Jump to content

antivirus 2010 removal

root44

By root44
in Resolved Malware Removal Logs

 Share

Recommended Posts

root44

root44

Posted
Posted

My computer has "antivirus 2010"

I have Windows XP running.

I was running Avast as my virus scanner. AV 2010 disabled that.

I loaded the following;

Norton Security Suite

Norton 360

Malwarebytes

Super anti something or other

and a couple of other anti virus packages.

AV 2010 shut each one down while running scans.

I have downloaded and run TSSKiller, ATF_Cleaner

I have downloaded and attempted to run Combofix. It loads but keepsgiving "Access Denied" errors when I try to run it.

I am at a loss as to how to get this thing off of my computer.

Please help

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted

Here is the log from TDSSKiller

TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/20 19:43:52.0953 ================================================================================

2010/10/20 19:43:52.0953 SystemInfo:

2010/10/20 19:43:52.0953

2010/10/20 19:43:52.0953 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/20 19:43:52.0953 Product type: Workstation

2010/10/20 19:43:52.0953 ComputerName: MYLES

2010/10/20 19:43:52.0953 UserName: Russ

2010/10/20 19:43:52.0953 Windows directory: C:\WINDOWS

2010/10/20 19:43:52.0953 System windows directory: C:\WINDOWS

2010/10/20 19:43:52.0953 Processor architecture: Intel x86

2010/10/20 19:43:52.0953 Number of processors: 1

2010/10/20 19:43:52.0953 Page size: 0x1000

2010/10/20 19:43:52.0953 Boot type: Safe boot with network

2010/10/20 19:43:52.0953 ================================================================================

2010/10/20 19:43:53.0265 Initialize success

2010/10/20 19:44:00.0468 ================================================================================

2010/10/20 19:44:00.0468 Scan started

2010/10/20 19:44:00.0468 Mode: Manual;

2010/10/20 19:44:00.0468 ================================================================================

2010/10/20 19:44:02.0734 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/20 19:44:02.0953 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/20 19:44:03.0171 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/20 19:44:03.0390 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/20 19:44:03.0640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/20 19:44:03.0921 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/20 19:44:04.0187 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/20 19:44:04.0484 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/20 19:44:04.0765 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/20 19:44:05.0015 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/20 19:44:05.0265 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/20 19:44:05.0625 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/10/20 19:44:06.0046 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/20 19:44:06.0296 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/20 19:44:06.0546 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/20 19:44:06.0828 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/20 19:44:07.0140 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WPN311.sys

2010/10/20 19:44:07.0406 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/20 19:44:07.0671 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/20 19:44:07.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/20 19:44:08.0218 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2010/10/20 19:44:08.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/20 19:44:08.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/20 19:44:09.0375 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/20 19:44:09.0703 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/20 19:44:09.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/20 19:44:10.0250 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/20 19:44:10.0796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/20 19:44:11.0062 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/20 19:44:11.0359 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/20 19:44:11.0625 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/20 19:44:11.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/20 19:44:12.0140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/20 19:44:12.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/20 19:44:12.0921 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/20 19:44:13.0265 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/20 19:44:13.0546 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/20 19:44:13.0796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/20 19:44:14.0281 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/20 19:44:14.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/20 19:44:14.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/20 19:44:15.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/20 19:44:15.0406 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/20 19:44:15.0718 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/20 19:44:15.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/20 19:44:16.0234 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys

2010/10/20 19:44:16.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/20 19:44:16.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/20 19:44:17.0109 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/20 19:44:17.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/20 19:44:17.0625 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/20 19:44:17.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/20 19:44:18.0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/20 19:44:18.0406 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/20 19:44:18.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/20 19:44:18.0984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/20 19:44:19.0296 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/20 19:44:19.0546 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2010/10/20 19:44:19.0828 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/10/20 19:44:20.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/20 19:44:20.0406 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/20 19:44:20.0656 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/20 19:44:20.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/20 19:44:21.0234 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/20 19:44:21.0531 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/20 19:44:21.0812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/20 19:44:22.0078 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/20 19:44:22.0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/20 19:44:22.0578 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/20 19:44:22.0843 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/20 19:44:23.0093 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/20 19:44:23.0640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/20 19:44:23.0875 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/20 19:44:24.0140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/20 19:44:24.0390 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/20 19:44:24.0640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/20 19:44:24.0921 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/20 19:44:25.0468 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/20 19:44:25.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/20 19:44:26.0031 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/20 19:44:26.0296 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys

2010/10/20 19:44:26.0546 motmodem (4b4cc4125d39104d3bbfa890f572c33d) C:\WINDOWS\system32\DRIVERS\motmodem.sys

2010/10/20 19:44:26.0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/20 19:44:27.0062 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/20 19:44:27.0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/20 19:44:27.0578 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/20 19:44:27.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/20 19:44:28.0140 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/20 19:44:28.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/20 19:44:28.0718 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/20 19:44:28.0968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/20 19:44:29.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/20 19:44:29.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/20 19:44:29.0750 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/20 19:44:30.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/20 19:44:30.0265 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

2010/10/20 19:44:30.0531 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/20 19:44:30.0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/20 19:44:31.0093 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/20 19:44:31.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/20 19:44:31.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/20 19:44:31.0859 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/20 19:44:32.0109 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/20 19:44:32.0421 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/20 19:44:32.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/20 19:44:33.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/20 19:44:33.0343 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/20 19:44:33.0640 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/10/20 19:44:33.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/20 19:44:34.0218 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/20 19:44:34.0515 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/20 19:44:34.0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/20 19:44:35.0093 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/10/20 19:44:35.0328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/20 19:44:35.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/20 19:44:35.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/20 19:44:36.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/20 19:44:36.0515 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/20 19:44:36.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/20 19:44:37.0796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/20 19:44:38.0062 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/20 19:44:38.0546 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/20 19:44:38.0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/20 19:44:39.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/20 19:44:39.0375 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/20 19:44:39.0656 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/20 19:44:39.0921 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/20 19:44:40.0187 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/20 19:44:40.0437 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/20 19:44:40.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/20 19:44:40.0968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/20 19:44:41.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/20 19:44:41.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/20 19:44:41.0750 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/20 19:44:42.0000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/20 19:44:42.0250 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/20 19:44:42.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/20 19:44:42.0843 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/20 19:44:43.0187 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2010/10/20 19:44:44.0078 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/20 19:44:44.0390 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/20 19:44:44.0656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/20 19:44:44.0953 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/20 19:44:45.0437 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/20 19:44:45.0703 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/20 19:44:45.0937 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/20 19:44:46.0250 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/20 19:44:46.0531 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/20 19:44:46.0843 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/20 19:44:47.0156 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/10/20 19:44:47.0421 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/20 19:44:47.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/20 19:44:48.0000 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/20 19:44:48.0250 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/20 19:44:48.0515 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/20 19:44:48.0781 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/20 19:44:49.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/20 19:44:49.0328 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys

2010/10/20 19:44:49.0609 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/20 19:44:49.0890 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/20 19:44:50.0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/20 19:44:50.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/20 19:44:50.0734 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/20 19:44:51.0062 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

2010/10/20 19:44:51.0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/20 19:44:51.0546 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/20 19:44:51.0843 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/20 19:44:52.0156 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/20 19:44:52.0390 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/20 19:44:52.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/20 19:44:52.0890 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/20 19:44:53.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/20 19:44:53.0406 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

2010/10/20 19:44:53.0656 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys

2010/10/20 19:44:53.0921 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/20 19:44:54.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/20 19:44:54.0218 Suspicious service (NoAccess): vbma26aa

2010/10/20 19:44:54.0406 vbma26aa (ac078c5c3d5de6b760ed6dc1d938d221) C:\WINDOWS\system32\drivers\vbma26aa.sys

2010/10/20 19:44:54.0437 vbma26aa - detected Locked service (1)

2010/10/20 19:44:54.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/20 19:44:54.0906 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/20 19:44:55.0171 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/20 19:44:55.0437 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/20 19:44:55.0765 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/20 19:44:56.0031 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/10/20 19:44:56.0296 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2010/10/20 19:44:56.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/20 19:44:57.0046 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/20 19:44:57.0500 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/10/20 19:44:57.0796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/20 19:44:58.0125 XIRLINK (57fa8fde401b35216e687d5c32d0632b) C:\WINDOWS\system32\DRIVERS\ucdnt.sys

2010/10/20 19:44:58.0390 ================================================================================

2010/10/20 19:44:58.0390 Scan finished

2010/10/20 19:44:58.0390 ================================================================================

2010/10/20 19:44:58.0453 Detected object count: 1

2010/10/20 19:45:12.0093 Locked service(vbma26aa) - User select action: Skip

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

TDSSKiller has found the rootkit, now we have to delete it:

2010/10/20 19:44:58.0453 Detected object count: 1

2010/10/20 19:45:12.0093 Locked service(vbma26aa) - User select action: Skip

Run TDSSKiller again but this time choose delete for this service.

Reboot and run it again to confirm nothing was found.

Let me know, MrC

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted
Welcome to the forum.

TDSSKiller has found the rootkit, now we have to delete it:

2010/10/20 19:44:58.0453 Detected object count: 1

2010/10/20 19:45:12.0093 Locked service(vbma26aa) - User select action: Skip

Run TDSSKiller again but this time choose delete for this service.

Reboot and run it again to confirm nothing was found.

Let me know, MrC

I will run it again this afternoon. When I ran it last night I didn't see an option to delete.

Is the skip box a toggle with other options?

thanks

Russ

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted

Here is the TDSSKiller log;

2010/10/21 17:10:24.0453 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/21 17:10:24.0453 ================================================================================

2010/10/21 17:10:24.0453 SystemInfo:

2010/10/21 17:10:24.0453

2010/10/21 17:10:24.0453 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/21 17:10:24.0453 Product type: Workstation

2010/10/21 17:10:24.0453 ComputerName: MYLES

2010/10/21 17:10:24.0453 UserName: Russ

2010/10/21 17:10:24.0453 Windows directory: C:\WINDOWS

2010/10/21 17:10:24.0453 System windows directory: C:\WINDOWS

2010/10/21 17:10:24.0453 Processor architecture: Intel x86

2010/10/21 17:10:24.0453 Number of processors: 1

2010/10/21 17:10:24.0453 Page size: 0x1000

2010/10/21 17:10:24.0453 Boot type: Normal boot

2010/10/21 17:10:24.0453 ================================================================================

2010/10/21 17:10:24.0609 Initialize success

2010/10/21 17:10:39.0812 ================================================================================

2010/10/21 17:10:39.0812 Scan started

2010/10/21 17:10:39.0812 Mode: Manual;

2010/10/21 17:10:39.0812 ================================================================================

2010/10/21 17:10:40.0375 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/21 17:10:40.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/21 17:10:40.0843 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/21 17:10:41.0078 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/21 17:10:41.0312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/21 17:10:41.0531 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/21 17:10:41.0765 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/21 17:10:41.0984 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/21 17:10:42.0218 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/21 17:10:42.0437 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/21 17:10:42.0671 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/21 17:10:43.0000 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/10/21 17:10:43.0343 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/21 17:10:43.0546 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/21 17:10:43.0781 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/21 17:10:44.0000 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/21 17:10:44.0250 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WPN311.sys

2010/10/21 17:10:44.0500 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/21 17:10:44.0734 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/21 17:10:44.0953 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/21 17:10:45.0140 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2010/10/21 17:10:45.0406 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/21 17:10:45.0625 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/21 17:10:46.0078 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/21 17:10:46.0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/21 17:10:46.0718 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/21 17:10:46.0937 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/21 17:10:47.0359 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/21 17:10:47.0578 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/21 17:10:47.0812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/21 17:10:48.0031 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/21 17:10:48.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/21 17:10:48.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/21 17:10:48.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/21 17:10:49.0140 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/21 17:10:49.0406 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/21 17:10:49.0640 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/21 17:10:49.0859 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/21 17:10:50.0281 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/21 17:10:50.0531 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/21 17:10:50.0781 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/21 17:10:51.0015 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/21 17:10:51.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/21 17:10:51.0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/21 17:10:51.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/21 17:10:51.0953 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys

2010/10/21 17:10:52.0203 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/21 17:10:52.0453 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/21 17:10:52.0687 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/21 17:10:53.0078 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/21 17:10:53.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/21 17:10:53.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/21 17:10:54.0218 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/21 17:10:54.0562 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/21 17:10:54.0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/21 17:10:55.0031 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/21 17:10:55.0265 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/21 17:10:55.0484 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2010/10/21 17:10:55.0937 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/10/21 17:10:56.0171 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/21 17:10:56.0406 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/21 17:10:56.0625 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/21 17:10:56.0843 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/21 17:10:57.0078 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/21 17:10:57.0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/21 17:10:57.0531 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/21 17:10:57.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/21 17:10:57.0984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/21 17:10:58.0203 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/21 17:10:58.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/21 17:10:58.0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/21 17:10:58.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/21 17:10:59.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/21 17:10:59.0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/21 17:10:59.0546 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/21 17:10:59.0765 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/21 17:11:00.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/21 17:11:00.0421 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/21 17:11:00.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/21 17:11:00.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/21 17:11:01.0109 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys

2010/10/21 17:11:01.0328 motmodem (4b4cc4125d39104d3bbfa890f572c33d) C:\WINDOWS\system32\DRIVERS\motmodem.sys

2010/10/21 17:11:01.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/21 17:11:01.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/21 17:11:02.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/21 17:11:02.0218 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/21 17:11:02.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/21 17:11:02.0671 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/21 17:11:02.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/21 17:11:03.0171 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/21 17:11:03.0390 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/21 17:11:03.0609 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/21 17:11:03.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/21 17:11:04.0062 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/21 17:11:04.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/21 17:11:04.0500 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

2010/10/21 17:11:04.0734 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/21 17:11:04.0968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/21 17:11:05.0187 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/21 17:11:05.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/21 17:11:05.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/21 17:11:05.0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/21 17:11:06.0062 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/21 17:11:06.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/21 17:11:06.0484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/21 17:11:06.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/21 17:11:07.0000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/21 17:11:07.0234 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/10/21 17:11:07.0453 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/21 17:11:07.0734 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/21 17:11:08.0015 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/21 17:11:08.0234 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/21 17:11:08.0468 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/10/21 17:11:08.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/21 17:11:08.0921 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/21 17:11:09.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/21 17:11:09.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/21 17:11:09.0765 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/21 17:11:09.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/21 17:11:10.0890 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/21 17:11:11.0109 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/21 17:11:11.0359 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/21 17:11:11.0609 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/21 17:11:11.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/21 17:11:12.0062 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/21 17:11:12.0281 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/21 17:11:12.0515 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/21 17:11:12.0734 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/21 17:11:12.0984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/21 17:11:13.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/21 17:11:13.0437 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/21 17:11:13.0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/21 17:11:13.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/21 17:11:14.0093 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/21 17:11:14.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/21 17:11:14.0562 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/21 17:11:14.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/21 17:11:15.0046 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/21 17:11:15.0296 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2010/10/21 17:11:15.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/21 17:11:16.0171 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/21 17:11:16.0390 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/21 17:11:16.0656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/21 17:11:17.0046 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/21 17:11:17.0296 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/21 17:11:17.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/21 17:11:17.0734 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/21 17:11:17.0953 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/21 17:11:18.0203 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/21 17:11:18.0406 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/10/21 17:11:18.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/21 17:11:18.0875 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/21 17:11:19.0109 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/21 17:11:19.0328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/21 17:11:19.0562 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/21 17:11:19.0781 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/21 17:11:20.0000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/21 17:11:20.0218 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys

2010/10/21 17:11:20.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/21 17:11:20.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/21 17:11:20.0921 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/21 17:11:21.0125 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/21 17:11:21.0390 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/21 17:11:21.0640 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

2010/10/21 17:11:21.0859 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/21 17:11:22.0093 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/21 17:11:22.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/21 17:11:22.0593 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/21 17:11:22.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/21 17:11:23.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/21 17:11:23.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/21 17:11:23.0484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/21 17:11:23.0687 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

2010/10/21 17:11:23.0906 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys

2010/10/21 17:11:24.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/21 17:11:24.0359 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/21 17:11:24.0546 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/21 17:11:24.0765 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/21 17:11:24.0984 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/21 17:11:25.0203 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/21 17:11:25.0453 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/21 17:11:25.0656 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/10/21 17:11:25.0906 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2010/10/21 17:11:26.0312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/21 17:11:26.0562 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/21 17:11:26.0890 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/10/21 17:11:27.0140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/21 17:11:27.0390 XIRLINK (57fa8fde401b35216e687d5c32d0632b) C:\WINDOWS\system32\DRIVERS\ucdnt.sys

2010/10/21 17:11:27.0531 ================================================================================

2010/10/21 17:11:27.0531 Scan finished

2010/10/21 17:11:27.0531 ================================================================================

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted

Here is the Combofix log;

ComboFix 10-10-20.04 - Russ 10/21/2010 16:51:13.1.1 - x86

Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

AV: PC Tools AntiVirus Free *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\.wtav

C:\install.exe

c:\program files\Mozilla Firefox\extensions\{7D6D0A90-DEB3-4A7A-A97C-23FE8D0AB23B}

c:\program files\Mozilla Firefox\extensions\{7D6D0A90-DEB3-4A7A-A97C-23FE8D0AB23B}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{7D6D0A90-DEB3-4A7A-A97C-23FE8D0AB23B}\chrome\content\overlay.xul

c:\program files\Mozilla Firefox\extensions\{7D6D0A90-DEB3-4A7A-A97C-23FE8D0AB23B}\install.rdf

c:\windows\run.log

c:\windows\system32\6to4ex.dll

c:\windows\system32\drivers\vbma26aa.sys

c:\windows\system32\StwwvGgh.ini

c:\windows\system32\StwwvGgh.ini2

c:\windows\system32\tsyhtsrd.ini

c:\windows\system32\UACiimovmybrdidmiq.db

c:\windows\system32\UACrdljeeyprumupdd.log

c:\windows\system32\uniq.tll

c:\windows\Tasks\viuxqojo.job

D:\Autorun.inf

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_UACD.SYS

-------\Service_vbma26aa

((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))

.

2010-10-21 23:44 . 2010-10-21 23:44 -------- d-----w- C:\TDSSKiller_Quarantine

2010-10-21 04:17 . 2010-10-21 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-21 01:38 . 2010-10-21 02:46 -------- d-----w- C:\svchost.exe

2010-10-20 05:48 . 2010-10-20 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-10-20 05:48 . 2010-10-20 05:48 -------- d-----w- c:\program files\IObit

2010-10-20 03:35 . 2010-10-20 03:35 -------- d-----w- c:\program files\EMCO

2010-10-20 01:08 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-10-14 02:07 . 2010-10-21 00:32 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-10-13 23:38 . 2010-10-13 23:39 -------- d-----w- c:\documents and settings\Administrator

2010-10-13 04:36 . 2010-10-13 04:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2010-10-13 04:36 . 2010-10-13 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-13 04:06 . 2010-10-13 04:06 -------- d-sh--w- c:\documents and settings\Russ\IECompatCache

2010-10-13 04:01 . 2010-10-13 04:01 -------- d--h--w- c:\windows\PIF

2010-10-13 03:46 . 2010-10-20 03:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-10-13 03:46 . 2010-10-13 03:46 -------- d-----w- c:\documents and settings\Russ\Local Settings\Application Data\Threat Expert

2010-10-12 05:50 . 2010-10-13 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-10-12 05:48 . 2004-08-04 19:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll

2010-10-12 05:48 . 2004-08-04 19:00 10752 ----a-w- c:\windows\system32\c_iscii.dll

2010-10-12 05:48 . 2004-08-04 19:00 5632 ----a-w- c:\windows\system32\kbdusa.dll

2010-10-12 05:48 . 2004-08-04 19:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll

2010-10-12 02:37 . 2010-10-12 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2010-10-12 00:58 . 2010-10-12 00:58 -------- d-----w- c:\windows\LMI8.tmp

2010-10-12 00:48 . 2010-10-12 02:51 -------- d-----w- c:\windows\LMI7.tmp

2010-10-11 13:43 . 2010-10-11 13:43 -------- d-----w- c:\documents and settings\Russ\Application Data\Tific

2010-10-11 05:28 . 2010-10-11 05:28 -------- d-----w- c:\program files\Windows Sidebar

2010-10-11 05:13 . 2010-10-21 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-10-11 02:13 . 2010-10-11 02:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-10-11 02:10 . 2010-10-11 02:10 -------- d-----w- c:\documents and settings\Russ\Local Settings\Application Data\Sunbelt Software

2010-10-11 01:44 . 2010-10-11 01:44 -------- d-----w- c:\documents and settings\Russ\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

NETGEAR WPN311 Smart Wizard.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2006-12-4 1503232]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-21 07:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\NETGEAR\\WPN311\\wlancfg5.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S0 rufehckh;rufehckh;c:\windows\system32\drivers\rtkzejou.sys --> c:\windows\system32\drivers\rtkzejou.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 10:09 PM 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 DFBCFDBA;DFBCFDBA; [x]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [8/24/2009 7:27 PM 42752]

S3 s3chipid;s3chipid;\??\c:\docume~1\Owner\LOCALS~1\Temp\s3chipid.sys --> c:\docume~1\Owner\LOCALS~1\Temp\s3chipid.sys [?]

S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [1/8/2010 11:45 PM 805808]

.

Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 05:09]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 05:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

BHO-{CC402C73-477A-4560-8FB9-C90D7D292461} - (no file)

Toolbar-Locked - (no file)

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL

Notify-cbXrSJcd - cbXrSJcd.dll

Notify-fccaWPhG - fccaWPhG.dll

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: error reading MBR

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf76bbf28

\Driver\ACPI -> ACPI.sys @ 0xf75aecb8

\Driver\atapi -> atapi.sys @ 0xf74ae852

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: WPN311 RangeMax Wireless PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7a38bd4

PacketIndicateHandler -> NDIS.sys @ 0xf7a44a21

SendHandler -> NDIS.sys @ 0xf7a38d44

malicious code @ sector 0x950a600 size 0x1c1 !

copy of MBR has been found in sector 62 !

MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\acs.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\windows\system32\wdfmgr.exe

c:\windows\SOUNDMAN.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-10-21 17:07:56 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-22 00:07

Pre-Run: 18,948,890,624 bytes free

Post-Run: 20,404,064,256 bytes free

- - End Of File - - 2715839E3DA5260339CC200E898C9BDB

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, Please do this........

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Driver::

rufehckh

DFBCFDBA

File::

C:\svchost.exe

c:\windows\system32\drivers\rtkzejou.sys

MBR::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply and a fresh HJT log.

MrC

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted
OK, Please do this........

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply and a fresh HJT log.

MrC

Will do.

One note, While running ComboFix It says that I have Noton running. I un-installed Norton a couple of days ago. But Combo still sees it?

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted

Here is the latest Combofix log;

ComboFix 10-10-21.02 - Russ 10/21/2010 18:14:25.2.1 - x86

Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Russ\Desktop\CFScript.txt

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

AV: PC Tools AntiVirus Free *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::

"C:\svchost.exe"

"c:\windows\system32\drivers\rtkzejou.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_DFBCFDBA

-------\Service_rufehckh

((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))

.

2010-10-21 23:44 . 2010-10-21 23:44 -------- d-----w- C:\TDSSKiller_Quarantine

2010-10-21 04:17 . 2010-10-21 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-21 01:38 . 2010-10-21 02:46 -------- d-----w- C:\svchost.exe

2010-10-20 05:48 . 2010-10-20 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-10-20 05:48 . 2010-10-20 05:48 -------- d-----w- c:\program files\IObit

2010-10-20 03:35 . 2010-10-20 03:35 -------- d-----w- c:\program files\EMCO

2010-10-20 01:08 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-10-14 02:07 . 2010-10-21 00:32 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-10-13 23:38 . 2010-10-13 23:39 -------- d-----w- c:\documents and settings\Administrator

2010-10-13 04:36 . 2010-10-13 04:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2010-10-13 04:36 . 2010-10-13 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-13 04:06 . 2010-10-13 04:06 -------- d-sh--w- c:\documents and settings\Russ\IECompatCache

2010-10-13 04:01 . 2010-10-13 04:01 -------- d--h--w- c:\windows\PIF

2010-10-13 03:46 . 2010-10-20 03:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-10-13 03:46 . 2010-10-13 03:46 -------- d-----w- c:\documents and settings\Russ\Local Settings\Application Data\Threat Expert

2010-10-12 05:50 . 2010-10-13 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-10-12 05:48 . 2004-08-04 19:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll

2010-10-12 05:48 . 2004-08-04 19:00 10752 ----a-w- c:\windows\system32\c_iscii.dll

2010-10-12 05:48 . 2004-08-04 19:00 5632 ----a-w- c:\windows\system32\kbdusa.dll

2010-10-12 05:48 . 2004-08-04 19:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll

2010-10-12 02:37 . 2010-10-12 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2010-10-12 00:58 . 2010-10-12 00:58 -------- d-----w- c:\windows\LMI8.tmp

2010-10-12 00:48 . 2010-10-12 02:51 -------- d-----w- c:\windows\LMI7.tmp

2010-10-11 13:43 . 2010-10-11 13:43 -------- d-----w- c:\documents and settings\Russ\Application Data\Tific

2010-10-11 05:28 . 2010-10-11 05:28 -------- d-----w- c:\program files\Windows Sidebar

2010-10-11 05:13 . 2010-10-21 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-10-11 02:13 . 2010-10-11 02:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-10-11 02:10 . 2010-10-11 02:10 -------- d-----w- c:\documents and settings\Russ\Local Settings\Application Data\Sunbelt Software

2010-10-11 01:44 . 2010-10-11 01:44 -------- d-----w- c:\documents and settings\Russ\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

NETGEAR WPN311 Smart Wizard.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2006-12-4 1503232]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-21 07:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\NETGEAR\\WPN311\\wlancfg5.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 10:09 PM 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [8/24/2009 7:27 PM 42752]

S3 s3chipid;s3chipid;\??\c:\docume~1\Owner\LOCALS~1\Temp\s3chipid.sys --> c:\docume~1\Owner\LOCALS~1\Temp\s3chipid.sys [?]

S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [1/8/2010 11:45 PM 805808]

.

Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 05:09]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 05:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)

c:\windows\system32\Ati2evxx.dll

c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(2756)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\acs.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\windows\system32\wdfmgr.exe

c:\windows\SOUNDMAN.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-10-21 18:29:31 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-22 01:29

ComboFix2.txt 2010-10-22 00:07

Pre-Run: 20,385,214,464 bytes free

Post-Run: 20,382,056,448 bytes free

- - End Of File - - 69057B2BA7ED7E100ACE65AF0A507807

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Looks Good except that this file came back after it was deleted:

C:\svchost.exe <--------

I sure it's malware, the real svchost.exe is located in the C:\WINDOWS\system32\ folder

-------------------------------

Please find these files and upload them to VirusTotal for a free scan:

http://www.virustotal.com/

C:\svchost.exe

c:\windows\LMI8.tmp

c:\windows\LMI7.tmp

Let me know the results, MrC

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted
Looks Good except that this file came back after it was deleted:

C:\svchost.exe <--------

I sure it's malware, the real svchost.exe is located in the C:\WINDOWS\system32\ folder

-------------------------------

Please find these files and upload them to VirusTotal for a free scan:

http://www.virustotal.com/

C:\svchost.exe

c:\windows\LMI8.tmp

c:\windows\LMI7.tmp

Let me know the results, MrC

All three of those are subdirectories.

SVCHost had a file in it titled PEV.cfxxe. I uploaded that didn't get a reply

LMI8.tmp has 7 files in it. LMI_rescue.exe is one of them, ra64app.exe is another one

LMI7.tmp has 1 file in it rescue.log

I uploaded LMI_rescue.exe. system said it had already been uploaded and if I am reading it correctly it is not malware?

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted

Good Morning MrC;

I reloaded Norton Security Suite last night, and was able to complete the following;

1. updated the definitions.

2. Rebooted the computer.

3. Ran a quick scan. (found 3 tracking cookies)

4. Rebooted.

5. Ran a full system scan. (found and corrected 11 items, Adware and tracking cookies)

Thanks to your help I believe that my system is free of AV2010 .

thanks again

Russ

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

That's Good News thumbsup.gif

----------------------------------

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------

Before you go I'd like to check your systems security:

Please do this:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites
root44

root44

Posted
  • Author
Posted

here are the results of the security check;

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 16

Out of date Java installed!

Adobe Flash Player 10.0.32.18

Adobe Reader 7.0

Out of date Adobe Reader installed!

Mozilla Firefox (3.0.19) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.