Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

https tidserv rquest & https tidserv request 2

Started by skorpeo , Aug 17 2010 12:02 PM

  • This topic is locked This topic is locked

#1
skorpeo
Posted 17 August 2010 - 12:02 PM

skorpeo

    Member

  • Member
  • PipPip
  • 43 posts
Can you please help. I recently,(last week), have started getting a pop from Norton saying that an intrusion attempt had been blocked. It specified HHTPS tidserv request 2 and then HHTPS tidserv request as well, from 2 different IPS. So far, I've experienced extremely slow booting, sluggish reaction to clicks, redirection of web sites, especially Microsoft updates and symantec help. I have done some searches and some forums had suggested tiddskiller and malwarebytes anti-malware, which I ran and still have the same problem. Obviously my Norton anti virus is not doing its job to well. I've tried to do a definition update, It goes through the motions and then says the action was skipped because the definitions were up to date. When I run a Full scan the result is that it scans only a few files and is done, in the past this scan took very long. I have not saves any of the past logs since I didnt know what to do with them. I am not very computer literate when it comes to too complicated issues, but I can work through some stuff. This is basically our main storage computer, and is running xp svc 3, it uses DSL to connect to the internet and we are using a linksys router for wireless connection to the internet on our laptops. Thank you in advance for any help you can render.
  • 0

Advertisements

#2
Rorschach112
Posted 17 August 2010 - 02:41 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
skorpeo
Posted 17 August 2010 - 05:17 PM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
thank you, I did as instructed and ran the TDSSKILLER (which I had done once before) and it says that nothing was found. I am still experiencing the same symptoms though, I have gotten 3 pop ups since reading this post telling me that an intrusion attempt has been blocked from 68b6b6b6,com (61.61.20,132,135,443) also rukkieanno.in (91.21.226.7,443)

2010/08/17 19:27:11.0531 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/17 19:27:11.0531 ================================================================================
2010/08/17 19:27:11.0531 SystemInfo:
2010/08/17 19:27:11.0531
2010/08/17 19:27:11.0531 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/17 19:27:11.0531 Product type: Workstation
2010/08/17 19:27:11.0531 ComputerName: RAY
2010/08/17 19:27:11.0531 UserName: user
2010/08/17 19:27:11.0531 Windows directory: C:\WINDOWS
2010/08/17 19:27:11.0531 System windows directory: C:\WINDOWS
2010/08/17 19:27:11.0531 Processor architecture: Intel x86
2010/08/17 19:27:11.0531 Number of processors: 2
2010/08/17 19:27:11.0531 Page size: 0x1000
2010/08/17 19:27:11.0531 Boot type: Normal boot
2010/08/17 19:27:11.0531 ================================================================================
2010/08/17 19:27:12.0312 Initialize success
2010/08/17 19:27:26.0218 ================================================================================
2010/08/17 19:27:26.0218 Scan started
2010/08/17 19:27:26.0218 Mode: Manual;
2010/08/17 19:27:26.0218 ================================================================================
2010/08/17 19:27:27.0078 AC2003 (abdae0ff36a5ca1def07657d4c34ffcb) C:\WINDOWS\system32\Drivers\AC2003.sys
2010/08/17 19:27:27.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/17 19:27:27.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/17 19:27:27.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/17 19:27:27.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/17 19:27:27.0687 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/17 19:27:27.0968 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2010/08/17 19:27:28.0421 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/17 19:27:29.0171 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/17 19:27:29.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/17 19:27:29.0421 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/17 19:27:29.0546 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/17 19:27:29.0625 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2010/08/17 19:27:29.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/17 19:27:29.0906 Camav (a839289518d08655e2162f3ecf3ee485) C:\WINDOWS\system32\Drivers\Camav.sys
2010/08/17 19:27:30.0015 camflt (5320b8515bff632b85a97bd12da08825) C:\WINDOWS\system32\DRIVERS\camflt.sys
2010/08/17 19:27:30.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/17 19:27:30.0171 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/17 19:27:30.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/17 19:27:30.0515 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/17 19:27:30.0625 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/17 19:27:30.0875 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/08/17 19:27:31.0234 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/17 19:27:31.0375 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/17 19:27:31.0515 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/17 19:27:31.0578 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/17 19:27:31.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/17 19:27:31.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/17 19:27:31.0906 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/17 19:27:31.0968 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/17 19:27:32.0156 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2010/08/17 19:27:32.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/17 19:27:32.0453 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/17 19:27:32.0546 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/17 19:27:32.0593 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/17 19:27:32.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/17 19:27:32.0875 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2010/08/17 19:27:32.0968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/17 19:27:33.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/17 19:27:33.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/17 19:27:33.0296 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/17 19:27:33.0546 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/17 19:27:33.0656 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/17 19:27:33.0750 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/17 19:27:33.0843 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/08/17 19:27:34.0031 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/08/17 19:27:34.0250 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2010/08/17 19:27:34.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/17 19:27:34.0781 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/17 19:27:34.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/17 19:27:35.0078 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/17 19:27:35.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/17 19:27:35.0265 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/17 19:27:35.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/17 19:27:35.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/17 19:27:35.0562 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/17 19:27:35.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/17 19:27:35.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/17 19:27:35.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/17 19:27:36.0140 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2010/08/17 19:27:36.0343 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/17 19:27:36.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/17 19:27:36.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/17 19:27:36.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/17 19:27:37.0000 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/08/17 19:27:37.0390 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/17 19:27:37.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/17 19:27:37.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/17 19:27:37.0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/17 19:27:37.0921 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/17 19:27:38.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/17 19:27:38.0203 MPRIFL (a252adb815e5186382d79e19dd7a486b) C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS
2010/08/17 19:27:38.0421 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/17 19:27:38.0593 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/17 19:27:38.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/17 19:27:38.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/17 19:27:39.0046 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/17 19:27:39.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/17 19:27:39.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/17 19:27:39.0390 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/17 19:27:39.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/17 19:27:39.0609 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/17 19:27:39.0765 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100816.016\NAVENG.SYS
2010/08/17 19:27:39.0984 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100816.016\NAVEX15.SYS
2010/08/17 19:27:40.0468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/17 19:27:40.0593 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/17 19:27:40.0750 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/17 19:27:40.0921 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/17 19:27:41.0015 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/17 19:27:41.0109 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/17 19:27:41.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/17 19:27:41.0390 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/17 19:27:41.0515 NPDriver (57883a0c8ab1d93fce74d79b5fe8b4ff) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2010/08/17 19:27:41.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/17 19:27:41.0687 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/17 19:27:41.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/17 19:27:42.0234 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/17 19:27:42.0671 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2010/08/17 19:27:42.0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/17 19:27:42.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/17 19:27:43.0078 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/17 19:27:43.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/17 19:27:43.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/17 19:27:43.0343 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/17 19:27:43.0531 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/17 19:27:43.0625 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/17 19:27:44.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/17 19:27:44.0343 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/17 19:27:44.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/17 19:27:44.0531 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/17 19:27:44.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/17 19:27:45.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/17 19:27:45.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/17 19:27:45.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/17 19:27:45.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/17 19:27:45.0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/17 19:27:45.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/17 19:27:45.0687 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/17 19:27:45.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/17 19:27:45.0859 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2010/08/17 19:27:46.0062 RTL8023xp (432f94857dc866a6d3d06931eed85434) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/08/17 19:27:46.0203 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/17 19:27:46.0468 SDdriver (ac2e5fa94155bc0c4c7ab8f97e181f6f) C:\WINDOWS\system32\Drivers\sddriver.sys
2010/08/17 19:27:46.0578 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/17 19:27:46.0703 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/17 19:27:46.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/17 19:27:46.0906 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/17 19:27:47.0093 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/17 19:27:47.0218 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/08/17 19:27:47.0375 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2010/08/17 19:27:47.0593 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/08/17 19:27:47.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/17 19:27:47.0859 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/17 19:27:47.0968 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/08/17 19:27:48.0109 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/08/17 19:27:48.0250 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/08/17 19:27:48.0375 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/17 19:27:48.0484 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/17 19:27:48.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/17 19:27:48.0656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/17 19:27:48.0937 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2010/08/17 19:27:49.0062 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/08/17 19:27:49.0125 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2010/08/17 19:27:49.0265 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2010/08/17 19:27:49.0421 SYMIDSCO (14316306984f8ae6b6090b29a5f097b6) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20100810.001\SymIDSCo.sys
2010/08/17 19:27:49.0640 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/08/17 19:27:49.0640 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/08/17 19:27:49.0765 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2010/08/17 19:27:49.0875 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/08/17 19:27:49.0984 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/08/17 19:27:50.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/17 19:27:50.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/17 19:27:50.0640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/17 19:27:50.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/17 19:27:50.0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/17 19:27:50.0968 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/08/17 19:27:51.0093 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/08/17 19:27:51.0203 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2010/08/17 19:27:51.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/17 19:27:51.0609 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/17 19:27:51.0765 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/17 19:27:51.0875 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/08/17 19:27:51.0968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/17 19:27:52.0078 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/08/17 19:27:52.0171 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/17 19:27:52.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/17 19:27:52.0515 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/08/17 19:27:52.0750 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/17 19:27:53.0062 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/17 19:27:53.0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/17 19:27:53.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/17 19:27:53.0671 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2010/08/17 19:27:53.0843 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/17 19:27:54.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/17 19:27:54.0125 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/17 19:27:54.0265 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/08/17 19:27:54.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/17 19:27:54.0671 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/08/17 19:27:54.0937 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/08/17 19:27:55.0109 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/17 19:27:55.0265 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/17 19:27:55.0390 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/17 19:27:55.0546 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/17 19:27:55.0750 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2010/08/17 19:27:55.0796 ================================================================================
2010/08/17 19:27:55.0796 Scan finished
2010/08/17 19:27:55.0796 ================================================================================

Edited by skorpeo, 17 August 2010 - 05:35 PM.

  • 0

#4
skorpeo
Posted 17 August 2010 - 05:39 PM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
sorry, I went back and re ran the TDSSKILLER and still didnt find anything, but as I said I am still getting these blocked intrusion pop ups and I still am gettting redirected and I cant access Microsoft updates from this computer either. I went back to the program and clicked report and copied it, I hope this is what you needed.


2010/08/17 19:27:11.0531 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/17 19:27:11.0531 ================================================================================
2010/08/17 19:27:11.0531 SystemInfo:
2010/08/17 19:27:11.0531
2010/08/17 19:27:11.0531 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/17 19:27:11.0531 Product type: Workstation
2010/08/17 19:27:11.0531 ComputerName: RAY
2010/08/17 19:27:11.0531 UserName: user
2010/08/17 19:27:11.0531 Windows directory: C:\WINDOWS
2010/08/17 19:27:11.0531 System windows directory: C:\WINDOWS
2010/08/17 19:27:11.0531 Processor architecture: Intel x86
2010/08/17 19:27:11.0531 Number of processors: 2
2010/08/17 19:27:11.0531 Page size: 0x1000
2010/08/17 19:27:11.0531 Boot type: Normal boot
2010/08/17 19:27:11.0531 ================================================================================
2010/08/17 19:27:12.0312 Initialize success
2010/08/17 19:27:26.0218 ================================================================================
2010/08/17 19:27:26.0218 Scan started
2010/08/17 19:27:26.0218 Mode: Manual;
2010/08/17 19:27:26.0218 ================================================================================
2010/08/17 19:27:27.0078 AC2003 (abdae0ff36a5ca1def07657d4c34ffcb) C:\WINDOWS\system32\Drivers\AC2003.sys
2010/08/17 19:27:27.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/17 19:27:27.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/17 19:27:27.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/17 19:27:27.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/17 19:27:27.0687 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/17 19:27:27.0968 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2010/08/17 19:27:28.0421 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/17 19:27:29.0171 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/17 19:27:29.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/17 19:27:29.0421 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/17 19:27:29.0546 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/17 19:27:29.0625 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2010/08/17 19:27:29.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/17 19:27:29.0906 Camav (a839289518d08655e2162f3ecf3ee485) C:\WINDOWS\system32\Drivers\Camav.sys
2010/08/17 19:27:30.0015 camflt (5320b8515bff632b85a97bd12da08825) C:\WINDOWS\system32\DRIVERS\camflt.sys
2010/08/17 19:27:30.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/17 19:27:30.0171 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/17 19:27:30.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/17 19:27:30.0515 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/17 19:27:30.0625 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/17 19:27:30.0875 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/08/17 19:27:31.0234 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/17 19:27:31.0375 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/17 19:27:31.0515 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/17 19:27:31.0578 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/17 19:27:31.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/17 19:27:31.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/17 19:27:31.0906 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/17 19:27:31.0968 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/17 19:27:32.0156 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2010/08/17 19:27:32.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/17 19:27:32.0453 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/17 19:27:32.0546 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/17 19:27:32.0593 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/17 19:27:32.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/17 19:27:32.0875 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2010/08/17 19:27:32.0968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/17 19:27:33.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/17 19:27:33.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/17 19:27:33.0296 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/17 19:27:33.0546 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/17 19:27:33.0656 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/17 19:27:33.0750 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/17 19:27:33.0843 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/08/17 19:27:34.0031 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/08/17 19:27:34.0250 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2010/08/17 19:27:34.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/17 19:27:34.0781 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/17 19:27:34.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/17 19:27:35.0078 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/17 19:27:35.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/17 19:27:35.0265 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/17 19:27:35.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/17 19:27:35.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/17 19:27:35.0562 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/17 19:27:35.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/17 19:27:35.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/17 19:27:35.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/17 19:27:36.0140 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2010/08/17 19:27:36.0343 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/17 19:27:36.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/17 19:27:36.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/17 19:27:36.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/17 19:27:37.0000 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/08/17 19:27:37.0390 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/17 19:27:37.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/17 19:27:37.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/17 19:27:37.0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/17 19:27:37.0921 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/17 19:27:38.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/17 19:27:38.0203 MPRIFL (a252adb815e5186382d79e19dd7a486b) C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS
2010/08/17 19:27:38.0421 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/17 19:27:38.0593 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/17 19:27:38.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/17 19:27:38.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/17 19:27:39.0046 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/17 19:27:39.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/17 19:27:39.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/17 19:27:39.0390 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/17 19:27:39.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/17 19:27:39.0609 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/17 19:27:39.0765 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100816.016\NAVENG.SYS
2010/08/17 19:27:39.0984 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100816.016\NAVEX15.SYS
2010/08/17 19:27:40.0468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/17 19:27:40.0593 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/17 19:27:40.0750 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/17 19:27:40.0921 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/17 19:27:41.0015 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/17 19:27:41.0109 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/17 19:27:41.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/17 19:27:41.0390 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/17 19:27:41.0515 NPDriver (57883a0c8ab1d93fce74d79b5fe8b4ff) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2010/08/17 19:27:41.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/17 19:27:41.0687 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/17 19:27:41.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/17 19:27:42.0234 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/17 19:27:42.0671 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2010/08/17 19:27:42.0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/17 19:27:42.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/17 19:27:43.0078 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/17 19:27:43.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/17 19:27:43.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/17 19:27:43.0343 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/17 19:27:43.0531 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/17 19:27:43.0625 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/17 19:27:44.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/17 19:27:44.0343 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/17 19:27:44.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/17 19:27:44.0531 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/17 19:27:44.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/17 19:27:45.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/17 19:27:45.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/17 19:27:45.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/17 19:27:45.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/17 19:27:45.0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/17 19:27:45.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/17 19:27:45.0687 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/17 19:27:45.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/17 19:27:45.0859 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2010/08/17 19:27:46.0062 RTL8023xp (432f94857dc866a6d3d06931eed85434) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/08/17 19:27:46.0203 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/17 19:27:46.0468 SDdriver (ac2e5fa94155bc0c4c7ab8f97e181f6f) C:\WINDOWS\system32\Drivers\sddriver.sys
2010/08/17 19:27:46.0578 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/17 19:27:46.0703 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/17 19:27:46.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/17 19:27:46.0906 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/17 19:27:47.0093 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/17 19:27:47.0218 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/08/17 19:27:47.0375 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2010/08/17 19:27:47.0593 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/08/17 19:27:47.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/17 19:27:47.0859 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/17 19:27:47.0968 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/08/17 19:27:48.0109 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/08/17 19:27:48.0250 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/08/17 19:27:48.0375 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/17 19:27:48.0484 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/17 19:27:48.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/17 19:27:48.0656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/17 19:27:48.0937 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2010/08/17 19:27:49.0062 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/08/17 19:27:49.0125 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2010/08/17 19:27:49.0265 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2010/08/17 19:27:49.0421 SYMIDSCO (14316306984f8ae6b6090b29a5f097b6) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20100810.001\SymIDSCo.sys
2010/08/17 19:27:49.0640 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/08/17 19:27:49.0640 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/08/17 19:27:49.0765 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2010/08/17 19:27:49.0875 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/08/17 19:27:49.0984 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/08/17 19:27:50.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/17 19:27:50.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/17 19:27:50.0640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/17 19:27:50.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/17 19:27:50.0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/17 19:27:50.0968 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/08/17 19:27:51.0093 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/08/17 19:27:51.0203 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2010/08/17 19:27:51.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/17 19:27:51.0609 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/17 19:27:51.0765 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/17 19:27:51.0875 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/08/17 19:27:51.0968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/17 19:27:52.0078 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/08/17 19:27:52.0171 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/17 19:27:52.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/17 19:27:52.0515 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/08/17 19:27:52.0750 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/17 19:27:53.0062 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/17 19:27:53.0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/17 19:27:53.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/17 19:27:53.0671 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2010/08/17 19:27:53.0843 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/17 19:27:54.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/17 19:27:54.0125 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/17 19:27:54.0265 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/08/17 19:27:54.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/17 19:27:54.0671 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/08/17 19:27:54.0937 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/08/17 19:27:55.0109 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/17 19:27:55.0265 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/17 19:27:55.0390 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/17 19:27:55.0546 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/17 19:27:55.0750 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2010/08/17 19:27:55.0796 ================================================================================
2010/08/17 19:27:55.0796 Scan finished
2010/08/17 19:27:55.0796 ================================================================================
  • 0

#5
Rorschach112
Posted 18 August 2010 - 05:16 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#6
skorpeo
Posted 19 August 2010 - 05:33 AM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello, I downloaded and ran combofix. I installed the Microsoft recovery console successfully. It went into autoscan and said it should take 10 minutes but could double if badly infected. Well, 8 hours later I still had that same screen with no additional info, but I also started getting Norton pop ups while it was running even though I turned it off. I turned off the computer manually since nothing else worked and I'm still getting those Tidserv request 2 pop ups. Should I re run the combo fix? does the internet have to be running while the combo fix is running? I pulled the cable since I disabled the anti virus. Thank you again for all your help.
  • 0

#7
Rorschach112
Posted 19 August 2010 - 06:15 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
run combofix in safe mode
  • 0

#8
skorpeo
Posted 19 August 2010 - 06:58 PM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
well, I'm really having a time of this, I went into safe mode and and started combofix, I got a message that Norton antivirus has a live real time scanner running and I have to shut it off before I run combofix or horrible things could happen. Now the question is how do I shut this scanner thing off in safe mode? I clicked Norton antivirus and it says that parts are not available and do I want run a full scan, I dont know how to shut it off and I dont want to risk screwing my computer up anymore. So how do I do this? thanks for your help and patience.
  • 0

#9
skorpeo
Posted 19 August 2010 - 07:09 PM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ok, I played with it and changed the start up settings to load basic stuff and it work, Combo fix says it detected the presence of rootkit activity and needs to reboot. would I need to reboot in safe mode and re run the scan?
  • 0

#10
skorpeo
Posted 19 August 2010 - 07:37 PM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
sorry that, I'm posting all these things this way, I just restarted and combofix continued, it says completed stage 50, then it lists 2 deleted files, and the has stopped there with a blinking cursor, does it advise you once its completed?
  • 0

Advertisements

#11
skorpeo
Posted 19 August 2010 - 08:53 PM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Ok, once again I'm sorry for the repeated posts maybe I should have just waited and the answers would com. I will post the log here, I thought I was fixed, but as soon as the computer rebooted I got the same pop up that says an intrusion was blocked. and it was https tidserv request 2. thank you so much for the assist, and if there is anything else I should do or another tool I should run, pls advise.


ComboFix 10-08-17.04 - user 08/19/2010 21:16:57.1.2 - x86 MINIMAL
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
.
PEV Error: AppFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\GoToAssistDownloadHelper.exe
c:\windows\100%_Free_Chess_Toolbar_Uninstaller_2578.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-14 22:28 . 2010-08-14 22:31 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\NPE
2010-08-11 23:40 . 2010-08-11 23:43 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2010-08-07 22:42 . 2010-08-07 22:42 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-08-07 03:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 03:19 . 2010-08-07 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 03:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 03:19 . 2010-08-07 03:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-05 00:54 . 2010-08-05 00:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-05 00:54 . 2010-08-16 02:05 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 00:40 . 2008-11-17 23:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-15 03:34 . 2008-12-21 22:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-14 22:28 . 2009-12-16 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-13 02:19 . 2008-12-21 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-10 15:31 . 2008-11-17 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-09 16:44 . 2008-11-17 23:46 -------- d-----w- c:\program files\Norton SystemWorks
2010-08-08 03:07 . 2001-08-23 12:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-07-25 22:13 . 2010-02-23 04:45 -------- d-----w- c:\program files\Zynga
2010-06-14 14:31 . 2005-08-15 08:16 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-05-28 23:25 . 2010-05-28 23:25 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-28 23:25 . 2010-05-28 23:25 39 ----a-w- c:\windows\system32\rp_rules.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-25 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-07-25 22:13 2734688 ----a-w- c:\program files\Zynga\tbZyn1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-25 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-25 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-11-28 19:02 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-17 20:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
2007-12-14 21:59 1071472 ----a-w- c:\program files\My Lockbox\flockbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-11 23:40 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck]
2007-09-18 13:22 25472 ----a-w- c:\program files\Norton SystemWorks\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-31 19:35 7634944 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-31 19:35 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-31 19:35 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2007-08-25 04:53 714608 ----a-w- c:\program files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-07 00:36 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-08 21:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-11-28 19:02 988701 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2007-08-29 15:55 1347584 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-11-10 17:23 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WinDefend"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Symantec RemoteAssist"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"Speed Disk service"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"PlugPlay"=2 (0x2)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NProtectService"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"LanmanWorkstation"=2 (0x2)
"LanmanServer"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"cisvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"AcrSch2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1434:TCP"= 1434:TCP:ares

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/6/2009 8:22 PM 64160]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [1/12/2007 8:42 PM 17264]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [8/15/2005 4:49 AM 4224]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 4:55 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 5:26 AM 102448]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 1:07 AM 149352]
S4 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [11/3/2005 11:08 PM 95832]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:23]

2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-854245398-682003330-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 23:40]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-854245398-682003330-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 23:40]

2010-08-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-08-09 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - user.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2010-08-09 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 13:22]

2010-08-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-08-06 c:\windows\Tasks\ray's.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: trivia01.com
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
MSConfigStartUp-LWBMOUSE - c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
AddRemove-100% Free Chess Toolbar - c:\windows\100%_Free_Chess_Toolbar_Uninstaller_2578.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82EADACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8639f28
\Driver\ACPI -> ACPI.sys @ 0xf85accb8
\Driver\atapi -> atapi.sys @ 0xf853e852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(292)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(352)
c:\windows\system32\WININET.dll
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(840)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-19 22:12:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-20 02:11

Pre-Run: 75,664,662,528 bytes free
Post-Run: 77,098,942,464 bytes free

- - End Of File - - A187AD6CBB88712BF20C9C73F31CA75E
  • 0

#12
Rorschach112
Posted 20 August 2010 - 04:11 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
where did combofix say it found the rootkit ?



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

TDL::
c:\windows\system32\drivers\disk.sys
Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#13
skorpeo
Posted 20 August 2010 - 05:22 AM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ok, I'm using my laptop now cause the "fixed" computer is acting erractic. I was still getting those blocked intrusion pop ups and when I went to check emails, I got 10 open envelope icons in my systray. the icons on my desktop were doing this little dance where they went from icon to dos pic, when I clicked the start button to shut down most of the index was blacked out. So to do this next step, should I boot in safemode again? Ok, now how do I get this "quote" when I open notepad? Do I type it as it shows on your post? or is it somewhere on my computer? Thanks again for the time and effort.
  • 0

#14
Rorschach112
Posted 20 August 2010 - 05:29 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
use safe mode if you have to

you just copy and paste the information in the quote box above
  • 0

#15
skorpeo
Posted 20 August 2010 - 06:21 PM

skorpeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I copy and pasted the quote, reboot in safe mode, drag and dropped it on the combofix icon and it started to run a new scan, it says that it found a rootkit activity, but did not say where, and that it had to reboot the computer which it has. it is going through the whole process again. is this normal? Where will the information that you require be located at once this scan is done?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP