1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer infected with BOT

Discussion in 'Virus & Other Malware Removal' started by Mufferino, Jan 7, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Mufferino

    Mufferino Thread Starter

    Joined:
    Jan 7, 2011
    Messages:
    4
    Hi I really need your help! In the last couple of weeks I got some kind of virus or malware that has really messed up my computer. I have ran many removal tools, etc and sometimes they find trojans and malware and remove them and other times they find nothing, yet my computer is still messed up. Then I received an email from Norton saying they believe my computer has a BOT. I tried to follow the instructions on removal but my browser will not let me load any microsoft updates. No matter how I attempt to get to microsoft updates, it brings up message "connection reset while loading the page"..sometimes it attempts to redirect me first then it goes to right place but gives me the same message. I also have other weird things going on. The computer rarely shuts down, I usually have to hold the on/off button but no matter how it shuts down I always get the error message on reboot that "generic host process for win32 services encountered a problem" and "svchost.exe" error message. Norton keeps showing me attacks that are being blocked and that are from "lkaturl71.com, https tidserv request 2" and "ikaturi11.com, https tidserv request 2". Can you give me any ideas on what I can do to find the spyware or the trojan or whatever is messing with my computer? I am not computer saavy at all, so any help you can give me would be greatly appreciated. Thanks so much!
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Mufferino,

    Proceed as follows please :-

    Step 1

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Step 2

    We need to see some additional information about what is happening in your machine.*
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Post thelog from TDSSKiller and the two logs from DDS in your reply,

    Kevin
     
  3. Mufferino

    Mufferino Thread Starter

    Joined:
    Jan 7, 2011
    Messages:
    4
    Thanks Kevin, I ran the TDSSKiller and will include the log here. I have tons of pictures on my computer and read that I should do a backup of those before I run the DDS--so I am going to copy those first unless you dont think that is necessary. It might take me a couple of days though to get through them all. Here is the log from the TDSSkiller if that helps. Thanks again. Will get back to you once backup done.

    2011/01/08 09:37:27.0364 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/08 09:37:27.0364 ================================================================================
    2011/01/08 09:37:27.0364 SystemInfo:
    2011/01/08 09:37:27.0364
    2011/01/08 09:37:27.0364 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/08 09:37:27.0364 Product type: Workstation
    2011/01/08 09:37:27.0364 ComputerName: OWNER-C830E2F29
    2011/01/08 09:37:27.0364 UserName: Owner
    2011/01/08 09:37:27.0364 Windows directory: C:\WINDOWS
    2011/01/08 09:37:27.0364 System windows directory: C:\WINDOWS
    2011/01/08 09:37:27.0364 Processor architecture: Intel x86
    2011/01/08 09:37:27.0364 Number of processors: 1
    2011/01/08 09:37:27.0364 Page size: 0x1000
    2011/01/08 09:37:27.0364 Boot type: Normal boot
    2011/01/08 09:37:27.0364 ================================================================================
    2011/01/08 09:37:30.0489 Initialize success
    2011/01/08 09:37:35.0833 ================================================================================
    2011/01/08 09:37:35.0833 Scan started
    2011/01/08 09:37:35.0833 Mode: Manual;
    2011/01/08 09:37:35.0833 ================================================================================
    2011/01/08 09:37:36.0630 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/08 09:37:36.0833 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/08 09:37:37.0036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/08 09:37:37.0193 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/08 09:37:37.0865 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2011/01/08 09:37:38.0427 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/08 09:37:38.0646 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/08 09:37:38.0849 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/08 09:37:39.0099 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/01/08 09:37:39.0599 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/08 09:37:39.0771 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/08 09:37:40.0021 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/08 09:37:40.0365 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
    2011/01/08 09:37:40.0584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/08 09:37:40.0802 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
    2011/01/08 09:37:41.0084 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/08 09:37:41.0271 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/08 09:37:41.0412 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/08 09:37:41.0834 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/08 09:37:42.0021 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/08 09:37:42.0240 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/08 09:37:42.0365 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/08 09:37:42.0521 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/08 09:37:42.0724 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/08 09:37:42.0881 drvmcdb (b4cba593c540ff2a1ab7c0761c9ede16) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
    2011/01/08 09:37:43.0068 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/01/08 09:37:43.0240 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/01/08 09:37:43.0428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/08 09:37:43.0584 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/01/08 09:37:43.0724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/08 09:37:43.0865 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/01/08 09:37:44.0037 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/08 09:37:44.0209 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/08 09:37:44.0365 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/08 09:37:44.0506 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/01/08 09:37:44.0646 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/08 09:37:44.0818 hp4200c (9add235b564d7b3d27d97cb13ede8c0a) C:\WINDOWS\system32\DRIVERS\hp4200c.sys
    2011/01/08 09:37:45.0068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/08 09:37:45.0287 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/08 09:37:45.0553 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110107.002\IDSxpx86.sys
    2011/01/08 09:37:45.0803 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/08 09:37:46.0053 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/08 09:37:46.0209 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/08 09:37:46.0365 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/08 09:37:46.0522 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/08 09:37:46.0678 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/08 09:37:46.0834 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/08 09:37:47.0068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/08 09:37:47.0225 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/08 09:37:47.0444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/08 09:37:47.0553 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/08 09:37:47.0959 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
    2011/01/08 09:37:48.0147 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/01/08 09:37:48.0319 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/08 09:37:48.0490 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/08 09:37:48.0569 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/01/08 09:37:48.0709 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/08 09:37:48.0850 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/08 09:37:49.0037 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/01/08 09:37:49.0287 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/08 09:37:49.0444 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/08 09:37:49.0616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/08 09:37:49.0725 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/08 09:37:49.0834 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/08 09:37:49.0975 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/08 09:37:50.0163 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/08 09:37:50.0256 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/08 09:37:50.0538 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110107.037\NAVENG.SYS
    2011/01/08 09:37:50.0834 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110107.037\NAVEX15.SYS
    2011/01/08 09:37:51.0022 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/08 09:37:51.0225 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/08 09:37:51.0350 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/08 09:37:51.0459 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/08 09:37:51.0631 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/08 09:37:51.0803 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/08 09:37:51.0960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/08 09:37:52.0147 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/08 09:37:52.0272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/08 09:37:52.0428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/08 09:37:52.0616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/08 09:37:52.0710 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/08 09:37:52.0866 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/08 09:37:53.0006 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/08 09:37:53.0069 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/08 09:37:53.0241 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/08 09:37:53.0382 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/08 09:37:53.0475 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/08 09:37:53.0647 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/08 09:37:53.0803 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/08 09:37:54.0178 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/08 09:37:54.0272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/01/08 09:37:54.0350 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/08 09:37:54.0475 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/08 09:37:54.0632 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/08 09:37:54.0897 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/08 09:37:55.0007 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/08 09:37:55.0210 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/08 09:37:55.0382 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/08 09:37:55.0475 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/08 09:37:55.0632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/08 09:37:55.0772 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/08 09:37:55.0929 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/08 09:37:56.0085 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/08 09:37:56.0288 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2011/01/08 09:37:56.0460 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/01/08 09:37:56.0632 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2011/01/08 09:37:56.0819 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/08 09:37:56.0976 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/01/08 09:37:57.0132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/08 09:37:57.0507 smserial (0c81c75a42a4e920a91a8bb729b10449) C:\WINDOWS\system32\DRIVERS\smserial.sys
    2011/01/08 09:37:57.0788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/08 09:37:57.0866 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/08 09:37:58.0038 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
    2011/01/08 09:37:58.0273 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
    2011/01/08 09:37:58.0460 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/08 09:37:58.0663 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2011/01/08 09:37:58.0819 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/08 09:37:58.0913 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/08 09:37:59.0210 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
    2011/01/08 09:37:59.0507 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
    2011/01/08 09:37:59.0757 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    2011/01/08 09:37:59.0945 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
    2011/01/08 09:38:00.0163 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
    2011/01/08 09:38:00.0445 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/08 09:38:00.0616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/08 09:38:00.0804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/08 09:38:00.0913 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/08 09:38:01.0070 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/08 09:38:01.0273 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/08 09:38:01.0492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/08 09:38:01.0679 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/01/08 09:38:01.0835 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    2011/01/08 09:38:01.0992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/08 09:38:02.0117 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    2011/01/08 09:38:02.0273 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/08 09:38:02.0429 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/08 09:38:02.0585 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    2011/01/08 09:38:02.0726 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/01/08 09:38:02.0851 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/08 09:38:02.0992 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/08 09:38:03.0164 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/08 09:38:03.0335 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/08 09:38:03.0554 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/08 09:38:03.0742 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/08 09:38:03.0914 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/08 09:38:04.0132 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
    2011/01/08 09:38:04.0257 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/08 09:38:04.0257 ================================================================================
    2011/01/08 09:38:04.0257 Scan finished
    2011/01/08 09:38:04.0257 ================================================================================
    2011/01/08 09:38:04.0273 Detected object count: 1
    2011/01/08 09:38:15.0649 \HardDisk0 - will be cured after reboot
    2011/01/08 09:38:15.0649 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/08 09:38:36.0651 Deinitialize success
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    DDS is purely diagnostic and makes no changes whatsoever to your system, no backup needed yet....
     
  5. Mufferino

    Mufferino Thread Starter

    Joined:
    Jan 7, 2011
    Messages:
    4
    Thanks again. Ran the DDS program as requested. I did not know how to turn off script protection so dont know if it worked or not. Let me know if I need to do it again differently. Here are the 2 logs:

    This is attach.txt:

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/15/2006 12:37:56 PM
    System Uptime: 1/8/2011 9:39:42 AM (32 hours ago)

    Motherboard: ASUSTek Computer INC. | | Amberine M
    Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 939 | 2188/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 28.387 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Canon MX700 ser Network
    Device ID: ROOT\CANON_IJ_NETWORK\0000
    Manufacturer: Canon
    Name: Canon MX700 ser Network
    PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
    Service: StillCam

    ==== System Restore Points ===================

    RP119: 1/3/2011 3:26:06 PM - System Checkpoint
    RP120: 1/6/2011 10:44:01 AM - System Checkpoint
    RP121: 1/7/2011 2:46:24 PM - System Checkpoint
    RP122: 1/8/2011 3:44:31 PM - System Checkpoint
    RP123: 1/9/2011 2:28:49 AM - Software Distribution Service 3.0
    RP124: 1/9/2011 4:00:17 AM - Software Distribution Service 3.0
    RP125: 1/9/2011 9:45:56 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Adobe Shockwave Player 11
    Adobe® Photoshop® Album Starter Edition 3.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Arthur's Kindergarten
    Arthur's Math Games
    ATI Control Panel
    ATI Display Driver
    Autodesk Design Review 2009
    Autodesk Student Community Download Tool
    Barbie ® Riding Club
    Barbie(tm) Team Gymnastics(tm)
    BlackBerry Desktop Software 5.0
    Bonjour
    BRATZ - Super Babyz
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 1.0
    Canon MX700 series
    Canon MX700 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    Carnival Cruise Lines Tycoon 2005 - Island Hopping
    CASIO USB Driver V1.0.8003.1229
    CCScore
    Chutes and Ladders
    Clifford Musical Memory Games
    ClueFinders(R) 6th Grade Adventures
    Compatibility Pack for the 2007 Office system
    Device drivers for Simple Backup for My Pictures
    Disney's Lilo & Stitch Trouble in Paradise
    Disney Pirates of the Caribbean Online
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    fflink
    Finale SongWriter 2005
    Fish Tycoon
    Garmin USB Drivers
    Garmin WebUpdater
    Google Talk (remove only)
    Gotta Groove(TM) CD-ROM
    Greetings Workshop
    Hallmark Card Studio 2006 Deluxe
    Harry Potter
    Harry Potter - Quidditch World Cup
    Harry Potter II
    Hollywood Pets v1.2
    Horse Camp
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Product Detection
    HP Update
    InterActual Player
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Jasc Paint Shop Pro 9
    Jasc Paint Shop Pro 9.01 - (9.0.1.1)
    Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    JumpStart 1st Grade v1.5
    JumpStart 2nd Grade v1.2
    JumpStart Kindergarten 98 v2.5
    JumpStart Parent Resource Center v1.0
    JumpStart Pre-K v1.2
    JumpStart Preschool v2.0
    Kelly Club(TM) CD-ROM
    KODAK EASYSHARE Gallery Upload ActiveX Control
    Kodak EasyShare software
    LEGO Creator Harry Potter
    LG USB Modem driver
    Little Bear Rainy Day Activities
    Mall Of America Tycoon
    Malwarebytes' Anti-Malware
    Masque IGT Slots Texas Tea
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office Standard Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Motorola SM56 Speakerphone Modem
    Move Media Player
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Disney Kitchen
    My Little Pony
    Nancy Drew: Danger by Design
    Nancy Drew: Danger on Deception Island
    Nancy Drew: Secret of the Old Clock
    Nancy Drew: The Creature of Kapu Cave
    Nancy Drew: The Curse of Blackmoor Manor
    Nancy Drew: The Final Scene
    Nancy Drew: The Haunted Carousel
    Nancy Drew: Treasure in the Royal Tower
    netbrdg
    Norton Security Suite
    OfotoXMI
    OTOY
    PCFriendly
    Phonics Vowel and Consonant Games
    Photodex Presenter
    Presto! PageManager 7.15.16
    Princess Fashion Boutique 2
    QuickTime
    Reader Rabbit 1
    Realtek AC'97 Audio
    Revit Architecture 2009
    Rhapsody Player Engine
    RollerCoaster Tycoon 3
    SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    Sansa Media Converter
    Sansa Updater
    ScanSoft OmniPage SE 4
    School Tycoon
    Search Toolbar
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SFR
    SHASTA
    Shrek Screensaver
    skin0001
    SKINXSDK
    Spelling Dictionaries Support For Adobe Reader 9
    staticcr
    The Print Shop Ensemble III
    The Sims 2 University
    The Sims™ 2 Apartment Life
    The Sims™ 2 Bon Voyage
    The Sims™ 2 Deluxe
    The Sims™ 2 Seasons
    tooltips
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    V CAST Media Manager
    Virtools 3D Life Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VPRINTOL
    WebFldrs XP
    WebIQ Client Software
    WildTangent Web Driver
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WIRELESS
    Yahoo! Software Update

    ==== Event Viewer Messages From Past Week ========

    1/7/2011 9:39:29 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
    1/7/2011 9:39:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
    1/7/2011 9:39:07 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/7/2011 7:22:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    1/7/2011 2:15:51 PM, error: Print [6161] - The document Computer infected with BOT - Tech Support Guy Forums owned by Owner failed to print on printer Canon MX700 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 8371664. Number of bytes printed: 1348756. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\OWNER-C830E2F29. Win32 error code returned by the print processor: 259 (0x103).
    1/7/2011 11:22:49 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:49 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    1/7/2011 11:22:48 AM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:48 AM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:48 AM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:48 AM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:48 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:48 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:48 AM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:48 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
    1/7/2011 11:22:48 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/7/2011 1:42:15 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3378.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    1/6/2011 9:54:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    1/6/2011 10:59:55 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    1/6/2011 10:58:46 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
    1/6/2011 10:58:43 AM, error: Service Control Manager [7034] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s).
    1/6/2011 10:58:32 AM, error: Service Control Manager [7034] - The Sansa Updater Service service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 2:38:07 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/5/2011 2:36:37 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    1/5/2011 2:34:37 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/5/2011 2:32:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/5/2011 2:29:05 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    1/5/2011 11:59:12 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/4/2011 11:12:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    1/4/2011 11:12:25 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/4/2011 11:08:40 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
    1/4/2011 11:07:18 AM, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 0015F219500D has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    1/4/2011 11:07:07 AM, error: Dhcp [1002] - The IP address lease 76.25.108.81 for the Network Card with network address 0015F219500D has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    1/4/2011 11:06:47 AM, error: Service Control Manager [7022] - The WebClient service hung on starting.
    1/3/2011 11:40:56 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'EraserUtilRebootDrv.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    1/2/2011 10:17:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
    1/2/2011 10:17:08 AM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================

    This is the DDS.txt

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 17:35:32.14 on Sun 01/09/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.416 [GMT -7:00]

    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: Norton Security Suite *Disabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\V CAST Media Manager\MEMonitor.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Page =
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant =
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
    TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SMSERIAL] sm56hlpr.exe
    mRun: [hplampc] c:\windows\system32\hplampc.exe
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /usereg
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\greeti~1.lnk - c:\program files\greetings workshop\GWREMIND.EXE
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\program files\creative home\hallmark card studio 2006\planner\PLNRnote.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxp://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab
    DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab
    DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cab
    DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
    DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://www.shockwave.com/content/doggiedash/sis/DoggieDash.1.0.0.6.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
    DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
    DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
    DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
    DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
    DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
    DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://kingsoopers.storefront.com/images/global/activex/SFImageUpload1_4.CAB
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://webgames.d.tmsrv.com/c=14353bed23076c90fab39a4217d545bc/aff=t_03cm_wg/p/release/playfirst/wg_sandscript/sandscript/SandScript.1.0.0.21.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    Notify: AtiExtEvent - Ati2evxx.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\cxiu7dla.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf40485&v=6.010.023.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\cxiu7dla.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Search Toolbar: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\owner\application data\Move Networks

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-12-27 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-12-27 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-12-27 501888]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-12-27 116784]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-12-27 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-4 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110107.002\IDSXpx86.sys [2011-1-7 341944]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110109.003\NAVENG.SYS [2011-1-9 86008]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110109.003\NAVEX15.SYS [2011-1-9 1360760]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2007-1-29 9312]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

    =============== Created Last 30 ================

    2011-01-10 00:11:17 -------- d-----w- c:\docume~1\owner\applic~1\Tific
    2011-01-09 16:46:00 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{f8f9f156-5809-4554-abb3-19f50aa0ed74}\mpengine.dll
    2011-01-09 09:29:06 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-01-07 06:21:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-07 06:21:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-06 16:55:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-06 16:52:09 -------- d-----w- c:\program files\Microsoft Security Client
    2011-01-06 05:53:58 -------- d-----w- c:\docume~1\owner\applic~1\GARMIN
    2011-01-06 05:44:45 -------- d-----w- c:\program files\Garmin
    2010-12-29 07:54:16 -------- d-----w- c:\windows\system32\dumps
    2010-12-28 21:49:53 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-12-28 21:49:53 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-12-28 21:49:52 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-12-28 21:49:52 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-12-28 21:49:52 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-12-28 21:49:47 -------- d-----w- c:\program files\Trojan Remover
    2010-12-28 21:49:47 -------- d-----w- c:\docume~1\owner\applic~1\Simply Super Software
    2010-12-27 21:22:48 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
    2010-12-27 21:22:48 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
    2010-12-27 21:22:48 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
    2010-12-27 21:22:48 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
    2010-12-27 21:22:47 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
    2010-12-27 21:22:47 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
    2010-12-27 21:22:47 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
    2010-12-27 21:22:46 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
    2010-12-27 21:22:10 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
    2010-12-27 09:18:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-12-27 09:18:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-27 09:18:40 -------- d-----w- c:\program files\Symantec
    2010-12-27 09:17:24 -------- d-----w- c:\windows\system32\drivers\N360
    2010-12-27 09:17:22 -------- d-----w- c:\program files\Norton Security Suite
    2010-12-27 09:13:37 -------- d-----w- c:\program files\NortonInstaller
    2010-12-24 22:05:48 -------- d-----w- c:\program files\Search Toolbar
    2010-12-15 07:30:00 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 07:29:02 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 17:35:50.61 ===============
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Mufferino,

    You have Norton I.S. running also Microsoft Security Essentials, this is not good. If your Norton license is current you`d be advised to uninstall MSSE the two AV components will clash, give issues and may negate security.

    Proceed as follows :-

    We will begin continue ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important

    Before saving Combofix to your Desktop rename to Gotcha.exe as follows:

    [​IMG]

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log from Combofix in your reply,

    Kevin.
     
  7. Mufferino

    Mufferino Thread Starter

    Joined:
    Jan 7, 2011
    Messages:
    4
    Hi Kevin,

    Did uninstall Microsoft Security as my Norton is new. Ran ComboFix and here is the log. The computer has been running great since you had me do the TDSSkiller so maybe its been fixed. Hopefully the combofix report tells you something. Thanks again!

    ComboFix 11-01-11.03 - Owner 01/12/2011 11:08:27.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.509 [GMT -7:00]
    Running from: c:\documents and settings\Owner\Desktop\Gotcha.exe
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Application Data\Microsoft
    c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
    c:\program files\AskSearch\bin\DeFAultsearch.dll
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\system32\Ijl11.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_usnjsvc


    ((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 )))))))))))))))))))))))))))))))
    .

    2011-01-12 17:21 . 2011-01-12 17:21 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-01-10 00:11 . 2011-01-10 00:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific
    2011-01-07 06:21 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-07 06:21 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-06 16:55 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-06 05:53 . 2011-01-06 05:54 -------- d-----w- c:\documents and settings\Owner\Application Data\GARMIN
    2011-01-06 05:44 . 2011-01-06 05:44 -------- d-----w- c:\program files\DIFX
    2011-01-06 05:44 . 2011-01-06 05:44 -------- d-----w- c:\program files\Garmin
    2010-12-29 07:54 . 2010-12-29 07:54 -------- d-----w- c:\windows\system32\dumps
    2010-12-28 21:49 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-12-28 21:49 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-12-28 21:49 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-12-28 21:49 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-12-28 21:49 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-12-28 21:49 . 2010-12-28 21:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
    2010-12-27 09:18 . 2010-12-27 09:18 -------- d-----w- c:\program files\Symantec
    2010-12-27 09:18 . 2010-12-27 09:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-12-27 09:18 . 2010-12-27 09:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-27 09:17 . 2010-12-28 00:46 -------- d-----w- c:\windows\system32\drivers\N360
    2010-12-27 09:17 . 2010-12-27 09:17 -------- d-----w- c:\program files\Norton Security Suite
    2010-12-27 09:17 . 2010-12-27 09:17 -------- d-----w- c:\program files\Windows Sidebar
    2010-12-27 09:13 . 2010-12-27 09:13 -------- d-----w- c:\program files\NortonInstaller
    2010-12-25 10:50 . 2010-12-25 10:50 -------- d-----w- c:\documents and settings\Lelabear\Application Data\Malwarebytes
    2010-12-25 08:25 . 2010-12-25 08:25 -------- d-----w- c:\documents and settings\Lelabear\Local Settings\Application Data\AVG Security Toolbar
    2010-12-25 08:23 . 2010-12-25 08:23 -------- d-----w- c:\documents and settings\Lelabear\Local Settings\Application Data\Mozilla
    2010-12-25 08:22 . 2010-12-25 08:22 -------- d-----w- c:\documents and settings\Lelabear\Application Data\AVG10
    2010-12-15 07:30 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 07:29 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-27 00:29 . 2010-12-06 00:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-11-18 18:12 . 2006-11-15 19:31 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2004-08-10 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-04 21:10 . 2010-08-26 17:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-03 12:25 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-10 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-10 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-10 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .
    Code:
    <pre>
    c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
    c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
    c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
    c:\program files\Hitman Pro 3.5\HitmanPro35 .exe
    c:\program files\Hp\HP Software Update\HPWuSchd2 .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\windows\ehome\ehtray .exe
    </pre>
    ------- Sigcheck -------

    [-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
    [-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [7] 2004-08-10 12:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
    "hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
    "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-12-01 497376]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688]
    V CAST Media Monitor.lnk - c:\program files\V CAST Media Manager\MEMonitor.exe [2009-11-18 2676072]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe [2005-8-30 25896]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [12/27/2010 2:22 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [12/27/2010 2:22 PM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/23/2010 3:34 AM 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [12/27/2010 2:22 PM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [12/27/2010 2:22 PM 116784]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [12/27/2010 2:22 PM 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/4/2011 8:41 AM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110111.001\IDSXpx86.sys [1/11/2011 10:30 PM 341944]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [1/29/2007 6:47 AM 9312]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant =
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxp://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab
    DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab
    DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab
    DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
    DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://www.shockwave.com/content/doggiedash/sis/DoggieDash.1.0.0.6.cab
    DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
    DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
    DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
    DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://kingsoopers.storefront.com/images/global/activex/SFImageUpload1_4.CAB
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cxiu7dla.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf40485&v=6.010.023.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Search Toolbar: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Owner\Application Data\Move Networks
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-mcmscsvc
    SafeBoot-MCODS



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-12 11:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(560)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2504)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\SanDisk\Sansa Updater\SansaSvr.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\sm56hlpr.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-12 11:45:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-12 18:44

    Pre-Run: 30,761,197,568 bytes free
    Post-Run: 31,108,878,336 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 6605F80BFF9B5AC10482476771CC5BE2
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Mufferino,

    You aint clear yet my friend, proceed as follows please :-

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    
    File::
    c:\windows\system32\DRIVERS\Lbd.sys
    c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys
    Driver::
    Lbd
    Lavasoft Kernexplorer
    Folder::
    c:\documents and settings\Lelabear\Local Settings\Application Data\AVG Security Toolbar
    c:\documents and settings\Lelabear\Application Data\AVG10
    c:\program files\AskBarDis
    c:\program files\Lavasoft
    FCopy::
    c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll | c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll | c:\windows\system32\MsPMSNSv.dll
    c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll | 
    c:\windows\system32\dllcache\mspmsnsv.dll
    RenV::
    c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
    c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
    c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
    c:\program files\Hitman Pro 3.5\HitmanPro35 .exe
    c:\program files\Hp\HP Software Update\HPWuSchd2 .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\windows\ehome\ehtray .exe
    DDS::
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_Ac tiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your
    system.

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    What i`d likein your reply :-

    • Log from Combofix
    • Log from ESET
    • Log from Security Check

    Kevin
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973221

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice