Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidserv Activity 2


  • Please log in to reply
22 replies to this topic

#1 Kenzieevan

Kenzieevan

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 31 December 2011 - 08:25 PM

Norton detected Tidserv Activity 2.

Pop-up: XP Internet Security 2012 Firewall Alert

Internet access denied and receive: Internet Explorer alert. Visiting site may pose a security threat to your system.

Not sure what to do.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 31 December 2011 - 08:54 PM

Hello ,I moved this from XP to the Am I Infected forum.

Please run these and post back the logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Edited by boopme, 31 December 2011 - 09:20 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Kenzieevan

Kenzieevan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 31 December 2011 - 09:03 PM

XP Internet Security 2012 Firewall Alert.
XP Internet Security 2012 Firewall Alert has blocked a program from accessing the internet.
MiniToolBox is infected with Trojan-BNK.Win32Keylogger.gen

#4 Kenzieevan

Kenzieevan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 31 December 2011 - 09:22 PM

MiniToolBox by Farbar
Ran by Bill and Bev (administrator) on 31-12-2011 at 21:22:10
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : your-86c169d708

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-18-8B-11-A6-10

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.17.43

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging °ś with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 11 a6 10 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.17.43 169.254.17.43 20
169.254.17.43 255.255.255.255 127.0.0.1 127.0.0.1 20
169.254.255.255 255.255.255.255 169.254.17.43 169.254.17.43 20
224.0.0.0 240.0.0.0 169.254.17.43 169.254.17.43 20
255.255.255.255 255.255.255.255 169.254.17.43 169.254.17.43 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [File Not found] ()
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [File Not found] ()
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/31/2011 07:43:46 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/31/2011 07:32:02 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/31/2011 07:21:52 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/31/2011 05:28:23 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/31/2011 05:28:23 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally

Error: (12/31/2011 05:21:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/31/2011 05:21:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/31/2011 05:21:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/31/2011 05:21:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally

Error: (12/31/2011 05:20:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (12/31/2011 09:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

AceMoney Lite
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Reader 9.4.7 (Version: 9.4.7)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 5.2.0.0)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 50.0.206.000)
File Uploader (Version: 1.2.5)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 53.0.13.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Communicator 2007 R2 (Version: 3.5.6907.236)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
NewCopy (Version: 50.0.206.000)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.3)
Norton Internet Security (Version: 18.6.0.29)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Picture Control Utility (Version: 1.1.9)
ProductContext (Version: 50.0.206.000)
QuickTime (Version: 7.70.80.34)
Readme (Version: 50.0.206.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
SAPI Wrapper (Version: 1.0.0.0)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
SolutionCenter (Version: 50.0.152.000)
SoundMAX (Version: 5.12.01.5246)
Status (Version: 53.0.13.000)
TrayApp (Version: 53.0.13.000)
TTS Wrapper (Version: 1.0.0.0)
Unload (Version: 5.0.0)
ViewNX (Version: 1.5.2)
VoiceOver Kit (Version: 1.40.128.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1014.07 MB
Available physical RAM: 427.62 MB
Total Pagefile: 2443.82 MB
Available Pagefile: 1889.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.5 GB) (Free:51.55 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Bill and Bev Guest
HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini101411-01.dmp

**** End of log ****

MiniToolBox by Farbar
Ran by Bill and Bev (administrator) on 31-12-2011 at 21:22:10
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : your-86c169d708

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-18-8B-11-A6-10

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.17.43

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging °ś with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 11 a6 10 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.17.43 169.254.17.43 20
169.254.17.43 255.255.255.255 127.0.0.1 127.0.0.1 20
169.254.255.255 255.255.255.255 169.254.17.43 169.254.17.43 20
224.0.0.0 240.0.0.0 169.254.17.43 169.254.17.43 20
255.255.255.255 255.255.255.255 169.254.17.43 169.254.17.43 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [File Not found] ()
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [File Not found] ()
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/31/2011 07:43:46 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/31/2011 07:32:02 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/31/2011 07:21:52 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/31/2011 05:28:23 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/31/2011 05:28:23 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally

Error: (12/31/2011 05:21:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/31/2011 05:21:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/31/2011 05:21:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/31/2011 05:21:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally

Error: (12/31/2011 05:20:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (12/31/2011 09:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/31/2011 09:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

AceMoney Lite
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Reader 9.4.7 (Version: 9.4.7)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 5.2.0.0)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 50.0.206.000)
File Uploader (Version: 1.2.5)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 53.0.13.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Communicator 2007 R2 (Version: 3.5.6907.236)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
NewCopy (Version: 50.0.206.000)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.3)
Norton Internet Security (Version: 18.6.0.29)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Picture Control Utility (Version: 1.1.9)
ProductContext (Version: 50.0.206.000)
QuickTime (Version: 7.70.80.34)
Readme (Version: 50.0.206.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
SAPI Wrapper (Version: 1.0.0.0)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
SolutionCenter (Version: 50.0.152.000)
SoundMAX (Version: 5.12.01.5246)
Status (Version: 53.0.13.000)
TrayApp (Version: 53.0.13.000)
TTS Wrapper (Version: 1.0.0.0)
Unload (Version: 5.0.0)
ViewNX (Version: 1.5.2)
VoiceOver Kit (Version: 1.40.128.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1014.07 MB
Available physical RAM: 427.62 MB
Total Pagefile: 2443.82 MB
Available Pagefile: 1889.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.5 GB) (Free:51.55 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Bill and Bev Guest
HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini101411-01.dmp

**** End of log ****

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 31 December 2011 - 09:22 PM

OK, let's try it this way..
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Now run the tools in post 1.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Kenzieevan

Kenzieevan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 31 December 2011 - 09:24 PM

Should I now download TDSSKiller.zip and and extract it?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 31 December 2011 - 09:25 PM

Yes
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 31 December 2011 - 09:29 PM

Also.. Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Kenzieevan

Kenzieevan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 31 December 2011 - 09:47 PM

Reboot was needed.

21:30:02.0187 3856 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:30:02.0218 3856 ============================================================
21:30:02.0218 3856 Current date / time: 2011/12/31 21:30:02.0218
21:30:02.0218 3856 SystemInfo:
21:30:02.0218 3856
21:30:02.0218 3856 OS Version: 5.1.2600 ServicePack: 3.0
21:30:02.0218 3856 Product type: Workstation
21:30:02.0218 3856 ComputerName: YOUR-86C169D708
21:30:02.0218 3856 UserName: Bill and Bev
21:30:02.0218 3856 Windows directory: C:\WINDOWS
21:30:02.0218 3856 System windows directory: C:\WINDOWS
21:30:02.0218 3856 Processor architecture: Intel x86
21:30:02.0218 3856 Number of processors: 2
21:30:02.0218 3856 Page size: 0x1000
21:30:02.0218 3856 Boot type: Normal boot
21:30:02.0218 3856 ============================================================
21:30:04.0484 3856 Initialize success
21:30:32.0671 2100 ============================================================
21:30:32.0671 2100 Scan started
21:30:32.0671 2100 Mode: Manual;
21:30:32.0671 2100 ============================================================
21:30:33.0000 2100 Abiosdsk - ok
21:30:33.0015 2100 abp480n5 - ok
21:30:33.0078 2100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:30:33.0093 2100 ACPI - ok
21:30:33.0125 2100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:30:33.0125 2100 ACPIEC - ok
21:30:33.0140 2100 adpu160m - ok
21:30:33.0187 2100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:30:33.0187 2100 aec - ok
21:30:33.0234 2100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:30:33.0234 2100 AFD - ok
21:30:33.0250 2100 Aha154x - ok
21:30:33.0250 2100 aic78u2 - ok
21:30:33.0265 2100 aic78xx - ok
21:30:33.0281 2100 AliIde - ok
21:30:33.0296 2100 amsint - ok
21:30:33.0296 2100 asc - ok
21:30:33.0312 2100 asc3350p - ok
21:30:33.0328 2100 asc3550 - ok
21:30:33.0390 2100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:30:33.0390 2100 AsyncMac - ok
21:30:33.0546 2100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:30:33.0546 2100 atapi - ok
21:30:33.0546 2100 Atdisk - ok
21:30:33.0562 2100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:30:33.0578 2100 Atmarpc - ok
21:30:33.0609 2100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:30:33.0609 2100 audstub - ok
21:30:33.0671 2100 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:30:33.0687 2100 b57w2k - ok
21:30:33.0734 2100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:30:33.0750 2100 Beep - ok
21:30:34.0078 2100 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
21:30:34.0093 2100 BHDrvx86 - ok
21:30:34.0265 2100 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:30:34.0265 2100 BVRPMPR5 - ok
21:30:34.0281 2100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:30:34.0281 2100 cbidf2k - ok
21:30:34.0296 2100 cd20xrnt - ok
21:30:34.0328 2100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:30:34.0328 2100 Cdaudio - ok
21:30:34.0359 2100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:30:34.0359 2100 Cdfs - ok
21:30:34.0406 2100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:30:34.0421 2100 Cdrom - ok
21:30:34.0421 2100 Changer - ok
21:30:34.0437 2100 CmdIde - ok
21:30:34.0453 2100 Cpqarray - ok
21:30:34.0468 2100 dac2w2k - ok
21:30:34.0484 2100 dac960nt - ok
21:30:34.0500 2100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:30:34.0500 2100 Disk - ok
21:30:34.0562 2100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:30:34.0578 2100 dmboot - ok
21:30:34.0671 2100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:30:34.0671 2100 dmio - ok
21:30:34.0718 2100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:30:34.0718 2100 dmload - ok
21:30:34.0765 2100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:30:34.0765 2100 DMusic - ok
21:30:34.0796 2100 dpti2o - ok
21:30:34.0843 2100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:30:34.0843 2100 drmkaud - ok
21:30:34.0890 2100 E100B (5e72c8fbba5e949995ceb4d25656f904) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:30:34.0890 2100 E100B - ok
21:30:35.0046 2100 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:30:35.0046 2100 eeCtrl - ok
21:30:35.0078 2100 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:30:35.0078 2100 EraserUtilRebootDrv - ok
21:30:35.0250 2100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:30:35.0250 2100 Fastfat - ok
21:30:35.0296 2100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:30:35.0296 2100 Fdc - ok
21:30:35.0296 2100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:30:35.0296 2100 Fips - ok
21:30:35.0328 2100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:30:35.0343 2100 Flpydisk - ok
21:30:35.0375 2100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:30:35.0390 2100 FltMgr - ok
21:30:35.0390 2100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:30:35.0390 2100 Fs_Rec - ok
21:30:35.0421 2100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:30:35.0421 2100 Ftdisk - ok
21:30:35.0578 2100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:30:35.0578 2100 GEARAspiWDM - ok
21:30:35.0656 2100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:30:35.0656 2100 Gpc - ok
21:30:35.0718 2100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:30:35.0718 2100 hidusb - ok
21:30:35.0734 2100 hpn - ok
21:30:35.0796 2100 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:30:35.0812 2100 HPZid412 - ok
21:30:35.0812 2100 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:30:35.0812 2100 HPZipr12 - ok
21:30:35.0828 2100 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:30:35.0828 2100 HPZius12 - ok
21:30:35.0890 2100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:30:35.0890 2100 HTTP - ok
21:30:36.0015 2100 i2omgmt - ok
21:30:36.0031 2100 i2omp - ok
21:30:36.0078 2100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:30:36.0093 2100 i8042prt - ok
21:30:36.0187 2100 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:30:36.0187 2100 ialm - ok
21:30:36.0515 2100 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111228.001\IDSxpx86.sys
21:30:36.0515 2100 IDSxpx86 - ok
21:30:36.0703 2100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:30:36.0703 2100 Imapi - ok
21:30:36.0718 2100 ini910u - ok
21:30:36.0734 2100 IntelIde - ok
21:30:36.0781 2100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:30:36.0781 2100 intelppm - ok
21:30:36.0812 2100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:30:36.0812 2100 Ip6Fw - ok
21:30:36.0843 2100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:30:36.0843 2100 IpFilterDriver - ok
21:30:36.0859 2100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:30:36.0875 2100 IpInIp - ok
21:30:36.0906 2100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:30:36.0906 2100 IpNat - ok
21:30:37.0093 2100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:30:37.0093 2100 IPSec - ok
21:30:37.0140 2100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:30:37.0140 2100 IRENUM - ok
21:30:37.0203 2100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:30:37.0203 2100 isapnp - ok
21:30:37.0265 2100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:30:37.0265 2100 Kbdclass - ok
21:30:37.0328 2100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:30:37.0328 2100 kbdhid - ok
21:30:37.0390 2100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:30:37.0390 2100 kmixer - ok
21:30:37.0546 2100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:30:37.0546 2100 KSecDD - ok
21:30:37.0562 2100 lbrtfdc - ok
21:30:37.0593 2100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:30:37.0593 2100 mnmdd - ok
21:30:37.0609 2100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:30:37.0640 2100 Modem - ok
21:30:37.0703 2100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:30:37.0703 2100 Mouclass - ok
21:30:37.0718 2100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:30:37.0718 2100 mouhid - ok
21:30:37.0734 2100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:30:37.0734 2100 MountMgr - ok
21:30:37.0750 2100 mraid35x - ok
21:30:37.0781 2100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:30:37.0781 2100 MRxDAV - ok
21:30:37.0953 2100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:30:37.0953 2100 MRxSmb - ok
21:30:38.0000 2100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:30:38.0000 2100 Msfs - ok
21:30:38.0031 2100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:30:38.0031 2100 MSKSSRV - ok
21:30:38.0046 2100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:30:38.0046 2100 MSPCLOCK - ok
21:30:38.0062 2100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:30:38.0062 2100 MSPQM - ok
21:30:38.0109 2100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:30:38.0109 2100 mssmbios - ok
21:30:38.0234 2100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:30:38.0234 2100 Mup - ok
21:30:38.0546 2100 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111230.025\NAVENG.SYS
21:30:38.0562 2100 NAVENG - ok
21:30:38.0656 2100 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111230.025\NAVEX15.SYS
21:30:38.0671 2100 NAVEX15 - ok
21:30:38.0843 2100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:30:38.0843 2100 NDIS - ok
21:30:38.0906 2100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:30:38.0906 2100 NdisTapi - ok
21:30:38.0953 2100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:30:38.0953 2100 Ndisuio - ok
21:30:39.0000 2100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:30:39.0000 2100 NdisWan - ok
21:30:39.0046 2100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:30:39.0046 2100 NDProxy - ok
21:30:39.0062 2100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:30:39.0062 2100 NetBIOS - ok
21:30:39.0078 2100 NetBT (853618fb76d8d5570ff051c3599d84a4) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:30:39.0093 2100 NetBT ( Rootkit.Win32.ZAccess.h ) - infected
21:30:39.0093 2100 NetBT - detected Rootkit.Win32.ZAccess.h (0)
21:30:39.0234 2100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:30:39.0234 2100 Npfs - ok
21:30:39.0296 2100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:30:39.0312 2100 Ntfs - ok
21:30:39.0343 2100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:30:39.0343 2100 Null - ok
21:30:39.0375 2100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:30:39.0375 2100 NwlnkFlt - ok
21:30:39.0390 2100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:30:39.0390 2100 NwlnkFwd - ok
21:30:39.0437 2100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:30:39.0437 2100 Parport - ok
21:30:39.0562 2100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:30:39.0578 2100 PartMgr - ok
21:30:39.0625 2100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:30:39.0625 2100 ParVdm - ok
21:30:39.0671 2100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:30:39.0671 2100 PCI - ok
21:30:39.0671 2100 PCIDump - ok
21:30:39.0703 2100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:30:39.0703 2100 PCIIde - ok
21:30:39.0750 2100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:30:39.0750 2100 Pcmcia - ok
21:30:39.0750 2100 PDCOMP - ok
21:30:39.0765 2100 PDFRAME - ok
21:30:39.0765 2100 PDRELI - ok
21:30:39.0781 2100 PDRFRAME - ok
21:30:39.0796 2100 perc2 - ok
21:30:39.0796 2100 perc2hib - ok
21:30:39.0875 2100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:30:39.0875 2100 PptpMiniport - ok
21:30:40.0000 2100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:30:40.0000 2100 PSched - ok
21:30:40.0046 2100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:30:40.0046 2100 Ptilink - ok
21:30:40.0062 2100 ql1080 - ok
21:30:40.0062 2100 Ql10wnt - ok
21:30:40.0078 2100 ql12160 - ok
21:30:40.0078 2100 ql1240 - ok
21:30:40.0093 2100 ql1280 - ok
21:30:40.0125 2100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:30:40.0125 2100 RasAcd - ok
21:30:40.0140 2100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:30:40.0140 2100 Rasl2tp - ok
21:30:40.0187 2100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:30:40.0187 2100 RasPppoe - ok
21:30:40.0187 2100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:30:40.0203 2100 Raspti - ok
21:30:40.0234 2100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:30:40.0250 2100 Rdbss - ok
21:30:40.0265 2100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:30:40.0281 2100 RDPCDD - ok
21:30:40.0312 2100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:30:40.0312 2100 rdpdr - ok
21:30:40.0453 2100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:30:40.0468 2100 RDPWD - ok
21:30:40.0515 2100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:30:40.0515 2100 redbook - ok
21:30:40.0578 2100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:30:40.0578 2100 Secdrv - ok
21:30:40.0656 2100 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:30:40.0656 2100 senfilt - ok
21:30:40.0750 2100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:30:40.0750 2100 serenum - ok
21:30:40.0750 2100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:30:40.0750 2100 Serial - ok
21:30:40.0781 2100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:30:40.0781 2100 Sfloppy - ok
21:30:40.0796 2100 Simbad - ok
21:30:40.0875 2100 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
21:30:40.0875 2100 smwdm - ok
21:30:40.0906 2100 Sparrow - ok
21:30:40.0921 2100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:30:40.0937 2100 splitter - ok
21:30:41.0000 2100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:30:41.0015 2100 sr - ok
21:30:41.0109 2100 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
21:30:41.0109 2100 SRTSP - ok
21:30:41.0234 2100 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
21:30:41.0250 2100 SRTSPX - ok
21:30:41.0281 2100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:30:41.0281 2100 Srv - ok
21:30:41.0343 2100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:30:41.0343 2100 swenum - ok
21:30:41.0421 2100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:30:41.0421 2100 swmidi - ok
21:30:41.0421 2100 symc810 - ok
21:30:41.0437 2100 symc8xx - ok
21:30:41.0500 2100 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
21:30:41.0515 2100 SymDS - ok
21:30:41.0671 2100 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
21:30:41.0687 2100 SymEFA - ok
21:30:41.0750 2100 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:30:41.0750 2100 SymEvent - ok
21:30:41.0843 2100 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
21:30:41.0843 2100 SymIRON - ok
21:30:42.0000 2100 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
21:30:42.0000 2100 SYMTDI - ok
21:30:42.0000 2100 sym_hi - ok
21:30:42.0015 2100 sym_u3 - ok
21:30:42.0062 2100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:30:42.0078 2100 sysaudio - ok
21:30:42.0156 2100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:30:42.0156 2100 Tcpip - ok
21:30:42.0218 2100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:30:42.0218 2100 TDPIPE - ok
21:30:42.0343 2100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:30:42.0343 2100 TDTCP - ok
21:30:42.0390 2100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:30:42.0390 2100 TermDD - ok
21:30:42.0406 2100 TosIde - ok
21:30:42.0437 2100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:30:42.0437 2100 Udfs - ok
21:30:42.0468 2100 ultra - ok
21:30:42.0546 2100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:30:42.0546 2100 Update - ok
21:30:42.0718 2100 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:30:42.0718 2100 USBAAPL - ok
21:30:42.0765 2100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:30:42.0765 2100 usbccgp - ok
21:30:42.0828 2100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:30:42.0828 2100 usbehci - ok
21:30:42.0859 2100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:30:42.0875 2100 usbhub - ok
21:30:42.0953 2100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:30:42.0984 2100 usbprint - ok
21:30:43.0250 2100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:30:43.0265 2100 usbscan - ok
21:30:43.0796 2100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:30:43.0796 2100 USBSTOR - ok
21:30:44.0265 2100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:30:44.0296 2100 usbuhci - ok
21:30:44.0406 2100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:30:44.0406 2100 VgaSave - ok
21:30:44.0812 2100 ViaIde - ok
21:30:44.0906 2100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:30:44.0937 2100 VolSnap - ok
21:30:45.0406 2100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:30:45.0453 2100 Wanarp - ok
21:30:45.0890 2100 WDICA - ok
21:30:46.0000 2100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:30:46.0031 2100 wdmaud - ok
21:30:46.0187 2100 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:30:46.0187 2100 WS2IFSL - ok
21:30:46.0296 2100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:30:46.0296 2100 WudfPf - ok
21:30:46.0343 2100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:30:46.0343 2100 WudfRd - ok
21:30:46.0375 2100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:30:46.0546 2100 \Device\Harddisk0\DR0 - ok
21:30:46.0546 2100 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR12
21:30:46.0562 2100 \Device\Harddisk1\DR12 - ok
21:30:46.0562 2100 Boot (0x1200) (f0badaf7a4e6c4dc67ec1b38ed172e90) \Device\Harddisk0\DR0\Partition0
21:30:46.0562 2100 \Device\Harddisk0\DR0\Partition0 - ok
21:30:46.0562 2100 Boot (0x1200) (ad6482b1d885dc72922eb8c158591b14) \Device\Harddisk1\DR12\Partition0
21:30:46.0562 2100 \Device\Harddisk1\DR12\Partition0 - ok
21:30:46.0562 2100 ============================================================
21:30:46.0562 2100 Scan finished
21:30:46.0562 2100 ============================================================
21:30:46.0578 2220 Detected object count: 1
21:30:46.0578 2220 Actual detected object count: 1
21:32:26.0656 2220 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
21:32:36.0765 2220 Backup copy found, using it..
21:32:37.0015 2220 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
21:32:39.0796 2220 NetBT ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
21:37:38.0796 3784 Deinitialize success

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 31 December 2011 - 10:15 PM

Good ,, if you can rerun Rkill before MBAM.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Kenzieevan

Kenzieevan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 31 December 2011 - 10:22 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/31/2011 10:21:49 PM
mbam-log-2011-12-31 (22-21-49).txt

Scan type: Quick scan
Objects scanned: 207666
Time elapsed: 16 minute(s), 59 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\documents and settings\bill and bev\local settings\application data\uuj.exe (Trojan.ExeShell.Gen) -> 1140 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill and Bev\Local Settings\Application Data\uuj.exe" -a "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill and Bev\Local Settings\Application Data\uuj.exe" -a "firefox.exe") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill and Bev\Local Settings\Application Data\uuj.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\bill and bev\local settings\application data\uuj.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\bill and bev\local settings\application data\sgn.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\bill and bev\local settings\application data\yyu.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

#12 Kenzieevan

Kenzieevan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 31 December 2011 - 10:33 PM

Pop-ups are no longer appearing, but now I can't get an internet connection.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 31 December 2011 - 10:47 PM

Ok, did you reset the Hosts file?

Try these first

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.


netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Kenzieevan

Kenzieevan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 31 December 2011 - 10:57 PM

"Use a proxy..." is unchecked and internet is not working.


When I go to run cmd I am sked to choose a program to open the file.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 31 December 2011 - 11:06 PM

what program do i want to open file (FILE ASSOC FIX)

Go here to Doug KNox's Windows« XP File Association Fixes
Run 9th down on left... EXE File Association Fix ... the EXE not EML one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users