Jump to content

LlamaLord

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. LlamaLord
    I have check that the settings are fine...I just uninstalled and reinstalled the wireless and wired on this now i am seeing it just trying to get an ip now...
  2. LlamaLord
    After Removing a virus i have got the Limited or no connectivity i have tried a few things but nothing works...any one have anything? --==COMBOFIX==-- ComboFix 11-01-06.06 - Greg Sullivan 01/07/2011 9:11.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2614 [GMT -5:00] Running from: c:\documents and settings\Greg Sullivan\Desktop\ComboFix.exe AV: Norton 360 Premier Edition *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Greg Sullivan\Application Data\completescan c:\documents and settings\Greg Sullivan\Application Data\dkfjasdfshd.bat c:\documents and settings\Greg Sullivan\Application Data\install c:\documents and settings\Greg Sullivan\Desktop\ThinkPoint.lnk c:\documents and settings\Greg Sullivan\Start Menu\Programs\ThinkPoint.lnk c:\program files\Shared c:\program files\Shared\lib.sig c:\windows\system32\2947581844.dat c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 ))))))))))))))))))))))))))))))) . 2010-12-08 17:29 . 2010-12-08 17:29 -------- d-----w- C:\found.000 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-04-30 13:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Greg Sullivan^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] path=c:\documents and settings\Greg Sullivan\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus NX400 Series] 2007-12-17 06:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEGA.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] 2009-02-27 10:40 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] 2009-02-27 11:22 1368064 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-05-25 12:07 8429568 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-05-25 12:07 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-15 14:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2007-05-23 16:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant] 2009-09-01 14:41 499768 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "YahooAUService"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "SWIHPWMI"=2 (0x2) "stllssvr"=3 (0x3) "SQLWriter"=3 (0x3) "S24EventMonitor"=2 (0x2) "RoxWatch9"=2 (0x2) "RoxMediaDB9"=3 (0x3) "RoxLiveShare9"=2 (0x2) "Roxio Upnp Server 9"=2 (0x2) "Roxio UPnP Renderer 9"=3 (0x3) "RegSrvc"=2 (0x2) "PersonalSecureDriveService"=2 (0x2) "pdfcDispatcher"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NVSvc"=2 (0x2) "N360"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "IviRegMgr"=2 (0x2) "iPod Service"=3 (0x3) "ImapiService"=3 (0x3) "IFXTCS"=2 (0x2) "IFXSpMgtSrv"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "hpqwmiex"=3 (0x3) "HpFkCryptService"=2 (0x2) "gusvc"=3 (0x3) "gupdate"=2 (0x2) "FLCDLOCK"=3 (0x3) "EvtEng"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "a2free"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [4/26/2007 7:23 PM 100095] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/29/2007 4:54 PM 13696] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/3/2010 8:42 AM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/3/2010 8:42 AM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/3/2010 8:42 AM 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101201.001\IDSXpx86.sys [12/7/2010 10:23 AM 341944] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [4/18/2007 2:32 PM 39080] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [4/26/2007 7:23 PM 5808] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 7:00 AM 14336] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/7/2010 11:30 AM 102448] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/9/2008 12:58 PM 41216] R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [12/9/2008 1:06 PM 47616] S1 CorexCardScan500;Corex CardScan 500;c:\windows\system32\drivers\SLCOREX.SYS [12/15/2008 1:11 PM 17448] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\GREGSU~1\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\GREGSU~1\LOCALS~1\Temp\superas\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\GREGSU~1\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\GREGSU~1\LOCALS~1\Temp\superas\SASKUTIL.sys [?] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 1:13 PM 30008] S3 SASENUM;SASENUM;\??\c:\docume~1\GREGSU~1\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\GREGSU~1\LOCALS~1\Temp\superas\SASENUM.SYS [?] S4 a2free;a-squared Free Service;"c:\docume~1\GREGSU~1\LOCALS~1\TEMP\A2FREE\a2service.exe" --> c:\docume~1\GREGSU~1\LOCALS~1\TEMP\A2FREE\a2service.exe [?] S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 8:28 AM 172131] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 7:47 PM 135664] S4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [4/27/2007 10:58 AM 221184] S4 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [2/3/2010 8:42 AM 117640] S4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12/9/2008 1:27 PM 540448] S4 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder 2010-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 00:47] 2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 00:47] 2011-01-07 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] 2011-01-07 c:\windows\Tasks\User_Feed_Synchronization-{F9FEEA85-1B2F-4052-8C68-F9EF0A5F8B75}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyServer = http=127.0.0.1:27811 . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) MSConfigStartUp-ipoxulfd - c:\docume~1\GREGSU~1\LOCALS~1\Temp\fjskngnvl\fhmfdtulanw.exe MSConfigStartUp-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe MSConfigStartUp-shcxiooj - c:\documents and settings\Greg Sullivan\Local Settings\Application Data\mkttvieky\iprkcyttssd.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-07 09:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1376) c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\windows\SbHpNp.DLL c:\windows\system32\DeviceNP.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll - - - - - - - > 'explorer.exe'(3980) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Hewlett-Packard\IAM\bin\asghost.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-01-07 09:21:36 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-07 14:21 Pre-Run: 118,986,969,088 bytes free Post-Run: 118,880,968,704 bytes free - - End Of File - - B4A4E2B206F3732B9A5DA9B0F9ADFAB9 --==HIJACKTHIS==-- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:51:11 AM, on 1/7/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\ifxspmgt.exe C:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\IfxPsdSv.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe F:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:27811 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228942843203 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing) O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\DOCUME~1\GREGSU~1\LOCALS~1\TEMP\A2FREE\a2service.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10922 bytes Thanks!
  3. LlamaLord
    Did that but still Malwarebytes opens for a few secs and closes...anything else?
  4. LlamaLord
    I delete the file and uninstalled combofix but i am still not able to run Malwarebytes???
  5. LlamaLord
    ComboFix 10-12-08.04 - plongley 12/09/2010 13:19:51.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1413 [GMT -5:00] Running from: c:\documents and settings\plongley\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\plongley\g2ax_customer_downloadhelper_win32_x86.exe . ((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 ))))))))))))))))))))))))))))))) . 2010-12-09 16:45 . 2010-12-09 16:45 -------- d-----w- c:\documents and settings\plongley\Application Data\Auslogics 2010-12-09 14:15 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-12-09 14:15 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-12-09 14:15 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-12-09 14:15 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-12-09 14:14 . 2010-12-09 18:15 -------- d-----w- c:\program files\Spyware Doctor 2010-12-09 14:14 . 2010-12-09 14:15 -------- d-----w- c:\program files\Common Files\PC Tools 2010-12-09 14:14 . 2010-12-09 14:14 -------- d-----w- c:\documents and settings\plongley\Application Data\PC Tools 2010-12-08 16:48 . 2010-12-08 16:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-12-08 16:24 . 2010-12-09 18:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-12-08 16:23 . 2010-12-09 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-12-08 16:22 . 2010-12-09 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-12-08 15:23 . 2010-12-08 15:23 -------- d-----w- c:\windows\system32\%APPDATA% 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\documents and settings\plongley\Application Data\SUPERAntiSpyware.com 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-08 15:14 . 2010-12-08 15:15 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\program files\Auslogics 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\program files\CCleaner 2010-12-08 15:12 . 2010-12-08 15:12 -------- d-----w- c:\program files\Citrix 2010-12-08 15:12 . 2010-12-08 15:12 -------- d-----w- c:\documents and settings\plongley\Local Settings\Application Data\Citrix 2010-12-07 21:15 . 2010-12-08 16:44 0 ----a-w- c:\windows\Lsihevinuyoz.bin 2010-12-07 21:15 . 2010-12-08 21:01 -------- d-----w- c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((( SnapShot@2010-12-08_21.02.58 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-30 39408] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer] 2010-12-08 15:12 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\0\0] "Script"=Recap.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\1\0] "Script"=AssessorPSK.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\2\0] "Script"=Public.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2009-06-17 15:53 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-09-07 10:22 166424 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-09-07 10:22 141848 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-09-07 10:22 137752 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2006-05-12 20:50 1138688 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-31 22:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-07-10 18:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] 2003-11-20 19:01 525824 ----a-w- c:\program files\Compaq\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2007-08-08 18:13 831488 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-07-10 04:39 1036288 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec AntiVirus"=2 (0x2) "SNAC"=3 (0x3) "SmcService"=2 (0x2) "PCA"=2 (0x2) "McComponentHostService"=3 (0x3) "LiveUpdate"=3 (0x3) "IviRegMgr"=2 (0x2) "idsvc"=3 (0x3) "GoToAssist Express Customer"=3 (0x3) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448] S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_service.exe Start=service [x] S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608] S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-29 38224] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBAMSWISSARMY [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-12-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-30 16:22] 2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 15:48] 2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 15:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-09 13:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\wininet.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll c:\windows\System32\wshtcpip.dll - - - - - - - > 'lsass.exe'(752) c:\windows\system32\wininet.dll . Completion time: 2010-12-09 13:40:46 ComboFix-quarantined-files.txt 2010-12-09 18:40 ComboFix2.txt 2010-12-08 21:06 Pre-Run: 51,558,719,488 bytes free Post-Run: 51,604,090,880 bytes free - - End Of File - - 291F006AD2C885F2AA4D7F40313BF52B
  6. LlamaLord
    Combo fix is running... but i do get this error "PEV.cfxxe encountered a problem and needs to close." What could this be?
  7. LlamaLord
    Hello Thanks for the reply! 2010/12/09 11:41:09.0596 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40 2010/12/09 11:41:09.0596 ================================================================================ 2010/12/09 11:41:09.0596 SystemInfo: 2010/12/09 11:41:09.0596 2010/12/09 11:41:09.0596 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/09 11:41:09.0596 Product type: Workstation 2010/12/09 11:41:09.0596 ComputerName: ASSESSOR-11 2010/12/09 11:41:09.0596 UserName: plongley 2010/12/09 11:41:09.0596 Windows directory: C:\WINDOWS 2010/12/09 11:41:09.0596 System windows directory: C:\WINDOWS 2010/12/09 11:41:09.0596 Processor architecture: Intel x86 2010/12/09 11:41:09.0596 Number of processors: 2 2010/12/09 11:41:09.0596 Page size: 0x1000 2010/12/09 11:41:09.0596 Boot type: Normal boot 2010/12/09 11:41:09.0596 ================================================================================ 2010/12/09 11:41:09.0737 Initialize success 2010/12/09 11:41:12.0972 ================================================================================ 2010/12/09 11:41:12.0972 Scan started 2010/12/09 11:41:12.0972 Mode: Manual; 2010/12/09 11:41:12.0972 ================================================================================ 2010/12/09 11:41:14.0331 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 2010/12/09 11:41:14.0425 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/09 11:41:14.0440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/09 11:41:14.0487 ADIHdAudAddService (53b29a84f5105a6d887b662188c93503) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2010/12/09 11:41:14.0550 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/12/09 11:41:14.0597 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys 2010/12/09 11:41:14.0628 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys 2010/12/09 11:41:14.0659 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/09 11:41:14.0737 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/09 11:41:14.0815 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/12/09 11:41:14.0847 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/12/09 11:41:15.0034 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/09 11:41:15.0128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/09 11:41:15.0159 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/09 11:41:15.0253 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/09 11:41:15.0347 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/09 11:41:15.0659 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/09 11:41:15.0800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/09 11:41:15.0878 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/09 11:41:15.0909 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/09 11:41:16.0128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/09 11:41:16.0206 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/09 11:41:16.0269 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/09 11:41:16.0315 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/09 11:41:16.0362 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/09 11:41:16.0456 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/12/09 11:41:16.0503 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/09 11:41:16.0644 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/12/09 11:41:16.0769 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2010/12/09 11:41:16.0894 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/12/09 11:41:16.0940 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/12/09 11:41:17.0034 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/09 11:41:17.0081 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/12/09 11:41:17.0159 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/09 11:41:17.0222 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/12/09 11:41:17.0284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/12/09 11:41:17.0362 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/09 11:41:17.0440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/09 11:41:17.0519 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/09 11:41:17.0597 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/09 11:41:17.0690 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys 2010/12/09 11:41:17.0769 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/09 11:41:17.0878 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/09 11:41:17.0987 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/12/09 11:41:18.0066 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 2010/12/09 11:41:18.0144 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 2010/12/09 11:41:18.0191 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 2010/12/09 11:41:18.0222 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 2010/12/09 11:41:18.0284 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 2010/12/09 11:41:18.0316 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 2010/12/09 11:41:18.0362 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys 2010/12/09 11:41:18.0394 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys 2010/12/09 11:41:18.0425 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys 2010/12/09 11:41:18.0487 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 2010/12/09 11:41:18.0503 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 2010/12/09 11:41:18.0550 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 2010/12/09 11:41:18.0644 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 2010/12/09 11:41:18.0706 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys 2010/12/09 11:41:18.0737 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys 2010/12/09 11:41:18.0925 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/12/09 11:41:19.0050 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 2010/12/09 11:41:19.0112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/09 11:41:19.0191 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/12/09 11:41:19.0253 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/09 11:41:19.0316 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/12/09 11:41:19.0409 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/09 11:41:19.0472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/09 11:41:19.0566 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/09 11:41:19.0675 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/09 11:41:19.0722 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/09 11:41:19.0769 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/09 11:41:19.0800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/09 11:41:19.0847 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/12/09 11:41:19.0894 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/09 11:41:19.0941 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/09 11:41:20.0003 MBAMSwissArmy (e74dc2f3f9675a6025a4aa020edd4341) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010/12/09 11:41:20.0050 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/09 11:41:20.0128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/09 11:41:20.0175 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/09 11:41:20.0237 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/12/09 11:41:20.0316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/09 11:41:20.0378 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/09 11:41:20.0456 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/09 11:41:20.0519 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/09 11:41:20.0550 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/09 11:41:20.0566 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/09 11:41:20.0581 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/09 11:41:20.0659 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/09 11:41:20.0737 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/09 11:41:20.0862 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101208.002\NAVENG.SYS 2010/12/09 11:41:20.0909 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101208.002\NAVEX15.SYS 2010/12/09 11:41:21.0144 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/09 11:41:21.0206 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/09 11:41:21.0269 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/09 11:41:21.0331 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/09 11:41:21.0394 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/09 11:41:21.0472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/09 11:41:21.0566 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/09 11:41:21.0613 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/09 11:41:21.0675 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/09 11:41:21.0691 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/09 11:41:21.0738 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/09 11:41:21.0769 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/09 11:41:21.0894 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 2010/12/09 11:41:22.0066 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/12/09 11:41:22.0159 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/09 11:41:22.0191 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/09 11:41:22.0238 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/09 11:41:22.0331 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/09 11:41:22.0394 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/09 11:41:22.0472 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys 2010/12/09 11:41:22.0956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/09 11:41:23.0003 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/09 11:41:23.0097 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/09 11:41:23.0409 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/09 11:41:23.0503 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/09 11:41:23.0534 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/09 11:41:23.0581 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/09 11:41:23.0675 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/09 11:41:23.0722 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/09 11:41:23.0784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/12/09 11:41:23.0847 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/09 11:41:23.0941 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/09 11:41:24.0050 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/12/09 11:41:24.0113 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/12/09 11:41:24.0222 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/09 11:41:24.0300 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/09 11:41:24.0394 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/09 11:41:24.0456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/09 11:41:24.0597 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/12/09 11:41:24.0691 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/09 11:41:24.0769 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/09 11:41:24.0878 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\WINDOWS\system32\Drivers\SRTSP.SYS 2010/12/09 11:41:24.0956 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\WINDOWS\system32\Drivers\SRTSPL.SYS 2010/12/09 11:41:25.0035 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\WINDOWS\system32\Drivers\SRTSPX.SYS 2010/12/09 11:41:25.0113 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/09 11:41:25.0160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/09 11:41:25.0222 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/09 11:41:25.0269 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/12/09 11:41:25.0300 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/12/09 11:41:25.0347 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/12/09 11:41:25.0394 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys 2010/12/09 11:41:25.0456 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2010/12/09 11:41:25.0613 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2010/12/09 11:41:25.0675 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/12/09 11:41:25.0706 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/12/09 11:41:25.0769 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/09 11:41:25.0894 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/09 11:41:25.0972 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/09 11:41:26.0019 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/09 11:41:26.0097 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/09 11:41:26.0238 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/09 11:41:26.0363 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/09 11:41:26.0425 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/09 11:41:26.0535 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/09 11:41:26.0597 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/12/09 11:41:26.0660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/09 11:41:26.0706 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/09 11:41:26.0800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/09 11:41:26.0878 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/12/09 11:41:26.0925 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/09 11:41:26.0972 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/09 11:41:27.0035 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/09 11:41:27.0175 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/12/09 11:41:27.0300 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2010/12/09 11:41:27.0456 ================================================================================ 2010/12/09 11:41:27.0456 Scan finished 2010/12/09 11:41:27.0456 ================================================================================ 2010/12/09 11:41:39.0816 Deinitialize success
  8. LlamaLord
    I did!
  9. LlamaLord
    I got the "Antimalware Doctor" Virus! I am unable to run Malwarebytes because after 5 seconds of having it open it closes. I have tried renameing the .exe file but that didnt help. I have ran TDSSKILLER.exe & ComboFix but after all that still not able to run malwarebytes. I have also ran S&D, Spyware Dr., & SuperAnti and they found a few things but still not able to run malwarebytes. Could anyone help? (TDSSKILLER) 2010/12/09 09:51:50.0689 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40 2010/12/09 09:51:50.0689 ================================================================================ 2010/12/09 09:51:50.0689 SystemInfo: 2010/12/09 09:51:50.0689 2010/12/09 09:51:50.0689 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/09 09:51:50.0689 Product type: Workstation 2010/12/09 09:51:50.0689 ComputerName: ASSESSOR-11 2010/12/09 09:51:50.0689 UserName: plongley 2010/12/09 09:51:50.0689 Windows directory: C:\WINDOWS 2010/12/09 09:51:50.0689 System windows directory: C:\WINDOWS 2010/12/09 09:51:50.0689 Processor architecture: Intel x86 2010/12/09 09:51:50.0689 Number of processors: 2 2010/12/09 09:51:50.0689 Page size: 0x1000 2010/12/09 09:51:50.0689 Boot type: Normal boot 2010/12/09 09:51:50.0689 ================================================================================ 2010/12/09 09:51:51.0611 Initialize success 2010/12/09 09:52:08.0377 ================================================================================ 2010/12/09 09:52:08.0377 Scan started 2010/12/09 09:52:08.0377 Mode: Manual; 2010/12/09 09:52:08.0377 ================================================================================ 2010/12/09 09:52:10.0299 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 2010/12/09 09:52:10.0690 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/09 09:52:11.0034 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/09 09:52:11.0253 ADIHdAudAddService (53b29a84f5105a6d887b662188c93503) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2010/12/09 09:52:11.0534 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/12/09 09:52:11.0690 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys 2010/12/09 09:52:11.0971 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys 2010/12/09 09:52:12.0206 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/09 09:52:12.0456 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/09 09:52:12.0784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/12/09 09:52:12.0987 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/12/09 09:52:14.0018 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/09 09:52:14.0315 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/09 09:52:14.0878 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/09 09:52:15.0159 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/09 09:52:15.0347 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/09 09:52:15.0847 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/09 09:52:16.0190 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/09 09:52:16.0378 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/09 09:52:16.0675 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/09 09:52:17.0925 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/09 09:52:18.0175 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/09 09:52:18.0831 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/09 09:52:19.0050 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/09 09:52:19.0175 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/09 09:52:19.0362 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/12/09 09:52:19.0519 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/09 09:52:19.0722 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/12/09 09:52:20.0034 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2010/12/09 09:52:20.0378 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/12/09 09:52:20.0628 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/12/09 09:52:20.0909 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/09 09:52:21.0113 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/12/09 09:52:21.0300 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/09 09:52:21.0503 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/12/09 09:52:21.0753 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/12/09 09:52:22.0003 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/09 09:52:22.0285 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/09 09:52:22.0410 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/09 09:52:22.0566 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/09 09:52:22.0831 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys 2010/12/09 09:52:23.0144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/09 09:52:23.0597 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/09 09:52:24.0332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/12/09 09:52:24.0488 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 2010/12/09 09:52:24.0722 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 2010/12/09 09:52:24.0863 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 2010/12/09 09:52:24.0972 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 2010/12/09 09:52:25.0191 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 2010/12/09 09:52:25.0269 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 2010/12/09 09:52:25.0332 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys 2010/12/09 09:52:25.0410 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys 2010/12/09 09:52:25.0519 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys 2010/12/09 09:52:25.0644 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 2010/12/09 09:52:25.0707 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 2010/12/09 09:52:25.0925 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 2010/12/09 09:52:26.0269 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 2010/12/09 09:52:26.0425 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys 2010/12/09 09:52:26.0519 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys 2010/12/09 09:52:27.0207 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/12/09 09:52:28.0269 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 2010/12/09 09:52:28.0551 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/09 09:52:28.0879 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/12/09 09:52:29.0066 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/09 09:52:29.0316 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/12/09 09:52:29.0551 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/09 09:52:29.0738 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/09 09:52:29.0988 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/09 09:52:30.0238 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/09 09:52:30.0457 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/09 09:52:30.0676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/09 09:52:30.0973 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/09 09:52:31.0113 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/12/09 09:52:31.0238 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/09 09:52:31.0457 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/09 09:52:31.0754 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/09 09:52:31.0910 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/09 09:52:32.0035 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/09 09:52:32.0192 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/12/09 09:52:32.0410 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/09 09:52:32.0660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/09 09:52:32.0863 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/09 09:52:33.0145 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/09 09:52:33.0301 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/09 09:52:33.0457 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/09 09:52:33.0582 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/09 09:52:34.0067 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/09 09:52:34.0489 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/09 09:52:34.0739 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101208.002\NAVENG.SYS 2010/12/09 09:52:34.0942 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101208.002\NAVEX15.SYS 2010/12/09 09:52:35.0520 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/09 09:52:35.0895 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/09 09:52:36.0082 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/09 09:52:36.0301 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/09 09:52:36.0395 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/09 09:52:36.0567 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/09 09:52:36.0817 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/09 09:52:37.0067 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/09 09:52:37.0270 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/09 09:52:37.0583 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/09 09:52:37.0708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/09 09:52:37.0973 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/09 09:52:38.0129 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 2010/12/09 09:52:38.0301 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/12/09 09:52:38.0520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/09 09:52:38.0754 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/09 09:52:38.0926 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/09 09:52:39.0098 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/09 09:52:39.0208 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/09 09:52:39.0348 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys 2010/12/09 09:52:40.0551 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/09 09:52:40.0692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/09 09:52:40.0848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/09 09:52:41.0645 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/09 09:52:41.0770 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/09 09:52:42.0052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/09 09:52:42.0177 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/09 09:52:42.0364 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/09 09:52:42.0536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/09 09:52:42.0645 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/12/09 09:52:42.0833 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/09 09:52:43.0036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/09 09:52:43.0302 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/12/09 09:52:43.0364 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/12/09 09:52:43.0661 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/09 09:52:43.0817 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/09 09:52:43.0942 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/09 09:52:44.0005 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/09 09:52:44.0458 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/12/09 09:52:44.0989 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/09 09:52:45.0255 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/09 09:52:45.0739 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\WINDOWS\system32\Drivers\SRTSP.SYS 2010/12/09 09:52:46.0333 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\WINDOWS\system32\Drivers\SRTSPL.SYS 2010/12/09 09:52:46.0458 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\WINDOWS\system32\Drivers\SRTSPX.SYS 2010/12/09 09:52:46.0583 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/09 09:52:46.0739 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/09 09:52:46.0927 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/09 09:52:47.0161 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/12/09 09:52:47.0349 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/12/09 09:52:47.0583 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/12/09 09:52:47.0927 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys 2010/12/09 09:52:48.0115 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2010/12/09 09:52:48.0318 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2010/12/09 09:52:48.0630 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/12/09 09:52:48.0786 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/12/09 09:52:48.0990 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/09 09:52:49.0240 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/09 09:52:49.0458 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/09 09:52:49.0677 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/09 09:52:49.0849 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/09 09:52:50.0083 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/09 09:52:50.0412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/09 09:52:50.0568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/09 09:52:50.0724 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/09 09:52:50.0818 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/12/09 09:52:50.0990 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/09 09:52:51.0193 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/09 09:52:51.0474 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/09 09:52:51.0693 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/12/09 09:52:51.0834 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/09 09:52:51.0959 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/09 09:52:52.0240 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/09 09:52:52.0349 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/12/09 09:52:52.0490 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2010/12/09 09:52:52.0537 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/12/09 09:52:52.0537 ================================================================================ 2010/12/09 09:52:52.0537 Scan finished 2010/12/09 09:52:52.0537 ================================================================================ 2010/12/09 09:52:52.0552 Detected object count: 1 2010/12/09 09:53:05.0178 \HardDisk0 - will be cured after reboot 2010/12/09 09:53:05.0178 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/12/09 09:53:52.0994 Deinitialize success (ComboFix) ComboFix 10-12-07.06 - plongley 12/08/2010 15:54:13.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1571 [GMT -5:00] Running from: c:\documents and settings\plongley\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\plongley\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk c:\documents and settings\plongley\g2ax_customer_downloadhelper_win32_x86.exe c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC}\chrome.manifest c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC}\chrome\content\_cfg.js c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC}\chrome\content\overlay.xul c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC}\install.rdf c:\documents and settings\plongley\Local Settings\Application Data\vma.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 ))))))))))))))))))))))))))))))) . 2010-12-08 16:48 . 2010-12-08 16:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-12-08 16:24 . 2010-12-08 16:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-12-08 16:23 . 2010-12-08 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-12-08 16:22 . 2010-12-08 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-12-08 15:23 . 2010-12-08 15:23 -------- d-----w- c:\program files\WhiteSmoke Translator 2010-12-08 15:23 . 2010-12-08 15:23 -------- d-----w- c:\windows\system32\%APPDATA% 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\documents and settings\plongley\Application Data\SUPERAntiSpyware.com 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-08 15:14 . 2010-12-08 15:15 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\program files\Auslogics 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\program files\CCleaner 2010-12-08 15:12 . 2010-12-08 15:12 -------- d-----w- c:\program files\Citrix 2010-12-08 15:12 . 2010-12-08 15:12 -------- d-----w- c:\documents and settings\plongley\Local Settings\Application Data\Citrix 2010-12-07 21:15 . 2010-12-08 16:44 0 ----a-w- c:\windows\Lsihevinuyoz.bin 2010-12-07 21:15 . 2010-12-08 21:01 -------- d-----w- c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-30 39408] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer] 2010-12-08 15:12 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\0\0] "Script"=Recap.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\1\0] "Script"=AssessorPSK.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\2\0] "Script"=Public.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2009-06-17 15:53 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-09-07 10:22 166424 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-09-07 10:22 141848 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-09-07 10:22 137752 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2006-05-12 20:50 1138688 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-31 22:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-07-10 18:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] 2003-11-20 19:01 525824 ----a-w- c:\program files\Compaq\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2007-08-08 18:13 831488 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-07-10 04:39 1036288 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec AntiVirus"=2 (0x2) "SNAC"=3 (0x3) "SmcService"=2 (0x2) "PCA"=2 (0x2) "McComponentHostService"=3 (0x3) "LiveUpdate"=3 (0x3) "IviRegMgr"=2 (0x2) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate"=2 (0x2) "GoToAssist Express Customer"=3 (0x3) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_service.exe Start=service [x] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448] S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-12-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-30 16:22] 2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 15:48] 2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 15:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab . - - - - ORPHANS REMOVED - - - - SafeBoot-Symantec Antvirus ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-08 16:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST380815AS rev.3.CHH -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D8B555]<< c:\docume~1\plongley\LOCALS~1\Temp\catchme.sys _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d917b0]; MOV EAX, [0x89d9182c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D66AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006d[0x89DCF258] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DC2940] \Driver\atapi[0x89DC1A08] -> IRP_MJ_CREATE -> 0x89D8B555 kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380815AS______________________________3.CHH___#523934575a51484820 2020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x89D8B39B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\wininet.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll - - - - - - - > 'lsass.exe'(736) c:\windows\system32\wininet.dll . Completion time: 2010-12-08 16:06:46 ComboFix-quarantined-files.txt 2010-12-08 21:06 Pre-Run: 51,585,847,296 bytes free Post-Run: 51,991,674,880 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 6D441FD1AA622DC782D1C7306B170A6D
  10. LlamaLord
    Can anyone help me? ComboFix 10-12-07.06 - plongley 12/08/2010 15:54:13.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1571 [GMT -5:00] Running from: c:\documents and settings\plongley\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\plongley\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk c:\documents and settings\plongley\g2ax_customer_downloadhelper_win32_x86.exe c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC}\chrome.manifest c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC}\chrome\content\_cfg.js c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC}\chrome\content\overlay.xul c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC}\install.rdf c:\documents and settings\plongley\Local Settings\Application Data\vma.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 ))))))))))))))))))))))))))))))) . 2010-12-08 16:48 . 2010-12-08 16:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-12-08 16:24 . 2010-12-08 16:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-12-08 16:23 . 2010-12-08 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-12-08 16:22 . 2010-12-08 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-12-08 15:23 . 2010-12-08 15:23 -------- d-----w- c:\program files\WhiteSmoke Translator 2010-12-08 15:23 . 2010-12-08 15:23 -------- d-----w- c:\windows\system32\%APPDATA% 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\documents and settings\plongley\Application Data\SUPERAntiSpyware.com 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-08 15:14 . 2010-12-08 15:15 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\program files\Auslogics 2010-12-08 15:14 . 2010-12-08 15:14 -------- d-----w- c:\program files\CCleaner 2010-12-08 15:12 . 2010-12-08 15:12 -------- d-----w- c:\program files\Citrix 2010-12-08 15:12 . 2010-12-08 15:12 -------- d-----w- c:\documents and settings\plongley\Local Settings\Application Data\Citrix 2010-12-07 21:15 . 2010-12-08 16:44 0 ----a-w- c:\windows\Lsihevinuyoz.bin 2010-12-07 21:15 . 2010-12-08 21:01 -------- d-----w- c:\documents and settings\plongley\Local Settings\Application Data\{7EC6E598-BB91-4222-8DBF-19824488A2FC} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-30 39408] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer] 2010-12-08 15:12 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\0\0] "Script"=Recap.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\1\0] "Script"=AssessorPSK.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1382972823-1946619634-1848903544-1789\Scripts\Logon\2\0] "Script"=Public.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2009-06-17 15:53 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-09-07 10:22 166424 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-09-07 10:22 141848 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-09-07 10:22 137752 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2006-05-12 20:50 1138688 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-31 22:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-07-10 18:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] 2003-11-20 19:01 525824 ----a-w- c:\program files\Compaq\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2007-08-08 18:13 831488 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-07-10 04:39 1036288 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec AntiVirus"=2 (0x2) "SNAC"=3 (0x3) "SmcService"=2 (0x2) "PCA"=2 (0x2) "McComponentHostService"=3 (0x3) "LiveUpdate"=3 (0x3) "IviRegMgr"=2 (0x2) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate"=2 (0x2) "GoToAssist Express Customer"=3 (0x3) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_service.exe Start=service [x] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448] S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-12-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-30 16:22] 2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 15:48] 2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 15:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab . - - - - ORPHANS REMOVED - - - - SafeBoot-Symantec Antvirus ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-08 16:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST380815AS rev.3.CHH -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D8B555]<< c:\docume~1\plongley\LOCALS~1\Temp\catchme.sys _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d917b0]; MOV EAX, [0x89d9182c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D66AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006d[0x89DCF258] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DC2940] \Driver\atapi[0x89DC1A08] -> IRP_MJ_CREATE -> 0x89D8B555 kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380815AS______________________________3.CHH___#523934575a51484820 2020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x89D8B39B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\wininet.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll - - - - - - - > 'lsass.exe'(736) c:\windows\system32\wininet.dll . Completion time: 2010-12-08 16:06:46 ComboFix-quarantined-files.txt 2010-12-08 21:06 Pre-Run: 51,585,847,296 bytes free Post-Run: 51,991,674,880 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 6D441FD1AA622DC782D1C7306B170A6D
  11. LlamaLord
    I just got this virus!!! i have tried follow most of this and i have ran combofix but when ever i open Malwarebytes after about 5 seconds it closes. I tried renaming it to .com but that still didnt fix the problem what should i do next...i feel like if i can get malwarebytes to run it will clean out my pc!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.