Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Infected: Tidserv Activity


  • Please log in to reply

#61
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
I need help uninstalling antilogger. It shows up in add/remove programs but there's no remove button.
  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Look in Start, (All) Programs, Antilogger and see if there is an uninstall option there. If not try redo uninstaller.
http://www.revounins...e_download.html
You download and install it and then run it and it will show you a bunch of icons, one for each program. You just select the anti logger icon and tell it to Uninstall it and it should take care of it for you. IF that doesn't work I can write a script to have otl or combofix remove it.
  • 0

#63
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
When I try to uninstall it using the uninstall that came with it I get "Missing Shortcut. Windows is searching for Zemana_Antilogger_Setup.exe". I ran Revo uninstaller and zemana antilogger doesn't show up.
  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
AntiLog32

Folder::
c:\program files\AntiLogger

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiLogger"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#65
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
ComboFix 12-01-06.03 - Kelly Sorber 01/07/2012 10:05:31.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1051 [GMT -5:00]
Running from: c:\documents and settings\Kelly Sorber\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kelly Sorber\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Kelly Sorber\Local Settings\Temporary Internet Files\ab_9B.tmp
c:\program files\AntiLogger
c:\program files\AntiLogger\AntiLog32.sys
c:\program files\AntiLogger\AntiLog64.sys
c:\program files\AntiLogger\AntiLogger.exe
c:\program files\AntiLogger\Arabic.ini
c:\program files\AntiLogger\Brazilian Portuguese.ini
c:\program files\AntiLogger\Bulgarian.ini
c:\program files\AntiLogger\Byelorussian.ini
c:\program files\AntiLogger\Chinese (Taiwan).ini
c:\program files\AntiLogger\Chinese.ini
c:\program files\AntiLogger\Clnmbrs.exe
c:\program files\AntiLogger\config.cfg
c:\program files\AntiLogger\Czech.ini
c:\program files\AntiLogger\Dutch.ini
c:\program files\AntiLogger\English.chm
c:\program files\AntiLogger\English.ini
c:\program files\AntiLogger\Estonian.ini
c:\program files\AntiLogger\French.ini
c:\program files\AntiLogger\German.chm
c:\program files\AntiLogger\German.ini
c:\program files\AntiLogger\Hungarian.ini
c:\program files\AntiLogger\Inshlpr.exe
c:\program files\AntiLogger\Italian.ini
c:\program files\AntiLogger\Japanese.chm
c:\program files\AntiLogger\Japanese.ini
c:\program files\AntiLogger\Korean.ini
c:\program files\AntiLogger\license.english.rtf
c:\program files\AntiLogger\license.turkish.rtf
c:\program files\AntiLogger\logs\List.db
c:\program files\AntiLogger\Polish.ini
c:\program files\AntiLogger\Proxma.url
c:\program files\AntiLogger\Russian.ini
c:\program files\AntiLogger\Slovenian.ini
c:\program files\AntiLogger\Spanish.ini
c:\program files\AntiLogger\Swedish.ini
c:\program files\AntiLogger\Turkish Latin.ini
c:\program files\AntiLogger\Turkish.ini
c:\program files\AntiLogger\zemana.url
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ANTILOG32
-------\Service_AntiLog32
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-06 19:14 . 2012-01-06 19:14 -------- d-----w- c:\program files\VS Revo Group
2012-01-05 22:52 . 2012-01-05 22:52 -------- d-----w- c:\documents and settings\Kelly Sorber\Local Settings\Application Data\Solid State Networks
2012-01-04 20:45 . 2012-01-04 20:45 -------- d-sh--w- c:\documents and settings\Kelly Sorber\UserData
2012-01-02 17:39 . 2012-01-02 17:39 -------- d-----w- c:\program files\NirSoft
2012-01-01 21:11 . 2012-01-01 21:11 -------- d-----w- c:\program files\Apple Software Update
2012-01-01 20:33 . 2012-01-01 20:33 -------- d-----w- c:\program files\Common Files\Windows Live
2012-01-01 20:25 . 2012-01-01 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2011-12-23 22:32 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-23 22:32 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-23 22:32 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-23 22:32 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-23 15:53 . 2012-01-07 14:22 -------- d-----w- c:\documents and settings\Kelly Sorber\Application Data\Simple Adblock
2011-12-23 15:53 . 2011-12-23 15:53 -------- d-----w- c:\program files\Common Files\Simple Adblock
2011-12-23 15:18 . 2011-12-23 15:18 -------- d-----w- c:\program files\FileHippo.com
2011-12-19 02:45 . 2011-12-19 02:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 20:27 . 2011-12-19 02:13 -------- d-----w- c:\documents and settings\Kelly Sorber\Application Data\DMCache
2011-12-17 17:33 . 2011-12-17 17:33 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2011-12-11 18:49 . 2001-08-18 03:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-12-11 18:49 . 2001-08-18 03:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-12-11 18:48 . 2001-08-18 03:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-12-11 18:48 . 2001-08-18 03:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-12-11 18:46 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-12-11 18:43 . 2001-08-18 03:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-12-11 18:41 . 2001-08-18 03:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-12-11 18:35 . 2001-08-18 03:36 51200 ----a-w- c:\windows\system32\dllcache\eqnlogr.exe
2011-12-11 18:34 . 2001-08-18 03:36 29768 ----a-w- c:\windows\system32\dllcache\divasu.dll
2011-12-11 18:33 . 2008-04-14 01:11 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll
2011-12-11 18:32 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-12-11 18:31 . 2004-08-04 10:00 6144 ----a-w- c:\windows\system32\dllcache\admxprox.dll
2011-12-11 15:05 . 2011-12-11 16:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-11 15:05 . 2011-12-11 16:23 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-11 15:05 . 2011-12-11 16:23 -------- d-----w- c:\program files\Symantec
2011-12-11 15:05 . 2011-12-11 16:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-12-11 15:05 . 2011-12-11 15:05 -------- d-----w- c:\program files\Norton Security Suite
2011-12-11 15:05 . 2011-12-11 15:05 -------- d-----w- c:\program files\NortonInstaller
2011-12-11 14:02 . 2011-12-11 14:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ID Vault
2011-12-11 14:02 . 2011-12-11 14:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\ID Vault
2011-12-11 13:59 . 2011-12-17 19:16 -------- d-----w- c:\documents and settings\Kelly Sorber\Local Settings\Application Data\ID Vault
2011-12-11 13:59 . 2011-12-17 19:16 -------- d-----w- c:\documents and settings\Kelly Sorber\Application Data\ID Vault
2011-12-11 13:58 . 2011-12-17 19:17 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2011-12-11 13:57 . 2011-12-11 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2011-12-10 21:33 . 2011-12-10 21:33 -------- d-----w- c:\program files\Common Files\Java
2011-12-10 16:05 . 2011-11-10 08:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-09 23:56 . 2011-12-09 23:56 -------- d-----w- c:\program files\Speccy
2011-12-09 18:07 . 2011-12-09 18:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-09 17:21 . 2011-12-11 18:10 -------- d-----w- c:\windows\system32\drivers\N360
2011-12-08 18:39 . 2011-12-11 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-08 18:39 . 2011-12-08 18:39 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-12-08 01:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 01:05 . 2004-08-11 22:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-23 13:29 . 2004-08-11 22:00 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 10:54 . 2010-04-24 18:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-04 19:20 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-11 22:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-11 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-11 22:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-12-21 07:24 . 2011-06-14 00:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HostManager"="c:\program files\Common Files\AOL\1188945143\ee\AOLSoftware.exe" [2006-09-26 50736]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2007-02-19 303104]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-12-29 329824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-27 50688]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1188945143\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [10/1/2007 7:12 PM 6097]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [12/11/2011 11:23 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [12/11/2011 11:23 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [12/22/2011 10:21 AM 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [12/11/2011 11:23 AM 136312]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [6/24/2009 10:57 AM 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [1/30/2011 7:37 PM 99896]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 11:47 AM 202048]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [12/11/2011 11:23 AM 130008]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/18/2011 8:49 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120106.002\IDSXpx86.sys [1/7/2012 9:30 AM 356280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 6:09 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 6:09 PM 135664]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 4:05 PM 266544]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [1/30/2011 6:52 PM 17408]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/24/2010 12:47 PM 47360]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [10/1/2007 7:12 PM 299923]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2010-07-14 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-06-25 17:23]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 23:08]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 23:08]
.
2010-12-22 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2012-01-05 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-01-11 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kelly Sorber\Application Data\Mozilla\Firefox\Profiles\3q413xbt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-07 10:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\HidFind.exe
c:\program files\StudioLine Photo Classic\NMSAccess32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\windows\system32\UStorSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2012-01-07 10:20:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 15:20
.
Pre-Run: 53,583,081,472 bytes free
Post-Run: 53,881,319,424 bytes free
.
- - End Of File - - 87091670AB6CC3268D69C2E94BA1DA78
  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
That seems to have worked. I don't see any sign of antilogger. Guess we just wait to see if you get any more crashes.
  • 0

#67
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
Ok, thank you Ron.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP