Solved Netbt.sys (Trojan)

raguv2000 · Sep 29, 2010

Hi, I have the ever popular Trojan that has infected my netbt.sys file. I have attached some logs. Thanks for your help.

Broni · Sep 29, 2010

Welcome aboard

Attach.txt part of DDS is missing. Please, post it.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

raguv2000 · Sep 29, 2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1520
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 195):
0x82E3A000 \SystemRoot\system32\ntkrnlpa.exe
0x82E03000 \SystemRoot\system32\halmacpi.dll
0x80BD4000 \SystemRoot\system32\kdcom.dll
0x8B224000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B29C000 \SystemRoot\system32\PSHED.dll
0x8B2AD000 \SystemRoot\system32\BOOTVID.dll
0x8B2B5000 \SystemRoot\system32\CLFS.SYS
0x8B2F7000 \SystemRoot\system32\CI.dll
0x8B438000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B4A9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B4B7000 \SystemRoot\System32\Drivers\speu.sys
0x8B5AA000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8B5B3000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8B3A2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B5D9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B400000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B42A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B5E4000 \SystemRoot\System32\drivers\partmgr.sys
0x8B605000 \SystemRoot\System32\Drivers\qaiejeo.sys
0x8B6D9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B6E1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B6EC000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B6FC000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B747000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8B74E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B75C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B772000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B779000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B782000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B7A5000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B7AE000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B7E2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B7F3000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B809000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B938000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B963000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B976000 \SystemRoot\System32\Drivers\cng.sys
0x8B9D3000 \SystemRoot\System32\drivers\pcw.sys
0x8B9E1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA2C000 \SystemRoot\system32\drivers\ndis.sys
0x8BAE3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB21000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC32000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD7B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BDAC000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BDB5000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BDF4000 \SystemRoot\System32\Drivers\spldr.sys
0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BB46000 \SystemRoot\System32\Drivers\mup.sys
0x8BB56000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BB5E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BB90000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BBA1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BBC6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x92023000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x9206E000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100928.056\NAVEX15.SYS
0x921BC000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x921E1000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100928.056\NAVENG.SYS
0x921F5000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x92000000 \SystemRoot\System32\Drivers\Null.SYS
0x92007000 \SystemRoot\System32\Drivers\Beep.SYS
0x9200E000 \SystemRoot\System32\drivers\vga.sys
0x8B200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BA1F000 \SystemRoot\System32\drivers\watchdog.sys
0x9201A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B9EA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B9F2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B5F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B3EA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x99635000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9964C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x99657000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x99684000 \SystemRoot\system32\drivers\afd.sys
0x996DE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x996E5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x99704000 \SystemRoot\system32\DRIVERS\netbios.sys
0x99712000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x99725000 \SystemRoot\system32\DRIVERS\termdd.sys
0x99735000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9979F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x997E0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x997EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x997F4000 \??\C:\Windows\system32\drivers\fanio.sys
0x9A623000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9A681000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9A69E000 \SystemRoot\System32\drivers\discache.sys
0x9A6AA000 \SystemRoot\system32\drivers\csc.sys
0x9A70E000 \SystemRoot\System32\Drivers\dfsc.sys
0x9A726000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9A734000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9A755000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9AC1E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9B583000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9B601000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9B6B8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9B6F1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9B6FC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9B747000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9B756000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9BA33000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x9BE46000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x9BE57000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9BE83000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9BE9C000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x9BEAD000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x9BEC1000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x9BF13000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9BF2B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9BF59000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9BF5B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9BF68000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9BF75000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x9BF7B000 \SystemRoot\System32\Drivers\adae2lqb.SYS
0x9BFB4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9BFB8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9BFC1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9BFCE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9BFE0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9BA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9BA0B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9B775000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9B78D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9B7A4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9B7BB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9BA2D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9B7C5000 \SystemRoot\system32\DRIVERS\ks.sys
0x9B585000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9B593000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9B5D7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9A767000 \SystemRoot\system32\drivers\stwrt.sys
0x9A7BA000 \SystemRoot\system32\drivers\portcls.sys
0x9AC00000 \SystemRoot\system32\drivers\drmk.sys
0x82224000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x82261000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x82A39000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x82AED000 \SystemRoot\system32\drivers\modem.sys
0x82AFA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x82B07000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x82B12000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x82B1B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82B2C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x82B43000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x82B7D000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x82A1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9E390000 \SystemRoot\System32\win32k.sys
0x823BB000 \SystemRoot\System32\drivers\Dxapi.sys
0x823C5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9E5F0000 \SystemRoot\System32\TSDDD.dll
0x9E220000 \SystemRoot\System32\cdd.dll
0x9E240000 \SystemRoot\System32\ATMFD.DLL
0x823D0000 \SystemRoot\system32\drivers\luafv.sys
0x82200000 \SystemRoot\system32\drivers\WudfPf.sys
0x823EB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA703B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA7081000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7091000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA70A4000 \SystemRoot\system32\drivers\HTTP.sys
0xA7129000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA7142000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA7154000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7177000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA71B2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA71E5000 \SystemRoot\System32\Drivers\adfs.SYS
0xA71F6000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xA71FA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAD41F000 \SystemRoot\system32\drivers\peauth.sys
0xAD4B6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD4C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAD4E1000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAD4EE000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAD4F6000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD545000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD596000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAD5C0000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xBB678000 \SystemRoot\System32\Drivers\usbaapl.sys
0xBB686000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0xBB68F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xBB6B0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xBB6B9000 \SystemRoot\system32\drivers\btusbflt.sys
0xBB6C3000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xBB6D5000 \SystemRoot\System32\Drivers\bthport.sys
0xBB739000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xBB75D000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xBB76A000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xBB785000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBB790000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBB7A3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBB7AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x772C0000 \Windows\System32\ntdll.dll
0x47B20000 \Windows\System32\smss.exe
0x77500000 \Windows\System32\apisetschema.dll
0x00960000 \Windows\System32\autochk.exe
0x77450000 \Windows\System32\advapi32.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 73):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
420 csrss.exe
468 csrss.exe
476 C:\Windows\System32\wininit.exe
528 C:\Windows\System32\services.exe
536 C:\Windows\System32\lsass.exe
544 C:\Windows\System32\lsm.exe
592 C:\Windows\System32\winlogon.exe
696 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\nvvsvc.exe
804 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1256 C:\Program Files\Symantec AntiVirus\Smc.exe
1292 C:\Windows\System32\nvvsvc.exe
1336 C:\Windows\System32\svchost.exe
1556 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1836 C:\Windows\System32\spoolsv.exe
1868 C:\Windows\System32\svchost.exe
1960 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1992 C:\Program Files\Bonjour\mDNSResponder.exe
2040 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1172 C:\Windows\System32\taskhost.exe
1720 C:\Windows\System32\dwm.exe
1500 C:\Windows\explorer.exe
2076 C:\Windows\System32\svchost.exe
2336 C:\Program Files\Symantec AntiVirus\SmcGui.exe
2364 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2412 C:\Windows\System32\PnkBstrA.exe
2472 C:\Windows\System32\PnkBstrB.exe
2500 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2544 C:\Windows\System32\stacsv.exe
2608 C:\Windows\System32\svchost.exe
2632 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2784 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2904 C:\Windows\System32\drivers\XAudio.exe
3100 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3476 C:\Windows\System32\SearchIndexer.exe
4032 C:\Windows\System32\svchost.exe
2208 C:\Windows\System32\svchost.exe
3408 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4060 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
2136 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1564 C:\Windows\OEM02Mon.exe
1528 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
1972 C:\Program Files\Windows Media Player\wmpnetwk.exe
3820 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1088 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4020 C:\Windows\System32\rundll32.exe
2740 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3060 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
3616 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2704 C:\Program Files\DAEMON Tools Lite\DTLite.exe
3956 C:\Program Files\iPod\bin\iPodService.exe
4212 C:\Program Files\I8kfanGUI\I8kfanGUI.exe
5512 WUDFHost.exe
4320 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
252 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
3028 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
3564 C:\Windows\System32\taskmgr.exe
4276 C:\Program Files\Mozilla Firefox 3\firefox.exe
3348 C:\Windows\System32\SearchProtocolHost.exe
4600 C:\Windows\System32\SearchFilterHost.exe
424 C:\Windows\System32\audiodg.exe
5708 C:\Users\Ragu\Downloads\MBRCheck.exe
5052 C:\Windows\System32\conhost.exe
5336 C:\Windows\System32\dllhost.exe
5380 taskhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`85700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`05700000 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDD

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A54B45A3CA8FB79

Done!

Broni · Sep 29, 2010

Please, don't zip any logs.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

raguv2000 · Sep 29, 2010

the attach.txt file said:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

so, that's why I handled it that way

I will let you know what happens with the ComboFix shortly

Thank you very much for your help

Broni · Sep 29, 2010

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

so, that's why I handled it that way

...which means, you didn't read OUR instructions carefully: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

* When done, DDS will open two (2) logs:
[o]DDS.txt
[o]Attach.txt
[...]

** Please include both logs in your next reply.

There is nothing about zipping.

raguv2000 · Sep 30, 2010

Finished with ComboFix

Broni · Sep 30, 2010

Is Norton still complaining?

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sendmng"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\qaiejeo]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

raguv2000 · Sep 30, 2010

Finished the ComboFix again

Broni · Sep 30, 2010

You didn't say, if Norton is still complaining...

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Driver::
qaiejeo

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\qaiejeo]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

raguv2000 · Sep 30, 2010

No complaints from Norton

Broni · Sep 30, 2010

Good. Combofix log, please.

raguv2000 · Sep 30, 2010

Endpoint QuickScan picked up the netbt.sys while ComboFix was preparing the log

Broni · Sep 30, 2010

Combofix log looks clean now.

Let me know, if you'll get any new Norton's warnings from now on.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=======================================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

raguv2000 · Sep 30, 2010

Doing the OTL thing in one second

Broni · Sep 30, 2010

When you're done with OTL, please re-run TDSSKiller and post fresh log.

raguv2000 · Sep 30, 2010

Will rerun TDSSKiller shortly

raguv2000 · Sep 30, 2010

2010/09/30 23:46:28.0931 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 23:46:28.0931 ================================================================================
2010/09/30 23:46:28.0931 SystemInfo:
2010/09/30 23:46:28.0931
2010/09/30 23:46:28.0932 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/30 23:46:28.0932 Product type: Workstation
2010/09/30 23:46:28.0932 ComputerName: INXS
2010/09/30 23:46:28.0933 UserName: Ragu
2010/09/30 23:46:28.0933 Windows directory: C:\Windows
2010/09/30 23:46:28.0933 System windows directory: C:\Windows
2010/09/30 23:46:28.0933 Processor architecture: Intel x86
2010/09/30 23:46:28.0933 Number of processors: 2
2010/09/30 23:46:28.0933 Page size: 0x1000
2010/09/30 23:46:28.0933 Boot type: Normal boot
2010/09/30 23:46:28.0933 ================================================================================
2010/09/30 23:46:29.0469 Initialize success
2010/09/30 23:46:31.0082 ================================================================================
2010/09/30 23:46:31.0082 Scan started
2010/09/30 23:46:31.0082 Mode: Manual;
2010/09/30 23:46:31.0082 ================================================================================
2010/09/30 23:46:32.0764 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/30 23:46:32.0878 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/30 23:46:32.0993 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/30 23:46:33.0199 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/09/30 23:46:33.0329 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/30 23:46:33.0399 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/30 23:46:33.0467 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/30 23:46:33.0626 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/09/30 23:46:33.0674 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/30 23:46:33.0801 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/09/30 23:46:33.0919 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/30 23:46:33.0972 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/09/30 23:46:34.0032 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/30 23:46:34.0081 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/30 23:46:34.0140 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/30 23:46:34.0243 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/30 23:46:34.0329 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/30 23:46:34.0365 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/30 23:46:34.0456 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/09/30 23:46:34.0594 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/09/30 23:46:34.0628 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/30 23:46:34.0694 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys
2010/09/30 23:46:34.0800 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/30 23:46:34.0865 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/30 23:46:34.0979 AtiPcie (7a09f261577eeaa5b05eb09dfe31fd0e) C:\Windows\system32\DRIVERS\AtiPcie.sys
2010/09/30 23:46:35.0111 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/09/30 23:46:35.0236 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/30 23:46:35.0353 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/09/30 23:46:35.0458 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/09/30 23:46:35.0550 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/30 23:46:35.0650 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/30 23:46:35.0687 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/30 23:46:35.0731 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/30 23:46:35.0838 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/09/30 23:46:35.0890 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/30 23:46:35.0915 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/30 23:46:35.0947 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/30 23:46:36.0045 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/30 23:46:36.0083 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/30 23:46:36.0186 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/30 23:46:36.0221 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/09/30 23:46:36.0335 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/30 23:46:36.0467 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2010/09/30 23:46:36.0588 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\DRIVERS\btwavdt.sys
2010/09/30 23:46:36.0980 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/30 23:46:37.0111 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/30 23:46:37.0229 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/30 23:46:37.0287 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/09/30 23:46:37.0435 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/30 23:46:37.0462 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/30 23:46:37.0525 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/09/30 23:46:37.0634 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/30 23:46:37.0748 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/30 23:46:37.0865 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/30 23:46:37.0994 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/09/30 23:46:38.0068 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2010/09/30 23:46:38.0237 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/09/30 23:46:38.0542 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/09/30 23:46:38.0668 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/09/30 23:46:38.0796 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2010/09/30 23:46:38.0858 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/09/30 23:46:38.0907 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/09/30 23:46:39.0020 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/09/30 23:46:39.0084 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/30 23:46:39.0305 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/09/30 23:46:39.0527 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/30 23:46:39.0757 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/30 23:46:39.0933 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/30 23:46:40.0013 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/30 23:46:40.0143 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/09/30 23:46:40.0261 fanio (0dd24dabb0b8c4ac0d8f2ebf0492276a) C:\Windows\system32\drivers\fanio.sys
2010/09/30 23:46:40.0325 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/09/30 23:46:40.0444 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/30 23:46:40.0523 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/09/30 23:46:40.0566 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/09/30 23:46:40.0635 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/30 23:46:40.0746 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/09/30 23:46:40.0868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/09/30 23:46:40.0892 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/30 23:46:40.0970 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/30 23:46:41.0074 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/30 23:46:41.0118 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/09/30 23:46:41.0271 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/30 23:46:41.0390 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/30 23:46:41.0458 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/30 23:46:41.0527 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/30 23:46:41.0668 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/30 23:46:41.0792 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/30 23:46:41.0912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/30 23:46:42.0052 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/30 23:46:42.0139 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/09/30 23:46:42.0277 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/09/30 23:46:42.0349 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/30 23:46:42.0438 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/30 23:46:42.0527 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/30 23:46:42.0626 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/30 23:46:42.0671 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/30 23:46:42.0760 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/30 23:46:42.0789 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/30 23:46:42.0878 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/30 23:46:42.0912 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/09/30 23:46:43.0074 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/09/30 23:46:43.0123 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/30 23:46:43.0198 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

raguv2000 · Sep 30, 2010

2010/09/30 23:46:43.0315 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/30 23:46:43.0395 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/30 23:46:43.0439 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/30 23:46:43.0475 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/30 23:46:43.0594 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/30 23:46:43.0693 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/30 23:46:43.0719 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/30 23:46:43.0746 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/30 23:46:43.0776 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/30 23:46:43.0893 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/09/30 23:46:44.0016 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/30 23:46:44.0068 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/30 23:46:44.0194 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/30 23:46:44.0345 MOBIOLA_Wave (cdd79f08aa876b5f296950aa37972596) C:\Windows\system32\drivers\mobiolawave.sys
2010/09/30 23:46:44.0414 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/09/30 23:46:44.0531 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/30 23:46:44.0653 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/30 23:46:44.0749 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/30 23:46:44.0780 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/09/30 23:46:44.0836 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/30 23:46:44.0899 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/30 23:46:44.0972 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/30 23:46:45.0092 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/30 23:46:45.0158 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/30 23:46:45.0235 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/30 23:46:45.0290 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/30 23:46:45.0328 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/30 23:46:45.0431 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/09/30 23:46:45.0588 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/30 23:46:45.0666 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/30 23:46:45.0783 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/30 23:46:45.0888 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/30 23:46:45.0932 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/09/30 23:46:45.0996 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/09/30 23:46:46.0067 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/30 23:46:46.0099 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/09/30 23:46:46.0138 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/30 23:46:46.0162 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/09/30 23:46:46.0312 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/30 23:46:46.0588 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100929.037\NAVENG.SYS
2010/09/30 23:46:46.0855 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100929.037\NAVEX15.SYS
2010/09/30 23:46:47.0100 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/09/30 23:46:47.0210 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/30 23:46:47.0237 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/30 23:46:47.0324 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/30 23:46:47.0363 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/30 23:46:47.0435 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/09/30 23:46:47.0537 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/30 23:46:47.0606 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/30 23:46:47.0884 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/09/30 23:46:48.0126 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/30 23:46:48.0225 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/09/30 23:46:48.0270 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/30 23:46:48.0398 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/09/30 23:46:48.0487 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/09/30 23:46:49.0162 nvlddmkm (99c0a0df332a5b28e8a3d08cc8d879f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/30 23:46:49.0585 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/30 23:46:49.0611 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/30 23:46:49.0675 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/30 23:46:49.0815 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/09/30 23:46:49.0878 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/09/30 23:46:49.0949 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/30 23:46:50.0006 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/09/30 23:46:50.0060 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/09/30 23:46:50.0119 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/30 23:46:50.0264 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/09/30 23:46:50.0366 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/30 23:46:50.0448 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/30 23:46:50.0530 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/09/30 23:46:50.0585 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/09/30 23:46:50.0930 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/30 23:46:51.0052 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/09/30 23:46:51.0193 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/30 23:46:51.0286 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/30 23:46:51.0526 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/30 23:46:51.0872 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/30 23:46:51.0951 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/30 23:46:51.0998 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/30 23:46:52.0080 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/30 23:46:52.0218 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/30 23:46:52.0359 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/30 23:46:52.0443 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/30 23:46:52.0507 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/30 23:46:52.0543 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/30 23:46:52.0656 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/30 23:46:52.0950 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/09/30 23:46:53.0140 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/30 23:46:53.0429 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/30 23:46:53.0584 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/09/30 23:46:53.0748 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/09/30 23:46:54.0089 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/30 23:46:54.0359 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/09/30 23:46:54.0484 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/09/30 23:46:54.0548 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/09/30 23:46:54.0819 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/30 23:46:54.0891 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/09/30 23:46:55.0038 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

raguv2000 · Sep 30, 2010

2010/09/30 23:46:55.0255 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/30 23:46:55.0419 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/30 23:46:55.0502 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/30 23:46:55.0849 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/30 23:46:55.0967 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/09/30 23:46:56.0039 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/30 23:46:56.0240 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/30 23:46:56.0296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/30 23:46:56.0327 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/30 23:46:56.0369 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/30 23:46:56.0421 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/09/30 23:46:56.0518 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/30 23:46:56.0551 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/30 23:46:56.0654 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/09/30 23:46:56.0881 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/09/30 23:46:57.0033 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/09/30 23:46:57.0134 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/09/30 23:46:57.0233 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
2010/09/30 23:46:57.0265 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
2010/09/30 23:46:57.0298 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
2010/09/30 23:46:57.0400 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/09/30 23:46:57.0486 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/30 23:46:57.0564 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/30 23:46:57.0739 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/30 23:46:57.0824 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2010/09/30 23:46:57.0952 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/09/30 23:46:58.0008 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/09/30 23:46:58.0139 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/30 23:46:58.0396 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/09/30 23:46:58.0522 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2010/09/30 23:46:58.0604 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
2010/09/30 23:46:58.0982 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/30 23:46:59.0268 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys
2010/09/30 23:46:59.0664 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/09/30 23:47:00.0384 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/30 23:47:00.0664 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/30 23:47:00.0755 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/09/30 23:47:00.0810 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/30 23:47:00.0872 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/30 23:47:01.0018 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/30 23:47:01.0398 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/30 23:47:01.0680 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/30 23:47:01.0761 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/30 23:47:01.0899 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/30 23:47:02.0044 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/30 23:47:02.0148 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/30 23:47:02.0176 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/30 23:47:02.0508 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/30 23:47:02.0596 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/30 23:47:02.0643 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/30 23:47:02.0685 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/30 23:47:02.0898 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/30 23:47:03.0239 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/30 23:47:03.0367 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/30 23:47:03.0417 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/09/30 23:47:03.0461 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/30 23:47:03.0494 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/30 23:47:03.0607 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/30 23:47:03.0642 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/30 23:47:03.0668 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/09/30 23:47:03.0769 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/30 23:47:04.0033 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/09/30 23:47:04.0182 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/09/30 23:47:04.0277 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/30 23:47:04.0555 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/09/30 23:47:04.0658 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/09/30 23:47:04.0739 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/30 23:47:04.0830 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/09/30 23:47:05.0032 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/30 23:47:05.0370 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/30 23:47:05.0659 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/09/30 23:47:05.0899 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/30 23:47:06.0459 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/30 23:47:06.0492 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/30 23:47:06.0642 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/09/30 23:47:06.0840 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/30 23:47:06.0972 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/30 23:47:07.0020 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/09/30 23:47:07.0225 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/30 23:47:07.0646 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/09/30 23:47:08.0188 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/30 23:47:08.0778 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/30 23:47:09.0023 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/30 23:47:09.0200 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/30 23:47:09.0391 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/30 23:47:09.0645 ================================================================================
2010/09/30 23:47:09.0645 Scan finished
2010/09/30 23:47:09.0645 ================================================================================

Broni · Oct 1, 2010

Very good

Norton quiet?

I'll check your OTL logs now....

Broni · Oct 1, 2010

We need to remove old Java installations...

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=======================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223274865308 (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\Users\Ragu\*.tmp files -> C:\Users\Ragu\*.tmp -> ]
[2010/09/30 22:40:32 | 000,842,752 | ---- | M] () -- C:\Windows\System32\drivers\qaiejeo.sys


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=======================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

========================================================

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
IMPORTANT! UN-check Remove found threats
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

raguv2000 · Oct 1, 2010

Norton is quiet, only picked up a tracking cookie for atdmt dot com

raguv2000 · Oct 1, 2010

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
C:\Windows\Downloaded Program Files\wmv9dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5}
C:\Windows\Downloaded Program Files\SysScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BA3B159-7533-4F96-A2CE-EE5894BBD3D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BA3B159-7533-4F96-A2CE-EE5894BBD3D5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3BA3B159-7533-4F96-A2CE-EE5894BBD3D5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BA3B159-7533-4F96-A2CE-EE5894BBD3D5}\ not found.
Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\Windows\Downloaded Program Files\wuweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Ragu\ia_remove.sh3171.tmp deleted successfully.
C:\Windows\System32\drivers\qaiejeo.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ragu
->Temp folder emptied: 87849 bytes
->Temporary Internet Files folder emptied: 509891 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53713314 bytes
->Google Chrome cache emptied: 27006061 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 25505716 bytes
->Flash cache emptied: 7773 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7521743 bytes

Total Files Cleaned = 109.00 mb

[EMPTYFLASH]

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: postgres

User: Public

User: Ragu
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10012010_104554

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

raguv2000 · Oct 1, 2010

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.85.3
Adobe Reader 9.3.4
Mozilla Thunderbird (3.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Symantec AntiVirus Smc.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus SmcGui.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

Solved Netbt.sys (Trojan)

Posts: 27 +0

Attachments

Posts: 56,041 +516

Posts: 27 +0

Attachments

Posts: 56,041 +516

Posts: 27 +0

Posts: 56,041 +516

Posts: 27 +0

Attachments

Posts: 56,041 +516

Posts: 27 +0

Attachments

Posts: 56,041 +516

Posts: 27 +0

Posts: 56,041 +516

Posts: 27 +0

Attachments

Posts: 56,041 +516

Posts: 27 +0

Attachments

Posts: 56,041 +516

Posts: 27 +0

Attachments

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Similar threads