Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: I.E. Redirect


(!)

kwoodz's Avatar
kwoodz kwoodz is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
25-Mar-2012, 11:42 AM #1
I.E. Redirect
Hello,
Seems my computer is running very slow and my brouser often redirects to Happili, Askafriend, etc.
Please can you help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:14 AM, on 3/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Plustek\OpticFilm 7600i\QuickScan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Art Vandelay\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USREL/1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Art Vandelay\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: QuickScan (OpticFilm 7600i).lnk = C:\Program Files\Plustek\OpticFilm 7600i\QuickScan.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1268498763796
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 10433 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Art Vandelay at 9:51:38 on 2012-03-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.330 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Plustek\OpticFilm 7600i\QuickScan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.3.6\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.3.6\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\documents and settings\art vandelay\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicks~1.lnk - c:\program files\plustek\opticfilm 7600i\QuickScan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268498763796
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7D777827-33EE-4B5F-9EE1-15BA0181B136} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.3.6\CoIEPlg.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308030.006\SymEFA.sys [2011-11-1 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308030.006\BHDrvx86.sys [2011-11-1 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308030.006\cchpx86.sys [2011-11-1 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120323.002\IDSXpx86.sys [2012-3-23 356280]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.3.6\ccSvcHst.exe [2011-11-1 117648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-8 106104]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120323.023\NAVENG.SYS [2012-3-24 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120323.023\NAVEX15.SYS [2012-3-24 1576312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-3 136176]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-3 136176]
S4 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2009-9-30 34916]
.
=============== Created Last 30 ================
.
2012-03-25 14:47:49 -------- d--h--w- c:\windows\PIF
2012-03-22 16:30:12 -------- d-----w- C:\_AcroTemp
2012-03-13 15:22:45 -------- d-----w- c:\documents and settings\art vandelay\local settings\application data\Solid State Networks
2012-03-07 14:58:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-07 14:58:07 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 9:52:32.12 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-25 10:19:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD25 rev.02.0
Running: fr5i1ep6.exe; Driver: C:\DOCUME~1\ARTVAN~1\LOCALS~1\Temp\kxlyapog.sys

---- System - GMER 1.0.15 ----
SSDT 89698460 ZwAlertResumeThread
SSDT 89AF70D0 ZwAlertThread
SSDT 88B28D60 ZwAllocateVirtualMemory
SSDT 89881590 ZwAssignProcessToJobObject
SSDT 896C50A0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAF769130]
SSDT 88BC0BB0 ZwCreateMutant
SSDT 88AF4DA8 ZwCreateSymbolicLinkObject
SSDT 88B39358 ZwCreateThread
SSDT 8987C730 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAF7693B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAF769910]
SSDT 88B32E30 ZwDuplicateObject
SSDT 88BBFD20 ZwFreeVirtualMemory
SSDT 89703558 ZwImpersonateAnonymousToken
SSDT 89715340 ZwImpersonateThread
SSDT 896292A0 ZwLoadDriver
SSDT 88BBEEA8 ZwMapViewOfSection
SSDT 89713CA0 ZwOpenEvent
SSDT 88BA0DE8 ZwOpenProcess
SSDT 895CA120 ZwOpenProcessToken
SSDT 89894E70 ZwOpenSection
SSDT 88B32FC0 ZwOpenThread
SSDT 88AC4D28 ZwProtectVirtualMemory
SSDT 895DAB28 ZwResumeThread
SSDT 8991D668 ZwSetContextThread
SSDT 88BBCEC0 ZwSetInformationProcess
SSDT 89881008 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAF769B60]
SSDT 89ADE4A0 ZwSuspendProcess
SSDT 89930F68 ZwSuspendThread
SSDT 8966B1A8 ZwTerminateProcess
SSDT 89920350 ZwTerminateThread
SSDT 8991B1A8 ZwUnmapViewOfSection
SSDT 88B058C0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DCC 80504668 8 Bytes CALL A0D9007A
.text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 2 Bytes [28, AB]
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C8B360, 0x33026D, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB0B9DA00]
? C:\DOCUME~1\ARTVAN~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[648] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0096000C
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 03BA000A
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 046C000A
.text C:\WINDOWS\System32\svchost.exe[1428] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 047B000A
.text C:\WINDOWS\System32\svchost.exe[1428] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00B6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2544] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2812] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4220] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A07F5D20
Device A0805428
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\NetworkService\Cookies\4GB7WNSD.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\6OPZAX36.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\AZ5O54XO.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\GYQ3MPE9.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\42RN01YG.txt 4779 bytes
File C:\Documents and Settings\NetworkService\Cookies\JW7LP5FD.txt 178 bytes
File C:\Documents and Settings\NetworkService\Cookies\NNWHV187.txt 544 bytes
File C:\Documents and Settings\NetworkService\Cookies\DQF9KGA3.txt 796 bytes
File C:\Documents and Settings\NetworkService\Cookies\UCWAOGGT.txt 173 bytes
File C:\Documents and Settings\NetworkService\Cookies\B602KG3P.txt 226 bytes
File C:\Documents and Settings\NetworkService\Cookies\2JOV7YQR.txt 5161 bytes
File C:\Documents and Settings\NetworkService\Cookies\2PZ0K2K3.txt 1464 bytes
File C:\Documents and Settings\NetworkService\Cookies\LBLUG28V.txt 592 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\rtbs-srv[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\likebox[1].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\bullet[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\celebspin_com[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\get[2].png 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\httpErrorPagesScripts[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\navcancl[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\us_widget[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZTBAEY5\data_sync[1].htm 0 bytes
---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kwoodz's Avatar
kwoodz kwoodz is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
27-Mar-2012, 01:04 PM #2
Bump for a little help.....Thanks!
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,765 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
27-Mar-2012, 03:06 PM #3
Right-click MY COMPUTER, then click Properties.

What's listed in the

Computer:

section at the bottom of the "General" tab?

---------------------------------------------------------

When was the last time that you started

Malwarebytes Anti-Malware

and ran its update feature so it can update its definition files and update to the current version?

---------------------------------------------------------

Install the free version of

SUPERAntiSpyware 5.0.0.1146

Make sure to update its definition files during the install process.

Just install and update it and DON'T do anything else with it yet.

---------------------------------------------------------
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,580 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
27-Mar-2012, 04:07 PM #4
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
kwoodz's Avatar
kwoodz kwoodz is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
27-Mar-2012, 06:35 PM #5
Thanks for getting back to me!

In response to flavallee:

Computer Dell Precision T3400 2.00 GB Ram

Malwarebytes updated 3/24/2012 - last run 3/35/2012 7:57 AM

SUPERAntiSpyware downloaded w/latest definitions



In response to dvk01:

Here is the log from TDSSkiller.

17:20:03.0906 5088 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:20:05.0906 5088 ============================================================
17:20:05.0906 5088 Current date / time: 2012/03/27 17:20:05.0906
17:20:05.0906 5088 SystemInfo:
17:20:05.0906 5088
17:20:05.0906 5088 OS Version: 5.1.2600 ServicePack: 3.0
17:20:05.0906 5088 Product type: Workstation
17:20:05.0906 5088 ComputerName: DCM6JVH1
17:20:05.0906 5088 UserName: Art Vandelay
17:20:05.0906 5088 Windows directory: C:\WINDOWS
17:20:05.0906 5088 System windows directory: C:\WINDOWS
17:20:05.0906 5088 Processor architecture: Intel x86
17:20:05.0906 5088 Number of processors: 2
17:20:05.0906 5088 Page size: 0x1000
17:20:05.0906 5088 Boot type: Normal boot
17:20:05.0906 5088 ============================================================
17:20:06.0781 5088 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:20:06.0796 5088 \Device\Harddisk0\DR0:
17:20:06.0796 5088 MBR used
17:20:06.0796 5088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D1915B4
17:20:06.0875 5088 Initialize success
17:20:06.0875 5088 ============================================================
17:20:12.0578 2272 ============================================================
17:20:12.0578 2272 Scan started
17:20:12.0578 2272 Mode: Manual;
17:20:12.0578 2272 ============================================================
17:20:13.0765 2272 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:20:13.0765 2272 !SASCORE - ok
17:20:13.0984 2272 Abiosdsk - ok
17:20:14.0015 2272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:20:14.0046 2272 abp480n5 - ok
17:20:14.0265 2272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:20:14.0296 2272 ACPI - ok
17:20:14.0406 2272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:20:14.0406 2272 ACPIEC - ok
17:20:14.0453 2272 ADIHdAudAddService (de25fc7de3a464e455c0d0012757b0ac) C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:20:14.0453 2272 ADIHdAudAddService - ok
17:20:14.0484 2272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:20:14.0515 2272 adpu160m - ok
17:20:14.0562 2272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:20:14.0593 2272 aec - ok
17:20:14.0640 2272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:20:14.0671 2272 AFD - ok
17:20:14.0718 2272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:20:14.0734 2272 agp440 - ok
17:20:14.0734 2272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:20:14.0750 2272 agpCPQ - ok
17:20:14.0765 2272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:20:14.0765 2272 Aha154x - ok
17:20:14.0796 2272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:20:14.0796 2272 aic78u2 - ok
17:20:14.0796 2272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:20:14.0796 2272 aic78xx - ok
17:20:14.0843 2272 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:20:14.0859 2272 Alerter - ok
17:20:14.0859 2272 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:20:14.0875 2272 ALG - ok
17:20:14.0906 2272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:20:14.0953 2272 AliIde - ok
17:20:14.0984 2272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:20:15.0000 2272 alim1541 - ok
17:20:15.0000 2272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:20:15.0000 2272 amdagp - ok
17:20:15.0015 2272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:20:15.0015 2272 amsint - ok
17:20:15.0109 2272 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:20:15.0109 2272 Apple Mobile Device - ok
17:20:15.0203 2272 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:20:15.0218 2272 AppMgmt - ok
17:20:15.0281 2272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:20:15.0281 2272 asc - ok
17:20:15.0343 2272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:20:15.0343 2272 asc3350p - ok
17:20:15.0343 2272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:20:15.0343 2272 asc3550 - ok
17:20:15.0421 2272 ASFIPmon (6295dd28d0ecbc4e6e450c279fef5ed9) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
17:20:15.0421 2272 ASFIPmon - ok
17:20:15.0546 2272 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:20:15.0609 2272 aspnet_state - ok
17:20:15.0703 2272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:20:15.0703 2272 AsyncMac - ok
17:20:15.0734 2272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:20:15.0750 2272 atapi - ok
17:20:15.0750 2272 Atdisk - ok
17:20:15.0750 2272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:20:15.0750 2272 Atmarpc - ok
17:20:15.0812 2272 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:20:15.0812 2272 AudioSrv - ok
17:20:15.0828 2272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:20:15.0828 2272 audstub - ok
17:20:15.0859 2272 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:20:15.0859 2272 b57w2k - ok
17:20:15.0937 2272 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
17:20:15.0937 2272 BASFND - ok
17:20:16.0062 2272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:20:16.0078 2272 Beep - ok
17:20:16.0140 2272 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys
17:20:16.0156 2272 BHDrvx86 - ok
17:20:16.0203 2272 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:20:16.0234 2272 BITS - ok
17:20:16.0343 2272 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:20:16.0359 2272 Bonjour Service - ok
17:20:16.0453 2272 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:20:16.0453 2272 Browser - ok
17:20:16.0484 2272 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:20:16.0515 2272 BVRPMPR5 - ok
17:20:16.0593 2272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:20:16.0609 2272 cbidf - ok
17:20:16.0718 2272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:20:16.0718 2272 cbidf2k - ok
17:20:16.0859 2272 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys
17:20:16.0875 2272 ccHP - ok
17:20:17.0218 2272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:20:17.0234 2272 cd20xrnt - ok
17:20:17.0281 2272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:20:17.0281 2272 Cdaudio - ok
17:20:17.0328 2272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:20:17.0328 2272 Cdfs - ok
17:20:17.0375 2272 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:20:17.0406 2272 Cdrom - ok
17:20:17.0500 2272 Changer - ok
17:20:17.0531 2272 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:20:17.0546 2272 CiSvc - ok
17:20:17.0578 2272 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:20:17.0593 2272 ClipSrv - ok
17:20:17.0671 2272 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:17.0718 2272 clr_optimization_v2.0.50727_32 - ok
17:20:17.0781 2272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:20:17.0781 2272 CmdIde - ok
17:20:17.0781 2272 COMSysApp - ok
17:20:17.0828 2272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:20:17.0828 2272 Cpqarray - ok
17:20:17.0875 2272 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:20:17.0875 2272 CryptSvc - ok
17:20:17.0890 2272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:20:17.0890 2272 dac2w2k - ok
17:20:17.0906 2272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:20:17.0906 2272 dac960nt - ok
17:20:17.0937 2272 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:20:17.0937 2272 DcomLaunch - ok
17:20:17.0968 2272 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:20:17.0968 2272 Dhcp - ok
17:20:18.0000 2272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:20:18.0031 2272 Disk - ok
17:20:18.0031 2272 dmadmin - ok
17:20:18.0078 2272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:20:18.0093 2272 dmboot - ok
17:20:18.0125 2272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:20:18.0125 2272 dmio - ok
17:20:18.0125 2272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:20:18.0125 2272 dmload - ok
17:20:18.0171 2272 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:20:18.0171 2272 dmserver - ok
17:20:18.0203 2272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:20:18.0203 2272 DMusic - ok
17:20:18.0234 2272 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:20:18.0234 2272 Dnscache - ok
17:20:18.0265 2272 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:20:18.0281 2272 Dot3svc - ok
17:20:18.0343 2272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:20:18.0359 2272 dpti2o - ok
17:20:18.0406 2272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:20:18.0406 2272 drmkaud - ok
17:20:18.0437 2272 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:20:18.0468 2272 EapHost - ok
17:20:18.0562 2272 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:20:18.0578 2272 eeCtrl - ok
17:20:18.0609 2272 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:20:18.0625 2272 EraserUtilRebootDrv - ok
17:20:18.0734 2272 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:20:18.0734 2272 ERSvc - ok
17:20:18.0765 2272 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:20:18.0765 2272 Eventlog - ok
17:20:18.0781 2272 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:20:18.0796 2272 EventSystem - ok
17:20:18.0843 2272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:20:18.0859 2272 Fastfat - ok
17:20:18.0906 2272 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:20:18.0906 2272 FastUserSwitchingCompatibility - ok
17:20:18.0937 2272 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:20:18.0968 2272 Fax - ok
17:20:19.0203 2272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:20:19.0218 2272 Fdc - ok
17:20:19.0250 2272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:20:19.0250 2272 Fips - ok
17:20:19.0312 2272 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:20:19.0359 2272 FLEXnet Licensing Service - ok
17:20:19.0359 2272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:20:19.0375 2272 Flpydisk - ok
17:20:19.0375 2272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:20:19.0375 2272 FltMgr - ok
17:20:19.0453 2272 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:20:19.0484 2272 FontCache3.0.0.0 - ok
17:20:19.0578 2272 FreeAgentGoNext Service (81b4a2c6c9bd17ffb6031a0a61c09764) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
17:20:19.0578 2272 FreeAgentGoNext Service - ok
17:20:19.0703 2272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:20:19.0718 2272 Fs_Rec - ok
17:20:19.0750 2272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:20:19.0750 2272 Ftdisk - ok
17:20:19.0781 2272 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
17:20:19.0812 2272 GearAspiWDM - ok
17:20:19.0812 2272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:20:19.0812 2272 Gpc - ok
17:20:19.0921 2272 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:20:19.0921 2272 gupdate - ok
17:20:19.0921 2272 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:20:19.0921 2272 gupdatem - ok
17:20:19.0953 2272 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:20:19.0953 2272 gusvc - ok
17:20:20.0062 2272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:20:20.0078 2272 HDAudBus - ok
17:20:20.0156 2272 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:20:20.0156 2272 helpsvc - ok
17:20:20.0187 2272 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:20:20.0203 2272 HidServ - ok
17:20:20.0203 2272 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:20:20.0218 2272 hidusb - ok
17:20:20.0265 2272 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:20:20.0281 2272 hkmsvc - ok
17:20:20.0500 2272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:20:20.0515 2272 hpn - ok
17:20:20.0562 2272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:20:20.0578 2272 HTTP - ok
17:20:20.0625 2272 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:20:20.0625 2272 HTTPFilter - ok
17:20:20.0656 2272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:20:20.0671 2272 i2omgmt - ok
17:20:20.0687 2272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:20:20.0687 2272 i2omp - ok
17:20:20.0781 2272 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:20:20.0796 2272 IAANTMON - ok
17:20:20.0921 2272 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
17:20:20.0921 2272 iaStor - ok
17:20:21.0015 2272 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:20:21.0031 2272 IDriverT - ok
17:20:21.0140 2272 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:20:21.0203 2272 idsvc - ok
17:20:21.0343 2272 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120324.004\IDSxpx86.sys
17:20:21.0359 2272 IDSxpx86 - ok
17:20:21.0437 2272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:20:21.0453 2272 Imapi - ok
17:20:21.0500 2272 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:20:21.0531 2272 ImapiService - ok
17:20:21.0562 2272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:20:21.0578 2272 ini910u - ok
17:20:21.0625 2272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:20:21.0625 2272 IntelIde - ok
17:20:21.0671 2272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:20:21.0671 2272 intelppm - ok
17:20:21.0687 2272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:20:21.0687 2272 Ip6Fw - ok
17:20:21.0687 2272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:20:21.0687 2272 IpFilterDriver - ok
17:20:21.0703 2272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:20:21.0703 2272 IpInIp - ok
17:20:21.0734 2272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:20:21.0750 2272 IpNat - ok
17:20:21.0781 2272 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
17:20:21.0812 2272 iPod Service - ok
17:20:21.0890 2272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:20:21.0890 2272 IPSec - ok
17:20:21.0906 2272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:20:21.0906 2272 IRENUM - ok
17:20:21.0953 2272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:20:21.0953 2272 isapnp - ok
17:20:22.0031 2272 JavaQuickStarterService (890369aed0dde1a98f09f7dc239ca2bd) C:\Program Files\Java\jre6\bin\jqs.exe
17:20:22.0031 2272 JavaQuickStarterService - ok
17:20:22.0140 2272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:20:22.0140 2272 Kbdclass - ok
17:20:22.0171 2272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:20:22.0171 2272 kbdhid - ok
17:20:22.0203 2272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:20:22.0203 2272 kmixer - ok
17:20:22.0234 2272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:20:22.0281 2272 KSecDD - ok
17:20:22.0359 2272 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:20:22.0359 2272 LanmanServer - ok
17:20:22.0406 2272 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:20:22.0406 2272 lanmanworkstation - ok
17:20:22.0453 2272 lbrtfdc - ok
17:20:22.0750 2272 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:20:22.0750 2272 LmHosts - ok
17:20:22.0796 2272 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:20:22.0828 2272 Messenger - ok
17:20:22.0875 2272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:20:23.0203 2272 mnmdd - ok
17:20:23.0296 2272 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:20:23.0296 2272 mnmsrvc - ok
17:20:23.0375 2272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:20:23.0375 2272 Modem - ok
17:20:23.0406 2272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:20:23.0421 2272 Mouclass - ok
17:20:23.0453 2272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:20:23.0453 2272 mouhid - ok
17:20:23.0468 2272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:20:23.0468 2272 MountMgr - ok
17:20:23.0500 2272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:20:23.0515 2272 mraid35x - ok
17:20:23.0531 2272 mrtRate (6075de2ad531f6e30c9995dfda22001f) C:\WINDOWS\system32\drivers\mrtRate.sys
17:20:23.0562 2272 mrtRate - ok
17:20:23.0562 2272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:20:23.0578 2272 MRxDAV - ok
17:20:23.0609 2272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:20:23.0640 2272 MRxSmb - ok
17:20:23.0687 2272 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:20:23.0703 2272 MSDTC - ok
17:20:23.0765 2272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:20:23.0765 2272 Msfs - ok
17:20:23.0765 2272 MSIServer - ok
17:20:23.0812 2272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:20:23.0828 2272 MSKSSRV - ok
17:20:23.0875 2272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:20:23.0890 2272 MSPCLOCK - ok
17:20:23.0921 2272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:20:23.0921 2272 MSPQM - ok
17:20:23.0968 2272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:20:23.0968 2272 mssmbios - ok
17:20:24.0000 2272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:20:24.0031 2272 Mup - ok
17:20:24.0125 2272 N360 (64c89db40949fd0e7c8ff303676a91f1) C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
17:20:24.0125 2272 N360 - ok
17:20:24.0234 2272 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:20:24.0250 2272 napagent - ok
17:20:24.0406 2272 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120326.019\NAVENG.SYS
17:20:24.0406 2272 NAVENG - ok
17:20:24.0546 2272 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120326.019\NAVEX15.SYS
17:20:24.0687 2272 NAVEX15 - ok
17:20:24.0781 2272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:20:24.0781 2272 NDIS - ok
17:20:24.0812 2272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:20:24.0859 2272 NdisTapi - ok
17:20:24.0906 2272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:20:24.0906 2272 Ndisuio - ok
17:20:24.0906 2272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:20:24.0906 2272 NdisWan - ok
17:20:24.0953 2272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:20:24.0968 2272 NDProxy - ok
17:20:25.0000 2272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:20:25.0000 2272 NetBIOS - ok
17:20:25.0046 2272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:20:25.0046 2272 NetBT - ok
17:20:25.0078 2272 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:20:25.0125 2272 NetDDE - ok
17:20:25.0125 2272 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:20:25.0125 2272 NetDDEdsdm - ok
17:20:25.0281 2272 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:20:25.0281 2272 Netlogon - ok
17:20:25.0328 2272 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:20:25.0328 2272 Netman - ok
17:20:25.0375 2272 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:25.0406 2272 NetTcpPortSharing - ok
17:20:25.0468 2272 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:20:25.0468 2272 Nla - ok
17:20:25.0500 2272 Norton Internet Security - ok
17:20:25.0531 2272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:20:25.0531 2272 Npfs - ok
17:20:25.0578 2272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:20:25.0609 2272 Ntfs - ok
17:20:25.0656 2272 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:20:25.0656 2272 NtLmSsp - ok
17:20:25.0703 2272 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:20:25.0718 2272 NtmsSvc - ok
17:20:25.0796 2272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:20:25.0796 2272 Null - ok
17:20:25.0953 2272 nv (b7ef2303b118b0994b37b6abdefb2b99) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:20:26.0093 2272 nv - ok
17:20:26.0203 2272 NVSvc (b9c89204c262a50fd35e9f56a24c36d9) C:\WINDOWS\system32\nvsvc32.exe
17:20:26.0218 2272 NVSvc - ok
17:20:26.0250 2272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:20:26.0250 2272 NwlnkFlt - ok
17:20:26.0250 2272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:20:26.0250 2272 NwlnkFwd - ok
17:20:26.0359 2272 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:20:26.0375 2272 odserv - ok
17:20:26.0421 2272 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:20:26.0437 2272 ose - ok
17:20:26.0546 2272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:20:26.0562 2272 Parport - ok
17:20:26.0578 2272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:20:26.0578 2272 PartMgr - ok
17:20:26.0609 2272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:20:26.0609 2272 ParVdm - ok
17:20:26.0640 2272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:20:26.0656 2272 PCI - ok
17:20:26.0671 2272 PCIDump - ok
17:20:26.0718 2272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:20:26.0718 2272 PCIIde - ok
17:20:26.0734 2272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:20:26.0750 2272 Pcmcia - ok
17:20:26.0750 2272 PDCOMP - ok
17:20:26.0750 2272 PDFRAME - ok
17:20:26.0765 2272 PDRELI - ok
17:20:26.0765 2272 PDRFRAME - ok
17:20:26.0781 2272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:20:26.0781 2272 perc2 - ok
17:20:26.0796 2272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:20:26.0796 2272 perc2hib - ok
17:20:26.0828 2272 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:20:26.0828 2272 PlugPlay - ok
17:20:26.0859 2272 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:20:26.0859 2272 PolicyAgent - ok
17:20:26.0890 2272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:20:26.0906 2272 PptpMiniport - ok
17:20:26.0921 2272 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:20:26.0921 2272 ProtectedStorage - ok
17:20:26.0921 2272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:20:26.0921 2272 PSched - ok
17:20:26.0953 2272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:20:26.0953 2272 Ptilink - ok
17:20:26.0968 2272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:20:26.0984 2272 ql1080 - ok
17:20:26.0984 2272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:20:26.0984 2272 Ql10wnt - ok
17:20:26.0984 2272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:20:27.0000 2272 ql12160 - ok
17:20:27.0000 2272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:20:27.0000 2272 ql1240 - ok
17:20:27.0015 2272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:20:27.0015 2272 ql1280 - ok
17:20:27.0015 2272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:20:27.0015 2272 RasAcd - ok
17:20:27.0046 2272 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:20:27.0093 2272 RasAuto - ok
17:20:27.0109 2272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:20:27.0109 2272 Rasl2tp - ok
17:20:27.0140 2272 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:20:27.0140 2272 RasMan - ok
17:20:27.0140 2272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:20:27.0140 2272 RasPppoe - ok
17:20:27.0156 2272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:20:27.0156 2272 Raspti - ok
17:20:27.0171 2272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:20:27.0171 2272 Rdbss - ok
17:20:27.0203 2272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:20:27.0203 2272 RDPCDD - ok
17:20:27.0234 2272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:20:27.0234 2272 rdpdr - ok
17:20:27.0265 2272 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:20:27.0296 2272 RDPWD - ok
17:20:27.0328 2272 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:20:27.0359 2272 RDSessMgr - ok
17:20:27.0406 2272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:20:27.0406 2272 redbook - ok
17:20:27.0453 2272 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:20:27.0484 2272 RemoteAccess - ok
17:20:27.0500 2272 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:20:27.0500 2272 RemoteRegistry - ok
17:20:27.0546 2272 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:20:27.0562 2272 RpcLocator - ok
17:20:27.0609 2272 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:20:27.0609 2272 RpcSs - ok
17:20:27.0625 2272 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:20:27.0640 2272 RSVP - ok
17:20:27.0640 2272 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:20:27.0640 2272 SamSs - ok
17:20:27.0718 2272 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:20:27.0718 2272 SASDIFSV - ok
17:20:27.0734 2272 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:20:27.0734 2272 SASKUTIL - ok
17:20:27.0750 2272 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:20:27.0781 2272 SCardSvr - ok
17:20:27.0812 2272 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:20:27.0812 2272 Schedule - ok
17:20:27.0859 2272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:20:27.0875 2272 Secdrv - ok
17:20:27.0906 2272 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:20:27.0906 2272 seclogon - ok
17:20:27.0937 2272 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
17:20:27.0968 2272 SenFiltService - ok
17:20:27.0968 2272 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:20:27.0968 2272 SENS - ok
17:20:27.0984 2272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:20:27.0984 2272 Serenum - ok
17:20:28.0015 2272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:20:28.0015 2272 Serial - ok
17:20:28.0031 2272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:20:28.0031 2272 Sfloppy - ok
17:20:28.0078 2272 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:20:28.0078 2272 SharedAccess - ok
17:20:28.0109 2272 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:20:28.0109 2272 ShellHWDetection - ok
17:20:28.0109 2272 Simbad - ok
17:20:28.0140 2272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:20:28.0140 2272 sisagp - ok
17:20:28.0156 2272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:20:28.0171 2272 Sparrow - ok
17:20:28.0187 2272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:20:28.0187 2272 splitter - ok
17:20:28.0218 2272 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:20:28.0218 2272 Spooler - ok
17:20:28.0234 2272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:20:28.0234 2272 sr - ok
17:20:28.0265 2272 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:20:28.0265 2272 srservice - ok
17:20:28.0328 2272 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS
17:20:28.0343 2272 SRTSP - ok
17:20:28.0359 2272 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS
17:20:28.0375 2272 SRTSPX - ok
17:20:28.0421 2272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:20:28.0453 2272 Srv - ok
17:20:28.0484 2272 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:20:28.0484 2272 SSDPSRV - ok
17:20:28.0531 2272 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:20:28.0546 2272 stisvc - ok
17:20:28.0578 2272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:20:28.0593 2272 swenum - ok
17:20:28.0609 2272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:20:28.0625 2272 swmidi - ok
17:20:28.0625 2272 SwPrv - ok
17:20:28.0656 2272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:20:28.0656 2272 symc810 - ok
17:20:28.0671 2272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:20:28.0687 2272 symc8xx - ok
17:20:28.0734 2272 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS
17:20:28.0750 2272 SymEFA - ok
17:20:28.0796 2272 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:20:28.0812 2272 SymEvent - ok
17:20:28.0812 2272 SYMFW (a8c45c36309ee066f9191e511f88ed76) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS
17:20:28.0828 2272 SYMFW - ok
17:20:28.0890 2272 SYMIDS (f4db00bc0c25be3e05d4bbb8637cc3a3) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS
17:20:28.0937 2272 SYMIDS - ok
17:20:28.0984 2272 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
17:20:29.0000 2272 SymIM - ok
17:20:29.0000 2272 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
17:20:29.0000 2272 SymIMMP - ok
17:20:29.0046 2272 SYMNDIS (06a8ecfc68d61a26a67f0e96ff1ca9cc) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS
17:20:29.0046 2272 SYMNDIS - ok
17:20:29.0093 2272 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS
17:20:29.0109 2272 SYMTDI - ok
17:20:29.0140 2272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:20:29.0156 2272 sym_hi - ok
17:20:29.0156 2272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:20:29.0156 2272 sym_u3 - ok
17:20:29.0187 2272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:20:29.0187 2272 sysaudio - ok
17:20:29.0218 2272 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:20:29.0234 2272 SysmonLog - ok
17:20:29.0265 2272 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:20:29.0265 2272 TapiSrv - ok
17:20:29.0312 2272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:20:29.0312 2272 Tcpip - ok
17:20:29.0328 2272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:20:29.0328 2272 TDPIPE - ok
17:20:29.0359 2272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:20:29.0359 2272 TDTCP - ok
17:20:29.0406 2272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:20:29.0406 2272 TermDD - ok
17:20:29.0468 2272 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:20:29.0468 2272 TermService - ok
17:20:29.0515 2272 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:20:29.0515 2272 Themes - ok
17:20:29.0531 2272 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:20:29.0578 2272 TlntSvr - ok
17:20:29.0609 2272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:20:29.0625 2272 TosIde - ok
17:20:29.0656 2272 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:20:29.0656 2272 TrkWks - ok
17:20:29.0671 2272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:20:29.0671 2272 Udfs - ok
17:20:29.0703 2272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:20:29.0718 2272 ultra - ok
17:20:29.0750 2272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:20:29.0750 2272 Update - ok
17:20:29.0781 2272 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:20:29.0796 2272 upnphost - ok
17:20:29.0828 2272 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:20:29.0828 2272 UPS - ok
17:20:29.0859 2272 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:20:29.0890 2272 USBAAPL - ok
17:20:29.0953 2272 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:20:29.0968 2272 usbaudio - ok
17:20:30.0015 2272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:20:30.0015 2272 usbccgp - ok
17:20:30.0031 2272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:20:30.0031 2272 usbehci - ok
17:20:30.0093 2272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:20:30.0093 2272 usbhub - ok
17:20:30.0156 2272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:20:30.0156 2272 usbprint - ok
17:20:30.0203 2272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:20:30.0203 2272 usbscan - ok
17:20:30.0250 2272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:20:30.0265 2272 USBSTOR - ok
17:20:30.0312 2272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:20:30.0312 2272 usbuhci - ok
17:20:30.0359 2272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:20:30.0359 2272 VgaSave - ok
17:20:30.0406 2272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:20:30.0406 2272 viaagp - ok
17:20:30.0421 2272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:20:30.0421 2272 ViaIde - ok
17:20:30.0437 2272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:20:30.0437 2272 VolSnap - ok
17:20:30.0484 2272 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:20:30.0500 2272 VSS - ok
17:20:30.0531 2272 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:20:30.0531 2272 w32time - ok
17:20:30.0562 2272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:20:30.0578 2272 Wanarp - ok
17:20:30.0593 2272 WDICA - ok
17:20:30.0640 2272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:20:30.0640 2272 wdmaud - ok
17:20:30.0671 2272 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:20:30.0687 2272 WebClient - ok
17:20:30.0765 2272 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:20:30.0765 2272 winmgmt - ok
17:20:30.0859 2272 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
17:20:30.0953 2272 WmdmPmSN - ok
17:20:31.0015 2272 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:20:31.0031 2272 Wmi - ok
17:20:31.0093 2272 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:20:31.0109 2272 WmiApSrv - ok
17:20:31.0156 2272 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:20:31.0156 2272 wscsvc - ok
17:20:31.0171 2272 WSearch - ok
17:20:31.0187 2272 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:20:31.0187 2272 wuauserv - ok
17:20:31.0218 2272 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:20:31.0218 2272 WZCSVC - ok
17:20:31.0234 2272 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:20:31.0265 2272 xmlprov - ok
17:20:31.0281 2272 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0
17:20:31.0312 2272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:20:31.0312 2272 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:20:31.0343 2272 Boot (0x1200) (0de8e2128631e45fb572f4e993b1ab83) \Device\Harddisk0\DR0\Partition0
17:20:31.0343 2272 \Device\Harddisk0\DR0\Partition0 - ok
17:20:31.0343 2272 ============================================================
17:20:31.0343 2272 Scan finished
17:20:31.0343 2272 ============================================================
17:20:31.0359 3932 Detected object count: 1
17:20:31.0359 3932 Actual detected object count: 1
17:22:38.0062 3932 \Device\Harddisk0\DR0\# - copied to quarantine
17:22:38.0062 3932 \Device\Harddisk0\DR0 - copied to quarantine
17:22:38.0093 3932 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:22:38.0093 3932 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:22:38.0421 3932 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:22:38.0562 3932 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:22:39.0265 3932 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:22:39.0812 3932 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:22:40.0203 3932 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:22:40.0312 3932 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:22:40.0312 3932 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:22:40.0328 3932 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:22:40.0328 3932 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:22:40.0406 3932 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:22:40.0781 3932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:22:40.0781 3932 \Device\Harddisk0\DR0 - ok
17:22:41.0156 3932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:22:52.0359 4844 Deinitialize success

Last edited by kwoodz; 27-Mar-2012 at 06:45 PM..
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,580 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
28-Mar-2012, 02:42 AM #6
OK that has got part of the rootkit dealt with
next step
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
kwoodz's Avatar
kwoodz kwoodz is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
28-Mar-2012, 09:47 AM #7
No redirects for now...computer seems fine!

ComboFix 12-03-28.01 - Art Vandelay 03/28/2012 8:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1202 [GMT -5:00]
Running from: c:\documents and settings\Art Vandelay\Desktop\username123.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Art Vandelay\Recent\Thumbs.db
c:\documents and settings\Art Vandelay\WINDOWS
c:\windows\system32\Thumbs.db
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 13:34 . 2012-03-28 13:34 -------- d-----w- c:\windows\system32\LogFiles
2012-03-27 22:22 . 2012-03-27 22:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-27 22:11 . 2012-03-27 22:11 -------- d-----w- c:\documents and settings\Art Vandelay\Application Data\SUPERAntiSpyware.com
2012-03-27 22:10 . 2012-03-27 22:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-27 22:10 . 2012-03-27 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-25 14:47 . 2012-03-25 14:47 -------- d--h--w- c:\windows\PIF
2012-03-22 21:38 . 2012-03-22 21:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-22 16:30 . 2012-03-22 21:20 -------- d-----w- C:\_AcroTemp
2012-03-13 15:22 . 2012-03-13 15:23 -------- d-----w- c:\documents and settings\Art Vandelay\Local Settings\Application Data\Solid State Networks
2012-03-07 14:58 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-07 14:58 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-03 39408]
"cdloader"="c:\documents and settings\Art Vandelay\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1015808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-28 13578240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 148888]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2009-9-30 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2009-9-30 36864]
QuickScan (OpticFilm 7600i).lnk - c:\program files\Plustek\OpticFilm 7600i\QuickScan.exe [2010-7-28 339968]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Art Vandelay\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [11/1/2011 10:22 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [11/1/2011 10:22 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [11/1/2011 10:22 AM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120327.002\IDSXpx86.sys [3/27/2012 5:47 PM 356280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe [11/1/2011 10:22 AM 117648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/8/2012 4:16 AM 106104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2011 11:24 AM 136176]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2011 11:24 AM 136176]
S4 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [9/30/2009 6:16 PM 34916]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-03 16:24]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-03 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 08:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-03-28 08:41:22
ComboFix-quarantined-files.txt 2012-03-28 13:41
.
Pre-Run: 216,150,605,824 bytes free
Post-Run: 217,002,192,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6D1DBCCDA6FCE4D8956995063ED27C8E
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,765 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
28-Mar-2012, 10:51 AM #8
I need you to list EVERYTHING that's in the Computer: section in the "General" tab.

-----------------------------------------------------------
kwoodz's Avatar
kwoodz kwoodz is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
28-Mar-2012, 12:16 PM #9
In response to flavallee:

System:
Microsoft Windows XP
Professional
Version 2002
Service Pack 3
Registered to:
Art Vandelay
76487-OEM-0011903-00102
Dell Precision T3400
Intel(R) Core(TM)2 Duo CPU
E7400 @ 2.80GHz
2.79 GHz, 2.00 GB of Ram
Physical Address Extention
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,765 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
28-Mar-2012, 12:33 PM #10
Quote:
Originally Posted by kwoodz View Post
System:
Microsoft Windows XP
Professional
Version 2002
Service Pack 3
Registered to:
Art Vandelay
76487-OEM-0011903-00102
Dell Precision T3400
Intel(R) Core(TM)2 Duo CPU
E7400 @ 2.80 GHz
2.79 GHz, 2.00 GB of Ram
Physical Address Extention
Thanks. I was wanting to confirm that the processor is running at its rated speed and NOT at a noticaby slower speed. Yours is fine.

---------------------------------------------------------------
kwoodz's Avatar
kwoodz kwoodz is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
28-Mar-2012, 03:19 PM #11
flavallee,

Yes, thank you for that, and just wanted to note that in this same thread, I am also responding to instructions from dvk01.

I still have not utilized the SUPERAntiSpyware downloaded to my desktop as suggested in post #3.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,580 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Mar-2012, 04:31 AM #12
we need to find & replace a missing system file that the malware has infected and your antivirus has deleted

There won't be a copy on your computer otherwise combofix will have found it & used it so
step 1
download the attached i8042prt.zip
unzip it to desktop so you have a copy of i8042prt.sys there

then

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kwoodz's Avatar
kwoodz kwoodz is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
29-Mar-2012, 09:07 AM #13
dvk01,

Here is the latest Combofix log:

ComboFix 12-03-28.01 - Art Vandelay 03/29/2012 7:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1216 [GMT -5:00]
Running from: c:\documents and settings\Art Vandelay\Desktop\username123.exe
Command switches used :: c:\documents and settings\Art Vandelay\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\documents and settings\Art Vandelay\Desktop\i8042prt.sys --> c:\windows\system32\drivers\i8042prt.sys
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 12:59 . 2008-04-14 01:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-03-29 12:59 . 2008-04-14 01:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-28 13:34 . 2012-03-28 13:34 -------- d-----w- c:\windows\system32\LogFiles
2012-03-27 22:22 . 2012-03-27 22:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-27 22:11 . 2012-03-27 22:11 -------- d-----w- c:\documents and settings\Art Vandelay\Application Data\SUPERAntiSpyware.com
2012-03-27 22:10 . 2012-03-27 22:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-27 22:10 . 2012-03-27 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-25 14:47 . 2012-03-25 14:47 -------- d--h--w- c:\windows\PIF
2012-03-22 21:38 . 2012-03-22 21:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-22 16:30 . 2012-03-22 21:20 -------- d-----w- C:\_AcroTemp
2012-03-13 15:22 . 2012-03-13 15:23 -------- d-----w- c:\documents and settings\Art Vandelay\Local Settings\Application Data\Solid State Networks
2012-03-07 14:58 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-07 14:58 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-03 39408]
"cdloader"="c:\documents and settings\Art Vandelay\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1015808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-28 13578240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 148888]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2009-9-30 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2009-9-30 36864]
QuickScan (OpticFilm 7600i).lnk - c:\program files\Plustek\OpticFilm 7600i\QuickScan.exe [2010-7-28 339968]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Art Vandelay\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [11/1/2011 10:22 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [11/1/2011 10:22 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [11/1/2011 10:22 AM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120328.002\IDSXpx86.sys [3/28/2012 7:03 PM 356280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe [11/1/2011 10:22 AM 117648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/8/2012 4:16 AM 106104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2011 11:24 AM 136176]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2011 11:24 AM 136176]
S4 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [9/30/2009 6:16 PM 34916]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-03 16:24]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-03 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 08:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-03-29 08:02:47
ComboFix-quarantined-files.txt 2012-03-29 13:02
ComboFix2.txt 2012-03-28 13:41
.
Pre-Run: 217,045,385,216 bytes free
Post-Run: 217,024,704,512 bytes free
.
- - End Of File - - F70219DA289988CE7A7DEB682871E605

Last edited by kwoodz; 29-Mar-2012 at 09:16 AM..
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,580 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-Mar-2012, 09:33 AM #14
That looks all OK now

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us

I will leave you with Flavalee to update anything he thinks needs doing and there is bound to be some there
kwoodz's Avatar
kwoodz kwoodz is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
29-Mar-2012, 11:48 AM #15
dvk01,

I've followed all your instructions and all seens fine. I'll wait to be cleared by flavallee before closing.
Thanks you so much for the help....you guys are the best!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑