Jump to content

Recommended Posts

System Tool 2011 popped up on my computer and is not creating chaos. it wouldn't allow me to open task manager and when I would connect to the internet, it would slow and eventually freeze. Won't fully restart now. How do I get this thing off my computer?? Please help.

here is the MBAM log:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5345

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

12/17/2010 3:32:56 PM

mbam-log-2010-12-17 (15-32-56).txt

Scan type: Quick scan

Objects scanned: 242533

Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:documents and settingsbranch201Desktoperr.log659723094 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:documents and settingsbranch201local settingsTemphrihhetfwo.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:documents and settingsbranch201local settingsTempxinxiryfkf.dll (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:windowserfsht80.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:documents and settingsbranch201application dataAdobeplugskb659767907.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:documents and settingsbranch201application dataAdobeplugskb659808985.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:documents and settingsbranch201Desktopsystem tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.

Link to post
Share on other sites

New MBAM log in Safe Mode:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5345

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

12/17/2010 5:54:14 PM

mbam-log-2010-12-17 (17-54-14).txt

Scan type: Quick scan

Objects scanned: 242982

Time elapsed: 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

After ComboFix, computer restarted in normal mode and hasn't had any additional popups or symptoms although I haven't used it extensively yet. Here is the ComboFix log:

ComboFix 10-12-19.03 - branch202 12/20/2010 9:35.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3543.3117 [GMT -6:00]

Running from: c:\documents and settings\Branch202\Desktop\Combo-Fix.exe

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\bIkAj06511

c:\documents and settings\All Users\Application Data\bIkAj06511\bIkAj06511

c:\documents and settings\All Users\Application Data\bIkAj06511\bIkAj06511.exe

c:\documents and settings\Branch201\Application Data\Adobe\AdobeUpdate .exe

c:\documents and settings\Branch201\Application Data\Adobe\plugs

c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}

c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}\chrome.manifest

c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}\chrome\content\_cfg.js

c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}\chrome\content\overlay.xul

c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}\install.rdf

c:\documents and settings\Branch201\Start Menu\Programs\HDD Tools

c:\documents and settings\Branch201\Start Menu\Programs\HDD Tools\HDD Tools.lnk

c:\documents and settings\Branch201\Start Menu\Programs\HDD Tools\Uninstall HDD Tools.lnk

c:\documents and settings\Branch201\Start Menu\Programs\System Tool

c:\documents and settings\Branch201\Start Menu\Programs\System Tool\System Tool 2011.lnk

c:\documents and settings\jbarnett\Desktop\Internet Explorer.lnk

c:\documents and settings\jbarnett\g2mdlhlpx.exe

c:\windows\isalidarexowex.dll

c:\windows\system32\Drivers\uiiojlvl.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_axsdku

((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))

.

2010-12-19 02:58 . 2010-12-19 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-12-17 20:19 . 2010-12-17 20:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-12-17 20:17 . 2010-12-17 20:17 0 ----a-w- c:\windows\Axolihiki.bin

2010-12-17 15:40 . 2010-12-17 15:40 -------- d-----w- c:\documents and settings\Branch201\Application Data\yoclient

2010-12-10 18:08 . 2010-12-10 18:08 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-12-10 18:08 . 2010-12-10 18:08 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2010-12-02 13:17 . 2010-12-01 14:57 -------- d-----w- c:\documents and settings\Branch201\Application Data\HP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-08 19:12 . 2010-04-14 15:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-12-08 19:11 . 2010-04-14 15:08 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2010-12-08 19:11 . 2010-04-14 15:08 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-12-08 19:11 . 2010-04-14 15:08 87424 ----a-w- c:\windows\system32\LMIinit.dll

2010-11-29 23:42 . 2010-09-08 17:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 23:42 . 2010-09-08 17:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-30 15:10 . 2010-04-14 15:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2010-09-30 15:10 . 2010-04-14 15:08 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]

"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]

"RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]

"MVIClientEngineController"="c:\program files\MVi\Client Engine\ClientPostSvcController.exe" [2008-09-15 196608]

"MViRCS"="c:\program files\MVi\RCS\rcs.exe" [2010-01-06 868352]

"ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2005-05-27 188416]

"MVIHotKey"="c:\program files\MVi\Hotkey\MVI_HotKey.exe" [2010-02-10 442368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-9 221247]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 9:10 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 2:09 PM 12856]

R2 MVi Client Engine;MVi Client Engine;c:\program files\MVi\Client Engine\ClientEngine.exe [9/17/2008 12:59 PM 122880]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/19/2010 6:35 PM 635416]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]

R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [6/13/2009 10:33 AM 81920]

R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [6/4/2009 10:49 AM 73728]

R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [4/5/2010 1:19 PM 77824]

R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [4/30/2009 6:46 PM 77824]

R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [6/4/2009 10:51 AM 81920]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/19/2010 6:30 PM 2066968]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/19/2010 7:19 PM 149600]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2010 7:22 PM 102448]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 11:46 AM 44800]

S2 0066661269268390mcinstcleanup;McAfee Application Installer Cleanup (0066661269268390);c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: {35C78FE6-06D2-488A-96C9-85F0E6A15281} = 10.8.2.8,10.8.1.8

DPF: {737B4809-A1B0-4A96-82AC-124040809EF1} - hxxp://suite.cu08/shared/BranchUtil.CAB

DPF: {9CF59D67-FABF-43BB-885B-68E9D6D340F0} - hxxp://suite.cu08/shared/SummitCSCS.CAB

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Lhewuxujabowixa - c:\windows\isalidarexowex.dll

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-20 09:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST316031 rev.HP34 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7F3555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7f97b0]; MOV EAX, [0x8a7f982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A821030]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000071[0x8A80C910]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A7D8028]

\Driver\iaStor[0x8A7D6860] -> IRP_MJ_CREATE -> 0x8A7F3555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST3160318AS_____________________________HP34____#4&603d60d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

error: Read The request could not be performed because of an I/O device error.

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1232)

c:\windows\system32\WININET.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1292)

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3980)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\system32\EpStsSrv.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\Intel\AMT\LMS.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\progra~1\SAAZOD\RMHLPDSK.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\mvi\control\RCSListener.exe

c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\progra~1\SAAZOD\RMIP.exe

.

**************************************************************************

.

Completion time: 2010-12-20 09:51:56 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-20 15:51

Pre-Run: 141,324,619,776 bytes free

Post-Run: 141,486,997,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\windows

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\windows="Disk 0 Partition 1 Windows Installation"

- - End Of File - - 5055828219D40FA45623BC29FBAA17CD

Link to post
Share on other sites

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Link to post
Share on other sites

ran TDSSKiller (log below). After choosing "reboot" when it was done, it took almost 20 minutes for my computer to shut down. It also would lock up when I tried to turn "automatic updates" on. Had to turn firewall back on after restart.

2010/12/20 11:13:14.0652 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/20 11:13:14.0652 ================================================================================

2010/12/20 11:13:14.0652 SystemInfo:

2010/12/20 11:13:14.0652

2010/12/20 11:13:14.0652 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/20 11:13:14.0652 Product type: Workstation

2010/12/20 11:13:14.0652 ComputerName: BRANCH208

2010/12/20 11:13:14.0652 UserName: branch202

2010/12/20 11:13:14.0652 Windows directory: C:\windows

2010/12/20 11:13:14.0652 System windows directory: C:\windows

2010/12/20 11:13:14.0652 Processor architecture: Intel x86

2010/12/20 11:13:14.0652 Number of processors: 2

2010/12/20 11:13:14.0652 Page size: 0x1000

2010/12/20 11:13:14.0652 Boot type: Normal boot

2010/12/20 11:13:14.0652 ================================================================================

2010/12/20 11:13:14.0761 Initialize success

2010/12/20 11:13:32.0290 ================================================================================

2010/12/20 11:13:32.0290 Scan started

2010/12/20 11:13:32.0290 Mode: Manual;

2010/12/20 11:13:32.0290 ================================================================================

2010/12/20 11:13:32.0633 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\windows\system32\drivers\ac97intc.sys

2010/12/20 11:13:32.0665 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys

2010/12/20 11:13:32.0712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys

2010/12/20 11:13:32.0727 adpu160m (9a11864873da202c996558b2106b0bbc) C:\windows\system32\DRIVERS\adpu160m.sys

2010/12/20 11:13:32.0743 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\windows\system32\DRIVERS\adpu320.sys

2010/12/20 11:13:32.0774 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys

2010/12/20 11:13:32.0821 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys

2010/12/20 11:13:32.0868 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\windows\system32\DRIVERS\aic78u2.sys

2010/12/20 11:13:32.0883 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\windows\system32\DRIVERS\aic78xx.sys

2010/12/20 11:13:32.0993 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys

2010/12/20 11:13:33.0024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys

2010/12/20 11:13:33.0055 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys

2010/12/20 11:13:33.0102 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys

2010/12/20 11:13:33.0149 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys

2010/12/20 11:13:33.0196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys

2010/12/20 11:13:33.0227 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys

2010/12/20 11:13:33.0274 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys

2010/12/20 11:13:33.0305 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys

2010/12/20 11:13:33.0415 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys

2010/12/20 11:13:33.0524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys

2010/12/20 11:13:33.0571 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys

2010/12/20 11:13:33.0633 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys

2010/12/20 11:13:33.0664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys

2010/12/20 11:13:33.0696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys

2010/12/20 11:13:33.0743 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\windows\system32\DRIVERS\dpti2o.sys

2010/12/20 11:13:33.0789 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys

2010/12/20 11:13:33.0836 E100B (3fca03cbca11269f973b70fa483c88ef) C:\windows\system32\DRIVERS\e100b325.sys

2010/12/20 11:13:33.0883 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\windows\system32\DRIVERS\e1k5132.sys

2010/12/20 11:13:33.0993 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/12/20 11:13:34.0039 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/12/20 11:13:34.0149 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys

2010/12/20 11:13:34.0196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys

2010/12/20 11:13:34.0227 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys

2010/12/20 11:13:34.0243 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys

2010/12/20 11:13:34.0274 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys

2010/12/20 11:13:34.0305 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys

2010/12/20 11:13:34.0321 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys

2010/12/20 11:13:34.0383 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys

2010/12/20 11:13:34.0414 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys

2010/12/20 11:13:34.0461 HECI (88a67c34e37186665e916fd347b50d19) C:\windows\system32\DRIVERS\HECI.sys

2010/12/20 11:13:34.0492 HidBatt (748031ff4fe45ccc47546294905feab8) C:\windows\system32\DRIVERS\HidBatt.sys

2010/12/20 11:13:34.0508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys

2010/12/20 11:13:34.0571 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys

2010/12/20 11:13:34.0649 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys

2010/12/20 11:13:34.0664 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\windows\system32\DRIVERS\i81xnt5.sys

2010/12/20 11:13:34.0711 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\windows\system32\DRIVERS\wADV01nt.sys

2010/12/20 11:13:34.0727 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\windows\system32\DRIVERS\wADV02NT.sys

2010/12/20 11:13:34.0742 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\windows\system32\DRIVERS\wADV05NT.sys

2010/12/20 11:13:34.0774 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\windows\system32\DRIVERS\wSiINTxx.sys

2010/12/20 11:13:34.0789 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\windows\system32\DRIVERS\wVchNTxx.sys

2010/12/20 11:13:34.0867 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\windows\system32\DRIVERS\wADV07nt.sys

2010/12/20 11:13:34.0883 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\windows\system32\DRIVERS\wADV08nt.sys

2010/12/20 11:13:34.0899 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\windows\system32\DRIVERS\wADV09nt.sys

2010/12/20 11:13:34.0946 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\windows\system32\DRIVERS\wATV01nt.sys

2010/12/20 11:13:34.0977 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\windows\system32\DRIVERS\wATV02NT.sys

2010/12/20 11:13:35.0008 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\windows\system32\DRIVERS\wATV04nt.sys

2010/12/20 11:13:35.0024 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\windows\system32\DRIVERS\wCh7xxNT.sys

2010/12/20 11:13:35.0055 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\windows\system32\DRIVERS\wATV10nt.sys

2010/12/20 11:13:35.0086 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\windows\system32\DRIVERS\wATV06nt.sys

2010/12/20 11:13:35.0227 ialm (d0190bbb1b577589548aba94e66d6838) C:\windows\system32\DRIVERS\igxpmp32.sys

2010/12/20 11:13:35.0399 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

2010/12/20 11:13:35.0430 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\windows\system32\DRIVERS\IFXTPM.SYS

2010/12/20 11:13:35.0477 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys

2010/12/20 11:13:35.0633 IntcAzAudAddService (744a7507d7a69a2a54638b8e5b630c0b) C:\windows\system32\drivers\RtkHDAud.sys

2010/12/20 11:13:35.0711 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys

2010/12/20 11:13:35.0727 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys

2010/12/20 11:13:35.0774 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys

2010/12/20 11:13:35.0789 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys

2010/12/20 11:13:35.0805 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys

2010/12/20 11:13:35.0836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys

2010/12/20 11:13:35.0899 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys

2010/12/20 11:13:35.0914 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys

2010/12/20 11:13:35.0977 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys

2010/12/20 11:13:36.0024 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\windows\system32\drivers\iviaspi.sys

2010/12/20 11:13:36.0070 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys

2010/12/20 11:13:36.0102 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys

2010/12/20 11:13:36.0148 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys

2010/12/20 11:13:36.0180 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys

2010/12/20 11:13:36.0320 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2010/12/20 11:13:36.0398 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\windows\system32\drivers\LMIRfsDriver.sys

2010/12/20 11:13:36.0445 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys

2010/12/20 11:13:36.0461 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys

2010/12/20 11:13:36.0523 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys

2010/12/20 11:13:36.0570 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys

2010/12/20 11:13:36.0602 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys

2010/12/20 11:13:36.0633 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys

2010/12/20 11:13:36.0664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys

2010/12/20 11:13:36.0711 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys

2010/12/20 11:13:36.0742 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys

2010/12/20 11:13:36.0805 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys

2010/12/20 11:13:36.0852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys

2010/12/20 11:13:36.0930 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys

2010/12/20 11:13:36.0961 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys

2010/12/20 11:13:36.0976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys

2010/12/20 11:13:37.0023 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys

2010/12/20 11:13:37.0086 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys

2010/12/20 11:13:37.0148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys

2010/12/20 11:13:37.0164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys

2010/12/20 11:13:37.0226 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys

2010/12/20 11:13:37.0336 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101220.002\naveng.sys

2010/12/20 11:13:37.0383 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101220.002\navex15.sys

2010/12/20 11:13:37.0508 NDIS (8716356e49a665bdc7b114725b60a456) C:\windows\system32\drivers\NDIS.sys

2010/12/20 11:13:37.0570 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys

2010/12/20 11:13:37.0601 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys

2010/12/20 11:13:37.0633 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\windows\system32\DRIVERS\ndiswan.sys

2010/12/20 11:13:37.0711 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys

2010/12/20 11:13:37.0758 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys

2010/12/20 11:13:37.0773 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys

2010/12/20 11:13:37.0820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys

2010/12/20 11:13:37.0867 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys

2010/12/20 11:13:37.0914 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys

2010/12/20 11:13:37.0945 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys

2010/12/20 11:13:37.0961 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys

2010/12/20 11:13:38.0008 P3 (c90018bafdc7098619a4a95b046b30f3) C:\windows\system32\DRIVERS\p3.sys

2010/12/20 11:13:38.0039 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys

2010/12/20 11:13:38.0070 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys

2010/12/20 11:13:38.0101 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys

2010/12/20 11:13:38.0117 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys

2010/12/20 11:13:38.0164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys

2010/12/20 11:13:38.0211 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys

2010/12/20 11:13:38.0398 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys

2010/12/20 11:13:38.0414 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys

2010/12/20 11:13:38.0461 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys

2010/12/20 11:13:38.0586 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys

2010/12/20 11:13:38.0601 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys

2010/12/20 11:13:38.0632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys

2010/12/20 11:13:38.0664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys

2010/12/20 11:13:38.0695 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys

2010/12/20 11:13:38.0726 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys

2010/12/20 11:13:38.0757 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys

2010/12/20 11:13:38.0804 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys

2010/12/20 11:13:38.0867 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys

2010/12/20 11:13:38.0914 regi (001b4278407f4303efc902a2b16f2453) C:\windows\system32\drivers\regi.sys

2010/12/20 11:13:39.0039 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/12/20 11:13:39.0070 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/12/20 11:13:39.0179 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys

2010/12/20 11:13:39.0226 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys

2010/12/20 11:13:39.0242 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys

2010/12/20 11:13:39.0273 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys

2010/12/20 11:13:39.0414 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/12/20 11:13:39.0523 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys

2010/12/20 11:13:39.0554 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys

2010/12/20 11:13:39.0617 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys

2010/12/20 11:13:39.0648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys

2010/12/20 11:13:39.0664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys

2010/12/20 11:13:39.0726 symc810 (1ff3217614018630d0a6758630fc698c) C:\windows\system32\DRIVERS\symc810.sys

2010/12/20 11:13:39.0742 symc8xx (070e001d95cf725186ef8b20335f933c) C:\windows\system32\DRIVERS\symc8xx.sys

2010/12/20 11:13:39.0789 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/12/20 11:13:39.0820 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\windows\system32\DRIVERS\symmpi.sys

2010/12/20 11:13:39.0867 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\windows\System32\Drivers\SYMREDRV.SYS

2010/12/20 11:13:39.0898 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\windows\System32\Drivers\SYMTDI.SYS

2010/12/20 11:13:39.0929 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\windows\system32\DRIVERS\sym_hi.sys

2010/12/20 11:13:39.0976 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\windows\system32\DRIVERS\sym_u3.sys

2010/12/20 11:13:40.0007 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys

2010/12/20 11:13:40.0101 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys

2010/12/20 11:13:40.0148 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys

2010/12/20 11:13:40.0163 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys

2010/12/20 11:13:40.0195 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys

2010/12/20 11:13:40.0257 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys

2010/12/20 11:13:40.0367 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys

2010/12/20 11:13:40.0398 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys

2010/12/20 11:13:40.0429 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys

2010/12/20 11:13:40.0460 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys

2010/12/20 11:13:40.0492 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys

2010/12/20 11:13:40.0523 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS

2010/12/20 11:13:40.0570 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys

2010/12/20 11:13:40.0617 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys

2010/12/20 11:13:40.0648 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\DRIVERS\viaide.sys

2010/12/20 11:13:40.0679 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys

2010/12/20 11:13:40.0726 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys

2010/12/20 11:13:40.0773 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys

2010/12/20 11:13:40.0851 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\windows\system32\DRIVERS\wmiacpi.sys

2010/12/20 11:13:40.0898 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/20 11:13:40.0898 ================================================================================

2010/12/20 11:13:40.0898 Scan finished

2010/12/20 11:13:40.0898 ================================================================================

2010/12/20 11:13:40.0913 Detected object count: 1

2010/12/20 11:14:14.0314 \HardDisk0 - will be cured after reboot

2010/12/20 11:14:14.0314 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/20 11:14:22.0798 Deinitialize success

Link to post
Share on other sites

Didn't find anything this time around. Was able to turn on automatic updates without any problem.

2010/12/20 12:06:09.0479 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/20 12:06:09.0479 ================================================================================

2010/12/20 12:06:09.0479 SystemInfo:

2010/12/20 12:06:09.0479

2010/12/20 12:06:09.0479 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/20 12:06:09.0479 Product type: Workstation

2010/12/20 12:06:09.0479 ComputerName: BRANCH208

2010/12/20 12:06:09.0479 UserName: branch202

2010/12/20 12:06:09.0479 Windows directory: C:\windows

2010/12/20 12:06:09.0479 System windows directory: C:\windows

2010/12/20 12:06:09.0479 Processor architecture: Intel x86

2010/12/20 12:06:09.0479 Number of processors: 2

2010/12/20 12:06:09.0479 Page size: 0x1000

2010/12/20 12:06:09.0479 Boot type: Normal boot

2010/12/20 12:06:09.0479 ================================================================================

2010/12/20 12:06:09.0682 Initialize success

2010/12/20 12:06:12.0682 ================================================================================

2010/12/20 12:06:12.0682 Scan started

2010/12/20 12:06:12.0682 Mode: Manual;

2010/12/20 12:06:12.0682 ================================================================================

2010/12/20 12:06:13.0276 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\windows\system32\drivers\ac97intc.sys

2010/12/20 12:06:13.0307 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys

2010/12/20 12:06:13.0339 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys

2010/12/20 12:06:13.0386 adpu160m (9a11864873da202c996558b2106b0bbc) C:\windows\system32\DRIVERS\adpu160m.sys

2010/12/20 12:06:13.0417 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\windows\system32\DRIVERS\adpu320.sys

2010/12/20 12:06:13.0448 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys

2010/12/20 12:06:13.0511 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys

2010/12/20 12:06:13.0573 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\windows\system32\DRIVERS\aic78u2.sys

2010/12/20 12:06:13.0589 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\windows\system32\DRIVERS\aic78xx.sys

2010/12/20 12:06:13.0745 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys

2010/12/20 12:06:13.0792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys

2010/12/20 12:06:13.0823 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys

2010/12/20 12:06:13.0870 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys

2010/12/20 12:06:13.0886 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys

2010/12/20 12:06:13.0948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys

2010/12/20 12:06:13.0979 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys

2010/12/20 12:06:14.0011 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys

2010/12/20 12:06:14.0073 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys

2010/12/20 12:06:14.0167 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys

2010/12/20 12:06:14.0292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys

2010/12/20 12:06:14.0354 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys

2010/12/20 12:06:14.0432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys

2010/12/20 12:06:14.0464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys

2010/12/20 12:06:14.0479 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys

2010/12/20 12:06:14.0526 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\windows\system32\DRIVERS\dpti2o.sys

2010/12/20 12:06:14.0589 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys

2010/12/20 12:06:14.0620 E100B (3fca03cbca11269f973b70fa483c88ef) C:\windows\system32\DRIVERS\e100b325.sys

2010/12/20 12:06:14.0682 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\windows\system32\DRIVERS\e1k5132.sys

2010/12/20 12:06:14.0792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/12/20 12:06:14.0839 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/12/20 12:06:14.0964 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys

2010/12/20 12:06:15.0011 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys

2010/12/20 12:06:15.0026 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys

2010/12/20 12:06:15.0057 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys

2010/12/20 12:06:15.0073 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys

2010/12/20 12:06:15.0104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys

2010/12/20 12:06:15.0120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys

2010/12/20 12:06:15.0167 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys

2010/12/20 12:06:15.0214 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys

2010/12/20 12:06:15.0261 HECI (88a67c34e37186665e916fd347b50d19) C:\windows\system32\DRIVERS\HECI.sys

2010/12/20 12:06:15.0292 HidBatt (748031ff4fe45ccc47546294905feab8) C:\windows\system32\DRIVERS\HidBatt.sys

2010/12/20 12:06:15.0323 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys

2010/12/20 12:06:15.0354 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys

2010/12/20 12:06:15.0432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys

2010/12/20 12:06:15.0448 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\windows\system32\DRIVERS\i81xnt5.sys

2010/12/20 12:06:15.0479 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\windows\system32\DRIVERS\wADV01nt.sys

2010/12/20 12:06:15.0495 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\windows\system32\DRIVERS\wADV02NT.sys

2010/12/20 12:06:15.0511 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\windows\system32\DRIVERS\wADV05NT.sys

2010/12/20 12:06:15.0526 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\windows\system32\DRIVERS\wSiINTxx.sys

2010/12/20 12:06:15.0542 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\windows\system32\DRIVERS\wVchNTxx.sys

2010/12/20 12:06:15.0589 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\windows\system32\DRIVERS\wADV07nt.sys

2010/12/20 12:06:15.0604 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\windows\system32\DRIVERS\wADV08nt.sys

2010/12/20 12:06:15.0620 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\windows\system32\DRIVERS\wADV09nt.sys

2010/12/20 12:06:15.0667 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\windows\system32\DRIVERS\wATV01nt.sys

2010/12/20 12:06:15.0682 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\windows\system32\DRIVERS\wATV02NT.sys

2010/12/20 12:06:15.0682 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\windows\system32\DRIVERS\wATV04nt.sys

2010/12/20 12:06:15.0714 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\windows\system32\DRIVERS\wCh7xxNT.sys

2010/12/20 12:06:15.0729 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\windows\system32\DRIVERS\wATV10nt.sys

2010/12/20 12:06:15.0745 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\windows\system32\DRIVERS\wATV06nt.sys

2010/12/20 12:06:15.0870 ialm (d0190bbb1b577589548aba94e66d6838) C:\windows\system32\DRIVERS\igxpmp32.sys

2010/12/20 12:06:16.0011 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

2010/12/20 12:06:16.0042 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\windows\system32\DRIVERS\IFXTPM.SYS

2010/12/20 12:06:16.0089 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys

2010/12/20 12:06:16.0198 IntcAzAudAddService (744a7507d7a69a2a54638b8e5b630c0b) C:\windows\system32\drivers\RtkHDAud.sys

2010/12/20 12:06:16.0245 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys

2010/12/20 12:06:16.0276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys

2010/12/20 12:06:16.0276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys

2010/12/20 12:06:16.0307 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys

2010/12/20 12:06:16.0323 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys

2010/12/20 12:06:16.0370 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys

2010/12/20 12:06:16.0401 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys

2010/12/20 12:06:16.0417 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys

2010/12/20 12:06:16.0495 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys

2010/12/20 12:06:16.0526 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\windows\system32\drivers\iviaspi.sys

2010/12/20 12:06:16.0557 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys

2010/12/20 12:06:16.0604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys

2010/12/20 12:06:16.0651 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys

2010/12/20 12:06:16.0682 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys

2010/12/20 12:06:16.0823 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2010/12/20 12:06:16.0917 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\windows\system32\drivers\LMIRfsDriver.sys

2010/12/20 12:06:16.0979 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys

2010/12/20 12:06:16.0995 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys

2010/12/20 12:06:17.0026 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys

2010/12/20 12:06:17.0057 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys

2010/12/20 12:06:17.0089 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys

2010/12/20 12:06:17.0120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys

2010/12/20 12:06:17.0167 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys

2010/12/20 12:06:17.0214 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys

2010/12/20 12:06:17.0245 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys

2010/12/20 12:06:17.0292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys

2010/12/20 12:06:17.0323 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys

2010/12/20 12:06:17.0370 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys

2010/12/20 12:06:17.0401 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys

2010/12/20 12:06:17.0432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys

2010/12/20 12:06:17.0464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys

2010/12/20 12:06:17.0479 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys

2010/12/20 12:06:17.0511 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys

2010/12/20 12:06:17.0542 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys

2010/12/20 12:06:17.0651 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys

2010/12/20 12:06:17.0761 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101220.002\naveng.sys

2010/12/20 12:06:17.0807 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101220.002\navex15.sys

2010/12/20 12:06:17.0917 NDIS (8716356e49a665bdc7b114725b60a456) C:\windows\system32\drivers\NDIS.sys

2010/12/20 12:06:17.0948 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys

2010/12/20 12:06:17.0979 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys

2010/12/20 12:06:18.0026 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\windows\system32\DRIVERS\ndiswan.sys

2010/12/20 12:06:18.0057 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys

2010/12/20 12:06:18.0089 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys

2010/12/20 12:06:18.0120 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys

2010/12/20 12:06:18.0167 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys

2010/12/20 12:06:18.0214 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys

2010/12/20 12:06:18.0276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys

2010/12/20 12:06:18.0323 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys

2010/12/20 12:06:18.0339 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys

2010/12/20 12:06:18.0386 P3 (c90018bafdc7098619a4a95b046b30f3) C:\windows\system32\DRIVERS\p3.sys

2010/12/20 12:06:18.0417 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys

2010/12/20 12:06:18.0448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys

2010/12/20 12:06:18.0495 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys

2010/12/20 12:06:18.0511 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys

2010/12/20 12:06:18.0542 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys

2010/12/20 12:06:18.0589 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys

2010/12/20 12:06:18.0776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys

2010/12/20 12:06:18.0807 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys

2010/12/20 12:06:18.0839 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys

2010/12/20 12:06:18.0917 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys

2010/12/20 12:06:18.0932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys

2010/12/20 12:06:18.0979 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys

2010/12/20 12:06:19.0011 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys

2010/12/20 12:06:19.0042 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys

2010/12/20 12:06:19.0073 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys

2010/12/20 12:06:19.0120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys

2010/12/20 12:06:19.0167 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys

2010/12/20 12:06:19.0245 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys

2010/12/20 12:06:19.0276 regi (001b4278407f4303efc902a2b16f2453) C:\windows\system32\drivers\regi.sys

2010/12/20 12:06:19.0417 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/12/20 12:06:19.0432 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/12/20 12:06:19.0542 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys

2010/12/20 12:06:19.0604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys

2010/12/20 12:06:19.0620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys

2010/12/20 12:06:19.0667 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys

2010/12/20 12:06:19.0807 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/12/20 12:06:19.0854 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys

2010/12/20 12:06:19.0886 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys

2010/12/20 12:06:19.0948 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys

2010/12/20 12:06:19.0979 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys

2010/12/20 12:06:19.0995 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys

2010/12/20 12:06:20.0042 symc810 (1ff3217614018630d0a6758630fc698c) C:\windows\system32\DRIVERS\symc810.sys

2010/12/20 12:06:20.0057 symc8xx (070e001d95cf725186ef8b20335f933c) C:\windows\system32\DRIVERS\symc8xx.sys

2010/12/20 12:06:20.0089 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/12/20 12:06:20.0120 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\windows\system32\DRIVERS\symmpi.sys

2010/12/20 12:06:20.0167 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\windows\System32\Drivers\SYMREDRV.SYS

2010/12/20 12:06:20.0198 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\windows\System32\Drivers\SYMTDI.SYS

2010/12/20 12:06:20.0229 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\windows\system32\DRIVERS\sym_hi.sys

2010/12/20 12:06:20.0245 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\windows\system32\DRIVERS\sym_u3.sys

2010/12/20 12:06:20.0292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys

2010/12/20 12:06:20.0354 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys

2010/12/20 12:06:20.0386 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys

2010/12/20 12:06:20.0401 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys

2010/12/20 12:06:20.0448 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys

2010/12/20 12:06:20.0511 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys

2010/12/20 12:06:20.0620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys

2010/12/20 12:06:20.0667 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys

2010/12/20 12:06:20.0714 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys

2010/12/20 12:06:20.0745 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys

2010/12/20 12:06:20.0776 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys

2010/12/20 12:06:20.0823 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS

2010/12/20 12:06:20.0870 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys

2010/12/20 12:06:20.0917 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys

2010/12/20 12:06:20.0964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\DRIVERS\viaide.sys

2010/12/20 12:06:20.0995 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys

2010/12/20 12:06:21.0057 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys

2010/12/20 12:06:21.0104 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys

2010/12/20 12:06:21.0182 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\windows\system32\DRIVERS\wmiacpi.sys

2010/12/20 12:06:21.0229 ================================================================================

2010/12/20 12:06:21.0229 Scan finished

2010/12/20 12:06:21.0229 ================================================================================

2010/12/20 12:06:49.0991 Deinitialize success

Link to post
Share on other sites

latest ComboFix log:

ComboFix 10-12-20.01 - branch202 12/20/2010 12:27:32.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3543.2823 [GMT -6:00]

Running from: c:\documents and settings\Branch202\Desktop\Combo-Fix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Oeminfo.ini

.

((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))

.

2010-12-20 16:00 . 2010-12-20 16:00 -------- d-----w- c:\documents and settings\Branch202\Local Settings\Application Data\Adobe

2010-12-19 02:58 . 2010-12-19 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-12-17 20:19 . 2010-12-17 20:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-12-17 20:17 . 2010-12-17 20:17 0 ----a-w- c:\windows\Axolihiki.bin

2010-12-17 15:40 . 2010-12-17 15:40 -------- d-----w- c:\documents and settings\Branch201\Application Data\yoclient

2010-12-10 18:08 . 2010-12-10 18:08 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-12-10 18:08 . 2010-12-10 18:08 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2010-12-02 13:17 . 2010-12-01 14:57 -------- d-----w- c:\documents and settings\Branch201\Application Data\HP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-08 19:12 . 2010-04-14 15:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-12-08 19:11 . 2010-04-14 15:08 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2010-12-08 19:11 . 2010-04-14 15:08 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-12-08 19:11 . 2010-04-14 15:08 87424 ----a-w- c:\windows\system32\LMIinit.dll

2010-11-29 23:42 . 2010-09-08 17:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 23:42 . 2010-09-08 17:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-30 15:10 . 2010-04-14 15:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2010-09-30 15:10 . 2010-04-14 15:08 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

.

((((((((((((((((((((((((((((( SnapShot@2010-12-20_15.46.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-20 17:30 . 2010-12-20 17:30 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat

+ 2009-04-06 14:51 . 2010-12-20 17:36 72050 c:\windows\system32\perfc009.dat

- 2009-04-06 14:51 . 2010-12-20 15:46 72050 c:\windows\system32\perfc009.dat

+ 2009-04-06 14:51 . 2010-12-20 17:36 443918 c:\windows\system32\perfh009.dat

- 2009-04-06 14:51 . 2010-12-20 15:46 443918 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]

"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]

"RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]

"MVIClientEngineController"="c:\program files\MVi\Client Engine\ClientPostSvcController.exe" [2008-09-15 196608]

"MViRCS"="c:\program files\MVi\RCS\rcs.exe" [2010-01-06 868352]

"ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2005-05-27 188416]

"MVIHotKey"="c:\program files\MVi\Hotkey\MVI_HotKey.exe" [2010-02-10 442368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-9 221247]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 9:10 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 2:09 PM 12856]

R2 MVi Client Engine;MVi Client Engine;c:\program files\MVi\Client Engine\ClientEngine.exe [9/17/2008 12:59 PM 122880]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/19/2010 6:35 PM 635416]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]

R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [6/13/2009 10:33 AM 81920]

R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [6/4/2009 10:49 AM 73728]

R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [4/5/2010 1:19 PM 77824]

R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [4/30/2009 6:46 PM 77824]

R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [6/4/2009 10:51 AM 81920]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/19/2010 6:30 PM 2066968]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/19/2010 7:19 PM 149600]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2010 7:22 PM 102448]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 11:46 AM 44800]

S2 0066661269268390mcinstcleanup;McAfee Application Installer Cleanup (0066661269268390);c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: {35C78FE6-06D2-488A-96C9-85F0E6A15281} = 10.8.2.8,10.8.1.8

DPF: {737B4809-A1B0-4A96-82AC-124040809EF1} - hxxp://suite.cu08/shared/BranchUtil.CAB

DPF: {9CF59D67-FABF-43BB-885B-68E9D6D340F0} - hxxp://suite.cu08/shared/SummitCSCS.CAB

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-20 12:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1236)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2010-12-20 12:31:54

ComboFix-quarantined-files.txt 2010-12-20 18:31

ComboFix2.txt 2010-12-20 15:51

Pre-Run: 141,412,642,816 bytes free

Post-Run: 141,414,428,672 bytes free

- - End Of File - - 0BD5C1EE0E4EE097B2749A26EE591EF9

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :)

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Sorry to keep bothering you. There is one lingering effect that I can't seem to get corrected. Something is happening to turn off my automatic updates approximately every 15 minutes and Windows Security Center pops up in the lower right saying that I might not be fully protected because automatic updates have been turned off. How do I fix this so that it's always on? And why does it keep shutting off?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.