:26 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\msvcp71.dll

2010-07-27 09:26 . 2010-07-27 09:26 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\jmc.dll

2010-07-27 09:26 . 2010-07-27 09:26 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\msvcr71.dll

2010-07-27 09:26 . 2010-07-27 09:26 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a66e7b6-n\decora-sse.dll

2010-07-27 09:26 . 2010-07-27 09:26 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a66e7b6-n\decora-d3d.dll

2010-07-27 09:26 . 2010-07-27 09:26 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-27 09:26 . 2010-07-27 09:26 -------- d-----w- c:\program files\Java

2010-07-27 09:22 . 2010-07-27 09:22 -------- d-----w- c:\windows\Sun

2010-07-27 05:40 . 2010-07-27 05:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2010-07-27 05:40 . 2010-07-27 05:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-07-27 05:35 . 2010-07-27 05:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-07-27 04:50 . 2010-07-27 08:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2010-07-27 04:49 . 2010-07-27 04:49 -------- d-----w- c:\program files\Trend Micro

2010-07-27 04:47 . 2010-07-27 05:35 -------- d-----w- c:\program files\Google

2010-07-27 04:47 . 2010-07-27 04:47 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe

2010-07-27 04:47 . 2010-07-27 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-27 04:35 . 2010-07-27 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-07-27 04:35 . 2010-07-27 04:41 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-27 04:35 . 2010-07-27 04:41 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-07-27 04:35 . 2010-07-27 04:41 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-27 04:35 . 2010-07-27 04:36 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-27 04:35 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-07-27 04:35 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll

2010-07-27 04:35 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll

2010-07-27 04:35 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-07-27 04:35 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-07-27 04:35 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-07-27 04:35 . 2010-07-27 04:35 -------- d-----w- C:\NVIDIA

2010-07-27 03:53 . 2010-07-27 03:53 -------- d-----w- c:\windows\ServicePackFiles

2010-07-27 03:20 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-27 03:20 . 2010-07-27 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-27 03:20 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-27 03:11 . 2010-07-27 04:10 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-27 03:09 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-27 03:09 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-27 03:09 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-27 03:09 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-27 03:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-27 03:07 . 2010-07-27 03:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-07-27 03:07 . 2010-07-27 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-27 03:07 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-27 03:07 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-27 03:07 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-27 03:06 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-27 03:04 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-27 02:54 . 2008-06-12 14:16 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll

2010-07-27 02:54 . 2008-06-12 14:16 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll

2010-07-27 02:54 . 2008-06-12 14:16 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll

2010-07-27 02:54 . 2008-06-12 14:16 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll

2010-07-27 02:54 . 2008-06-12 14:16 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll

2010-07-27 02:54 . 2008-06-12 14:16 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll

2010-07-27 02:54 . 2008-10-23 13:01 283648 ------w- c:\windows\system32\dllcache\gdi32.dll

2010-07-27 02:54 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-27 02:54 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-27 02:53 . 2009-12-24 07:05 177664 ------w- c:\windows\system32\dllcache\wintrust.dll

2010-07-27 02:53 . 2010-01-13 14:10 85504 ------w- c:\windows\system32\dllcache\cabview.dll

2010-07-27 02:53 . 2010-07-27 02:53 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2010-07-27 02:52 . 2010-07-27 02:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-07-27 02:51 . 2010-07-27 02:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-07-27 02:50 . 2010-07-27 02:50 -------- d-----w- c:\windows\ie8updates

2010-07-27 02:49 . 2010-07-27 02:50 -------- dc-h--w- c:\windows\ie8

2010-07-27 02:49 . 2008-06-24 16:23 74240 ------w- c:\windows\system32\dllcache\mscms.dll

2010-07-27 02:49 . 2009-05-07 15:44 344064 ------w- c:\windows\system32\dllcache\localspl.dll

2010-07-27 02:49 . 2009-11-27 17:33 17920 ------w- c:\windows\system32\dllcache\msyuv.dll

2010-07-27 02:49 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-27 02:43 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-27 02:43 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-27 02:43 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-27 02:43 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-27 02:43 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-27 02:43 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-27 02:43 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-27 02:42 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-07-27 02:42 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-27 01:19 . 2010-07-27 01:19 -------- d-----w- c:\program files\Program Shortcuts

2010-07-27 01:15 . 2010-07-27 01:15 1744 --sha-r- c:\windows\system32\drivers\103C_HP_WS_HP xw4600 Workstation_YW_0xw_Q2UA805_EU_48WS_I0AA0h_SHP_V_B786F3 v01.04_T071108_WXP2_L409_M3056_J250_7Intel_8Core2 Duo E6850_93_#100726_N14E4167B_()_X_CD6_Z_2_G10DE040E_OATAPI DVD A DH16A1L_DDEFAULT.MRK

2010-07-27 01:15 . 2010-07-27 01:13 -------- d-----w- c:\program files\Hewlett-Packard

2010-07-27 01:14 . 2006-04-26 00:31 91227 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-27 01:14 . 2010-07-27 01:14 -------- d-----w- c:\program files\Hewlett-Packard Company

2010-07-27 01:14 . 2010-07-27 01:10 -------- d-----w- c:\program files\Broadcom

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\PDF Complete

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\Common Files\LightScribe

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\Intel

2010-07-27 01:12 . 2010-07-27 01:11 -------- d-----w- c:\program files\HPQ

2010-07-27 01:11 . 2010-07-27 01:11 -------- d-----w- c:\program files\HP

2010-07-27 01:11 . 2010-07-27 01:11 315392 ----a-w- c:\windows\HideWin.exe

2010-07-27 01:11 . 2010-07-27 01:11 -------- d-----w- c:\program files\Realtek

2010-07-27 01:10 . 2010-07-27 01:10 -------- d-----w- c:\program files\Common Files\InstallShield

2010-07-27 01:05 . 2010-07-27 00:53 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-27 01:03 . 2010-07-27 01:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView

2010-07-27 01:03 . 2010-07-27 01:03 -------- d-----w- c:\program files\microsoft frontpage

2010-07-27 00:53 . 2010-07-27 00:53 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-07-27 00:53 . 2010-07-27 00:53 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-07-27 00:53 . 2010-07-27 00:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-07-27 00:53 . 2010-07-27 00:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Symantec

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Norton AntiVirus

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Windows Sidebar

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-07-27 00:51 . 2010-07-27 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-07-27 00:50 . 2010-07-27 00:50 -------- d-----w- c:\program files\NortonInstaller

2010-07-26 23:40 . 2010-07-26 23:40 -------- d-----w- c:\program files\AVG

2010-07-26 23:22 . 2010-07-26 23:22 14024 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-26 23:21 . 2010-07-26 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2010-07-26 23:20 . 2010-07-27 01:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-09 22:38 . 2010-07-27 01:10 604776 ----a-w- c:\windows\system32\nvudisp.exe

2010-07-09 22:38 . 2010-07-27 00:59 13549568 ----a-w- c:\windows\system32\nvoglnt.dll

2010-07-09 22:38 . 2010-07-27 00:59 236136 ----a-w- c:\windows\system32\nvcodins.dll

2010-07-09 22:38 . 2010-07-27 00:59 236136 ----a-w- c:\windows\system32\nvcod.dll

2010-07-09 22:38 . 2010-07-27 00:59 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-07-09 22:38 . 2010-07-27 00:59 6343040 ----a-w- c:\windows\system32\nv4_disp.dll

2010-07-09 22:38 . 2010-07-27 00:59 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-07-09 21:24 . 2010-07-09 21:24 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-07-09 21:24 . 2010-07-09 21:24 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-07-09 21:24 . 2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-07-09 21:24 . 2010-07-09 21:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2010-07-09 21:24 . 2010-07-09 21:24 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-07-09 21:24 . 2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

2010-07-07 18:46 . 2010-07-27 01:10 604776 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-06-14 14:30 . 2004-08-04 07:56 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-05-06 10:41 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 07:09 . 2004-08-04 06:17 1859968 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-06-25 331288]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [7/26/2010 8:55 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [7/26/2010 8:55 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/9/2010 9:44 PM 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [7/26/2010 8:55 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [7/26/2010 8:55 PM 116784]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [7/26/2010 8:55 PM 126392]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4/30/2010 6:52 AM 3795560]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7/26/2010 8:13 PM 540184]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/26/2010 8:02 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100723.001\IDSXpx86.sys [7/26/2010 8:02 PM 331640]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 12:35 AM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 05:35]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 05:35]

2010-07-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: cnet.com\download

Trusted Zone: eohpoker.com\www

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-27 14:32

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3631521018-3230012320-2596617520-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,39,53,62,f9,96,79,4c,91,c9,f8,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,39,53,62,f9,96,79,4c,91,c9,f8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-07-27 14:33:30

ComboFix-quarantined-files.txt 2010-07-27 19:33

Pre-Run: 226,159,951,872 bytes free

Post-Run: 226,185,441,280 bytes free

- - End Of File - - 03A006BC69639ED8C3E666B731408C2F

Link to post
Share on other sites

Lastly, I noticed this in the Highjackthis results, it looks kind of suspicious to me but I'm no professional

O2-BHO:WormRadar.com IESiteblocker.NavFilter -{3CA2F312-6F6E-A66E-4E65E497C8CO} - C:\Program Files\AVG9\avgssie.dll (file missing)

This is a left over from AVG. It's fine.

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

RegLock::
[HKEY_USERS\S-1-5-21-3631521018-3230012320-2596617520-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

Folder::
c:\program files\AVG

DDS::
Trusted Zone: cnet.com\download
Trusted Zone: eohpoker.com\www

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt and Malwarebytes report in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Next

lease download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Then

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

New ComboFix Log

ComboFix 10-07-26.04 - Administrator 07/27/2010 15:23:29.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3055.2480 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\AVG

.

((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))

.

2010-07-27 09:44 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-07-27 09:43 . 2010-07-27 09:43 -------- d-----w- c:\program files\Windows Defender

2010-07-27 09:27 . 2010-07-27 09:27 -------- d-----w- c:\program files\Common Files\Java

2010-07-27 09:26 . 2010-07-27 09:26 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\msvcp71.dll

2010-07-27 09:26 . 2010-07-27 09:26 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\jmc.dll

2010-07-27 09:26 . 2010-07-27 09:26 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62ee3fed-n\msvcr71.dll

2010-07-27 09:26 . 2010-07-27 09:26 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a66e7b6-n\decora-sse.dll

2010-07-27 09:26 . 2010-07-27 09:26 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a66e7b6-n\decora-d3d.dll

2010-07-27 09:26 . 2010-07-27 09:26 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-27 09:26 . 2010-07-27 09:26 -------- d-----w- c:\program files\Java

2010-07-27 09:22 . 2010-07-27 09:22 -------- d-----w- c:\windows\Sun

2010-07-27 05:40 . 2010-07-27 05:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2010-07-27 05:40 . 2010-07-27 05:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-07-27 05:35 . 2010-07-27 05:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-07-27 04:50 . 2010-07-27 08:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2010-07-27 04:49 . 2010-07-27 04:49 -------- d-----w- c:\program files\Trend Micro

2010-07-27 04:47 . 2010-07-27 05:35 -------- d-----w- c:\program files\Google

2010-07-27 04:47 . 2010-07-27 04:47 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe

2010-07-27 04:47 . 2010-07-27 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-27 04:35 . 2010-07-27 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-07-27 04:35 . 2010-07-27 04:41 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-27 04:35 . 2010-07-27 04:41 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-07-27 04:35 . 2010-07-27 04:41 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-27 04:35 . 2010-07-27 04:36 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-27 04:35 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-07-27 04:35 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll

2010-07-27 04:35 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll

2010-07-27 04:35 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-07-27 04:35 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-07-27 04:35 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-07-27 04:35 . 2010-07-27 04:35 -------- d-----w- C:\NVIDIA

2010-07-27 03:53 . 2010-07-27 03:53 -------- d-----w- c:\windows\ServicePackFiles

2010-07-27 03:20 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-27 03:20 . 2010-07-27 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-27 03:20 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-27 03:11 . 2010-07-27 04:10 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-27 03:09 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-27 03:09 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-27 03:09 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-27 03:09 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-27 03:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-27 03:07 . 2010-07-27 03:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-07-27 03:07 . 2010-07-27 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-27 03:07 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-27 03:07 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-27 03:07 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-27 03:06 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-27 03:04 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-27 02:54 . 2008-06-12 14:16 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll

2010-07-27 02:54 . 2008-06-12 14:16 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll

2010-07-27 02:54 . 2008-06-12 14:16 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll

2010-07-27 02:54 . 2008-06-12 14:16 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll

2010-07-27 02:54 . 2008-06-12 14:16 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll

2010-07-27 02:54 . 2008-06-12 14:16 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll

2010-07-27 02:54 . 2008-10-23 13:01 283648 ------w- c:\windows\system32\dllcache\gdi32.dll

2010-07-27 02:54 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-27 02:54 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-27 02:53 . 2009-12-24 07:05 177664 ------w- c:\windows\system32\dllcache\wintrust.dll

2010-07-27 02:53 . 2010-01-13 14:10 85504 ------w- c:\windows\system32\dllcache\cabview.dll

2010-07-27 02:53 . 2010-07-27 02:53 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2010-07-27 02:52 . 2010-07-27 02:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-07-27 02:51 . 2010-07-27 02:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-07-27 02:50 . 2010-07-27 02:50 -------- d-----w- c:\windows\ie8updates

2010-07-27 02:49 . 2010-07-27 02:50 -------- dc-h--w- c:\windows\ie8

2010-07-27 02:49 . 2008-06-24 16:23 74240 ------w- c:\windows\system32\dllcache\mscms.dll

2010-07-27 02:49 . 2009-05-07 15:44 344064 ------w- c:\windows\system32\dllcache\localspl.dll

2010-07-27 02:49 . 2009-11-27 17:33 17920 ------w- c:\windows\system32\dllcache\msyuv.dll

2010-07-27 02:49 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-27 02:43 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-27 02:43 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-27 02:43 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-27 02:43 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-27 02:43 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-27 02:43 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-27 02:43 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-27 02:42 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-07-27 02:42 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-27 01:19 . 2010-07-27 01:19 -------- d-----w- c:\program files\Program Shortcuts

2010-07-27 01:15 . 2010-07-27 01:15 1744 --sha-r- c:\windows\system32\drivers\103C_HP_WS_HP xw4600 Workstation_YW_0xw_Q2UA805_EU_48WS_I0AA0h_SHP_V_B786F3 v01.04_T071108_WXP2_L409_M3056_J250_7Intel_8Core2 Duo E6850_93_#100726_N14E4167B_()_X_CD6_Z_2_G10DE040E_OATAPI DVD A DH16A1L_DDEFAULT.MRK

2010-07-27 01:15 . 2010-07-27 01:13 -------- d-----w- c:\program files\Hewlett-Packard

2010-07-27 01:14 . 2006-04-26 00:31 91227 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-27 01:14 . 2010-07-27 01:14 -------- d-----w- c:\program files\Hewlett-Packard Company

2010-07-27 01:14 . 2010-07-27 01:10 -------- d-----w- c:\program files\Broadcom

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\PDF Complete

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\Common Files\LightScribe

2010-07-27 01:13 . 2010-07-27 01:13 -------- d-----w- c:\program files\Intel

2010-07-27 01:12 . 2010-07-27 01:11 -------- d-----w- c:\program files\HPQ

2010-07-27 01:11 . 2010-07-27 01:11 -------- d-----w- c:\program files\HP

2010-07-27 01:11 . 2010-07-27 01:11 315392 ----a-w- c:\windows\HideWin.exe

2010-07-27 01:11 . 2010-07-27 01:11 -------- d-----w- c:\program files\Realtek

2010-07-27 01:10 . 2010-07-27 01:10 -------- d-----w- c:\program files\Common Files\InstallShield

2010-07-27 01:05 . 2010-07-27 00:53 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-27 01:03 . 2010-07-27 01:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView

2010-07-27 01:03 . 2010-07-27 01:03 -------- d-----w- c:\program files\microsoft frontpage

2010-07-27 00:53 . 2010-07-27 00:53 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-07-27 00:53 . 2010-07-27 00:53 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-07-27 00:53 . 2010-07-27 00:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-07-27 00:53 . 2010-07-27 00:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Symantec

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Norton AntiVirus

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\program files\Windows Sidebar

2010-07-27 00:53 . 2010-07-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-07-27 00:51 . 2010-07-27 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-07-27 00:50 . 2010-07-27 00:50 -------- d-----w- c:\program files\NortonInstaller

2010-07-26 23:22 . 2010-07-26 23:22 14024 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-26 23:21 . 2010-07-26 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2010-07-26 23:20 . 2010-07-27 01:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-09 22:38 . 2010-07-27 01:10 604776 ----a-w- c:\windows\system32\nvudisp.exe

2010-07-09 22:38 . 2010-07-27 00:59 13549568 ----a-w- c:\windows\system32\nvoglnt.dll

2010-07-09 22:38 . 2010-07-27 00:59 236136 ----a-w- c:\windows\system32\nvcodins.dll

2010-07-09 22:38 . 2010-07-27 00:59 236136 ----a-w- c:\windows\system32\nvcod.dll

2010-07-09 22:38 . 2010-07-27 00:59 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-07-09 22:38 . 2010-07-27 00:59 6343040 ----a-w- c:\windows\system32\nv4_disp.dll

2010-07-09 22:38 . 2010-07-27 00:59 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-07-09 21:24 . 2010-07-09 21:24 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-07-09 21:24 . 2010-07-09 21:24 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-07-09 21:24 . 2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-07-09 21:24 . 2010-07-09 21:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2010-07-09 21:24 . 2010-07-09 21:24 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-07-09 21:24 . 2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

2010-07-07 18:46 . 2010-07-27 01:10 604776 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-06-14 14:30 . 2004-08-04 07:56 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-05-06 10:41 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 07:09 . 2004-08-04 06:17 1859968 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-07-27_19.32.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-27 20:33 . 2010-07-27 20:33 16384 c:\windows\Temp\Perflib_Perfdata_1e4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-06-25 331288]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [7/26/2010 8:55 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [7/26/2010 8:55 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/9/2010 9:44 PM 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [7/26/2010 8:55 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [7/26/2010 8:55 PM 116784]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [7/26/2010 8:55 PM 126392]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4/30/2010 6:52 AM 3795560]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7/26/2010 8:13 PM 540184]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/26/2010 8:02 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100723.001\IDSXpx86.sys [7/26/2010 8:02 PM 331640]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 12:35 AM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 05:35]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 05:35]

2010-07-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-27 15:33

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1972)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2010-07-27 15:35:07 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-27 20:35

ComboFix2.txt 2010-07-27 19:33

Pre-Run: 226,143,633,408 bytes free

Post-Run: 227,236,560,896 bytes free

- - End Of File - - 21F60A06AEC287EC3DAAEB2E8E67E39E

MBAM LOG

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/27/2010 3:40:58 PM

mbam-log-2010-07-27 (15-40-58).txt

Scan type: Quick scan

Objects scanned: 107898

Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

You can copy and paste your attatchments becuse I can't open them.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Link to post
Share on other sites

Still nothing found, which is very aggrivating since I know there is something wrong.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, July 27, 2010

Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, July 27, 2010 08:05:37

Records in database: 4196059

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - File:

Scan statistics:

Objects scanned: 34326

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 00:31:53

No threats found. Scanned area is clean.

Selected area has been scanned.

Link to post
Share on other sites

What error message do you received with Malwarebytes? Also you hear in odd sounds in your PC?

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

Link to post
Share on other sites

Ok numerous things are happening.

1-MBAM doesnt allow me to update and says "MBAM_ERROR_UPDATING (12007,0, WinHttpSendRequest)

2-After tdsskiller finished, it automattically reboot and I received a message saying that a Stop (Blue Screen) Error had occured

Tdsskiller Log

2010/07/27 17:10:54.0812 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49

2010/07/27 17:10:54.0812 ================================================================================

2010/07/27 17:10:54.0812 SystemInfo:

2010/07/27 17:10:54.0812

2010/07/27 17:10:54.0812 OS Version: 5.1.2600 ServicePack: 2.0

2010/07/27 17:10:54.0812 Product type: Workstation

2010/07/27 17:10:54.0812 ComputerName: Home

2010/07/27 17:10:54.0812 UserName: Administrator

2010/07/27 17:10:54.0812 Windows directory: C:\WINDOWS

2010/07/27 17:10:54.0812 System windows directory: C:\WINDOWS

2010/07/27 17:10:54.0812 Processor architecture: Intel x86

2010/07/27 17:10:54.0812 Number of processors: 2

2010/07/27 17:10:54.0812 Page size: 0x1000

2010/07/27 17:10:54.0812 Boot type: Normal boot

2010/07/27 17:10:54.0812 ================================================================================

2010/07/27 17:10:54.0984 Initialize success

2010/07/27 17:10:56.0468 ================================================================================

2010/07/27 17:10:56.0468 Scan started

2010/07/27 17:10:56.0468 Mode: Manual;

2010/07/27 17:10:56.0468 ================================================================================

2010/07/27 17:10:57.0500 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/07/27 17:10:57.0859 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/07/27 17:10:58.0062 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/07/27 17:10:58.0093 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/07/27 17:10:58.0109 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2010/07/27 17:10:58.0125 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2010/07/27 17:10:58.0171 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2010/07/27 17:10:58.0203 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/07/27 17:10:58.0203 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/07/27 17:10:58.0250 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/07/27 17:10:58.0281 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/07/27 17:10:58.0296 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/07/27 17:10:58.0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/07/27 17:10:58.0343 b57w2k (71509c9db1a4b2c05141563fbe3e18a0) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2010/07/27 17:10:58.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/07/27 17:10:58.0578 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys

2010/07/27 17:10:58.0765 Blfp (ed3763d2d54bf2c6180983e0201406cf) C:\WINDOWS\system32\DRIVERS\baspxp32.sys

2010/07/27 17:10:58.0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/07/27 17:10:58.0906 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys

2010/07/27 17:10:58.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/07/27 17:10:58.0968 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/07/27 17:10:58.0984 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/07/27 17:10:59.0015 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/07/27 17:10:59.0062 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/07/27 17:10:59.0078 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/07/27 17:10:59.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/07/27 17:10:59.0109 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/07/27 17:10:59.0140 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/07/27 17:10:59.0171 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/07/27 17:10:59.0187 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/07/27 17:10:59.0265 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/07/27 17:10:59.0296 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/07/27 17:10:59.0468 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/07/27 17:10:59.0500 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/07/27 17:10:59.0515 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/07/27 17:10:59.0531 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/07/27 17:10:59.0546 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/07/27 17:10:59.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/07/27 17:10:59.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/07/27 17:10:59.0578 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/07/27 17:10:59.0625 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/07/27 17:10:59.0656 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/07/27 17:10:59.0703 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/07/27 17:10:59.0734 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/07/27 17:10:59.0750 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2010/07/27 17:10:59.0765 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2010/07/27 17:10:59.0765 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2010/07/27 17:10:59.0781 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2010/07/27 17:10:59.0781 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2010/07/27 17:10:59.0796 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2010/07/27 17:10:59.0796 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

2010/07/27 17:10:59.0812 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

2010/07/27 17:10:59.0812 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

2010/07/27 17:10:59.0828 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2010/07/27 17:10:59.0828 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2010/07/27 17:10:59.0843 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2010/07/27 17:10:59.0859 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2010/07/27 17:10:59.0859 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

2010/07/27 17:10:59.0875 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

2010/07/27 17:10:59.0921 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2010/07/27 17:11:00.0093 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100723.001\IDSxpx86.sys

2010/07/27 17:11:00.0265 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/07/27 17:11:00.0421 IntcAzAudAddService (915ce2a58c6917e3c53be1e91fa66ba8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/07/27 17:11:00.0453 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/07/27 17:11:00.0468 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/07/27 17:11:00.0468 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/07/27 17:11:00.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/07/27 17:11:00.0484 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/07/27 17:11:00.0515 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/07/27 17:11:00.0531 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/07/27 17:11:00.0546 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/07/27 17:11:00.0593 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/07/27 17:11:00.0640 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/07/27 17:11:00.0671 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys

2010/07/27 17:11:00.0703 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2010/07/27 17:11:00.0734 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/07/27 17:11:00.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/07/27 17:11:00.0796 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/07/27 17:11:00.0812 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/07/27 17:11:00.0859 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/07/27 17:11:00.0890 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/07/27 17:11:00.0906 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/07/27 17:11:00.0953 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/07/27 17:11:00.0984 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/07/27 17:11:01.0000 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/07/27 17:11:01.0015 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/07/27 17:11:01.0015 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/07/27 17:11:01.0046 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/07/27 17:11:01.0062 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/07/27 17:11:01.0218 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100727.005\NAVENG.SYS

2010/07/27 17:11:01.0265 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100727.005\NAVEX15.SYS

2010/07/27 17:11:01.0546 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/07/27 17:11:01.0562 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/07/27 17:11:01.0578 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/07/27 17:11:01.0578 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/07/27 17:11:01.0593 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/07/27 17:11:01.0609 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/07/27 17:11:01.0640 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/07/27 17:11:01.0640 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/07/27 17:11:01.0656 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/07/27 17:11:01.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/07/27 17:11:01.0890 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/07/27 17:11:02.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/07/27 17:11:02.0140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/07/27 17:11:02.0156 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/07/27 17:11:02.0171 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/07/27 17:11:02.0203 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/07/27 17:11:02.0218 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/07/27 17:11:02.0218 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/07/27 17:11:02.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/07/27 17:11:02.0265 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/07/27 17:11:02.0328 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/07/27 17:11:02.0343 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/07/27 17:11:02.0343 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/07/27 17:11:02.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/07/27 17:11:02.0406 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/07/27 17:11:02.0421 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/07/27 17:11:02.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/07/27 17:11:02.0453 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/07/27 17:11:02.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/07/27 17:11:02.0468 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/07/27 17:11:02.0500 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/07/27 17:11:02.0546 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/07/27 17:11:02.0546 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/07/27 17:11:02.0578 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/07/27 17:11:02.0593 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/07/27 17:11:02.0609 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/07/27 17:11:02.0640 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2010/07/27 17:11:02.0656 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/07/27 17:11:02.0718 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS

2010/07/27 17:11:02.0750 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS

2010/07/27 17:11:02.0781 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/07/27 17:11:02.0812 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/07/27 17:11:02.0843 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/07/27 17:11:02.0859 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/07/27 17:11:02.0875 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/07/27 17:11:02.0921 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS

2010/07/27 17:11:02.0953 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS

2010/07/27 17:11:02.0984 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/07/27 17:11:03.0015 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS

2010/07/27 17:11:03.0046 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

2010/07/27 17:11:03.0109 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS

2010/07/27 17:11:03.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/07/27 17:11:03.0281 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/07/27 17:11:03.0296 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/07/27 17:11:03.0343 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/07/27 17:11:03.0359 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/07/27 17:11:03.0375 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/07/27 17:11:03.0406 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/07/27 17:11:03.0421 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/07/27 17:11:03.0437 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2010/07/27 17:11:03.0468 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/07/27 17:11:03.0484 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/07/27 17:11:03.0500 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/07/27 17:11:03.0546 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/07/27 17:11:03.0546 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/07/27 17:11:03.0578 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/07/27 17:11:03.0593 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/07/27 17:11:03.0609 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/07/27 17:11:03.0640 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/07/27 17:11:03.0656 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/07/27 17:11:03.0703 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/07/27 17:11:03.0703 ================================================================================

2010/07/27 17:11:03.0703 Scan finished

2010/07/27 17:11:03.0703 ================================================================================

Link to post
Share on other sites

Yes there are still redirects, but Google no longer pops up. It always redirects me to the same sites over and over. As far as the sound goes, that remains normal, no beeping or whiring, nothing unusual there. Volume is consistent to the level I have it at. Im starting to believe that I aquired this malware from a program I recieved from a friend. He later told me he had downloaded it from a torrent site. If I would have known that before hand I would have never installed it. My problems arose shortly after that. Sorry for the delayed response.

Link to post
Share on other sites

Hey,

I'm not exactly allowed to give out information here but I plan on commenting on it...

This is the 2nd forum I read about the same problem... And well the reason I've been looking into it, is that I have it as well, just wondering how to fix it - And so far it seems its not working for you.. or even the other guy. So I don't think I'm going to try it..

Oh, also, was the "Google" website you were getting... Http://www.google.com/webhp? That's the one I'm having as well as the one in the other forum. I as well am also having constant pop ups from other sites - So I don't believe its from the program you got from your friend as I have not DL'd any programs lately.

Previous to this problem I aquired a malware virus - Antivirus Pro - Which I so recently detected and deleted with several diffrent programs, including Hijack this, AVG, MBAM, and Spybot S&D.

So anyways to the point, if you find a solution that actually works and can get rid of the virus fast, I'd really appreciate if you would tell me. Thanks :)

Regards,

Sam

Link to post
Share on other sites

Hey Sam, thanks for sharing your info, we are all here to help one another so I would have no problem letting you know if something works. I too aquired that same antivirus pro malware, i deleted it, and then reinstalled my OS, i havent seen it since, but now I have my current problems.

Link to post
Share on other sites

Hi Sam.B0

Please start your topic. Thanks.

Tyler_Durden

As to your problem, try resetting your Winsock and your DNS cache.

Click Start. click run, type: cmd, and press Enter

Type: netsh winsock reset, and then press the ENTER key.

Type: ipconfig /flushdns, and then press the ENTER key.

Type: Exit and press ENTER.

Restart the computer.

Test out your browser. Let me know how it goes.

Link to post
Share on other sites

Hey Sam, thanks for sharing your info, we are all here to help one another so I would have no problem letting you know if something works. I too aquired that same antivirus pro malware, i deleted it, and then reinstalled my OS, i havent seen it since, but now I have my current problems.

Hey again,

Yeahhh I'd rather fix my problems rather then delete everything.. Been workin so far O.o. But I also have a ton of AV...

Anyways, thanks :)

FYI:

I ran scans in:

AVG

Hijack This

Spyboy S&D

Malwarebytes Anti-Malware

And all I found were cookies :/ (Yum) haha

So thats just a little FYI so you don't have to waste time, though you may have more luck..

Link to post
Share on other sites

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :processes
    explorer.exe

    :Services

    :Reg

    :Files
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar\gtb3A.tmp.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.