Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan-BNK.Win32.Keylogger.gen PLEASE HELP


  • This topic is locked This topic is locked
18 replies to this topic

#1 Divaindeed22

Divaindeed22

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 15 January 2012 - 09:23 PM

I was on my computer and the message appeared that I was infect with Trojan-BNK.Win32.Keylogger.gen, this program has been redirecting me to different web pages and not allowing me to utilize my computer. I had to go into safe mode to be able to get into certain sites, please help me remove.

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 20 January 2012 - 09:08 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Any underlined text in my posts indicates a clickable link.
  • If you have any questions at all, please stop and ask before proceeding.
Posted Image Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.com
DDS.pif
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • DDS.txt and Attach.txt logs
  • GMER log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 25 January 2012 - 10:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 07 February 2012 - 05:26 PM

This topic has been re-opened at the request of the person who originally posted.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 07 February 2012 - 08:17 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Administrator at 19:09:23 on 2012-02-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.260 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [PCDrProfiler]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0D2E32EE-A83A-4B53-95AA-BB0151735C1D} : DhcpNameServer = 10.10.5.10
TCP: Interfaces\{F4572180-BF4E-43EA-B661-7275A9084965} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: xmlproservice - xmlrpw32.dll
Notify: xmlrpw32 - xmlrpw32.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-3-4 185968]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-3-4 239216]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-3-4 161392]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-3-24 127088]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050620.007\NAVENG.Sys [2009-11-19 73760]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050620.007\NavEx15.Sys [2009-11-19 632000]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-2-4 324232]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 133104]
S2 Iprip;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2009-11-16 14336]
S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2009-11-16 14336]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-3-4 83568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 133104]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-2-17 198368]
.
=============== Created Last 30 ================
.
2012-02-08 06:54:59 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2011-12-18 19:30:20 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
.
============= FINISH: 19:10:39.10 ===============

Attached Files



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 07 February 2012 - 10:44 PM

Please do this:

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 09 February 2012 - 11:58 PM

ComboFix 12-02-09.04 - Compaq_Administrator 02/10/2012 22:38:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.655 [GMT -8:00]
Running from: c:\documents and settings\Compaq_Administrator.MELNE804.000\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Administrator.MELNE\WINDOWS
c:\documents and settings\Compaq_Administrator.MELNE804.000\WINDOWS
c:\documents and settings\Compaq_Administrator.MELNE804\WINDOWS
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\melne34\WINDOWS
c:\program files\somototoolbar\vmNTemplatex.dll
c:\windows\$NtUninstallKB6088$\238492159\@
c:\windows\$NtUninstallKB6088$\238492159\bckfg.tmp
c:\windows\$NtUninstallKB6088$\238492159\cfg.ini
c:\windows\$NtUninstallKB6088$\238492159\Desktop.ini
c:\windows\$NtUninstallKB6088$\238492159\keywords
c:\windows\$NtUninstallKB6088$\238492159\kwrd.dll
c:\windows\$NtUninstallKB6088$\238492159\L\dievdnxz
c:\windows\$NtUninstallKB6088$\238492159\lsflt7.ver
c:\windows\$NtUninstallKB6088$\238492159\U\00000001.@
c:\windows\$NtUninstallKB6088$\238492159\U\00000002.@
c:\windows\$NtUninstallKB6088$\238492159\U\00000004.@
c:\windows\$NtUninstallKB6088$\238492159\U\80000000.@
c:\windows\$NtUninstallKB6088$\238492159\U\80000004.@
c:\windows\$NtUninstallKB6088$\238492159\U\80000032.@
c:\windows\$NtUninstallKB6088$\238492159\version
c:\windows\$NtUninstallKB6088$\4088703226
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\ps2.bat
c:\windows\system32\wpcap.dll
c:\windows\system32\xmlrpw32.dll
c:\windows\Temp\_ex-68.exe
D:\Autorun.inf
c:\windows\$NtUninstallKB6088$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 06:21 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-08 06:54 . 2012-02-11 03:52 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-01-16 04:08 . 2012-01-16 04:08 -------- d-----w- c:\documents and settings\Compaq_Administrator.MELNE804.000\Application Data\Leadertech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 00:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-21 03:35 787744 ------w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-03-04 48752]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-19 180269]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\documents and settings\Compaq_Administrator.MELNE804\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2009-11-19 36864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2009-11-19 36903]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2010 10:25 AM 133104]
S2 Iprip;Network Security;c:\windows\System32\svchost.exe -k netsvcs [11/16/2009 7:40 PM 14336]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [11/16/2009 7:40 PM 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2010 10:25 AM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
citrixxteserver
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 18:25]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 18:25]
.
2012-02-11 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Compaq_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 21:21]
.
2012-02-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-04 00:31]
.
2009-11-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-11-19 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-xmlproservice - xmlrpw32.dll
Notify-xmlrpw32 - xmlrpw32.dll
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 22:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3440)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2012-02-10 22:57:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 06:57
.
Pre-Run: 188,981,780,480 bytes free
Post-Run: 190,777,655,296 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - EADE403C1BFF8055C92CDB2BF9A226D2

Attached Files


Edited by RPMcMurphy, 10 February 2012 - 02:13 PM.
Added log


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 10 February 2012 - 02:20 PM

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Folder::

Folder::
c:\windows\$NtUninstallKB6088$

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 12 February 2012 - 10:20 AM

which one is the code box

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 12 February 2012 - 10:55 AM

It's the box right under the first paragraph of instructions that contains two lines of code starting with Folder::

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 12 February 2012 - 11:13 PM

Here are my results attached

Attached Files



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 13 February 2012 - 12:18 PM

How is your computer running now? Please do this next:

Please navigate to this folder, open it and tell me exactly what, if anything, it contains (file and folder names):

c:\windows\$NtUninstallKB6088$

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • List the contents of that folder
  • How is your computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 17 February 2012 - 10:42 PM

The Folder contained another folder which was empty but was titled 238492159. My computer seems to be running better now. Below is the ESET Log:

C:\Documents and Settings\Compaq_Administrator.MELNE\Application Data\OpenCandy\OpenCandy_C6BBEBAAB7A640F5B8099938A4A8DC86\DLMgr_3_1.6.87.exe Win32/OpenCandy application
C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Local Settings\TempDIR\BetterInstaller.exe a variant of Win32/Adware.Somoto.A application
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll probably a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\WINDOWS\system32\xmlrpw32.dll.vir probably a variant of Win32/Agent.GOSSCSE trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP156\A0037961.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP158\A0038069.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP161\A0038079.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP162\A0039079.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP162\A0039092.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP163\A0039116.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP163\A0039157.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP163\A0039166.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP163\A0039180.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP163\A0039193.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP163\A0039195.exe a variant of Win32/Kryptik.YZI trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP164\A0039287.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP164\A0040287.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP165\A0040295.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP165\A0041295.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP166\A0042295.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP167\A0043295.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP167\A0044295.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP167\A0044308.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP168\A0044483.dll a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP168\A0044493.dll probably a variant of Win32/Agent.GOSSCSE trojan
C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan
D:\I386\APPS\APP20616\src\HPSummer2005.exe a variant of Win32/AdInstaller application
Operating memory a variant of Win32/Toolbar.SearchSuite application

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 18 February 2012 - 09:38 AM

Hi,

Please do this now:

Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    rd c:\windows\$NtUninstallKB6088$\238492159 /c
    rd c:\windows\$NtUninstallKB6088$ /c
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Double click on OTL to open it
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) and paste the contents of that file into your next post.
Please include the following in your next post:
  • OTL Fix log
  • TDSSKilller log
  • OTL.txt log

Edited by RPMcMurphy, 23 February 2012 - 09:50 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 24 February 2012 - 08:06 PM

When I ran the last OTL as instructed it gave me 2 logs so I pasted them below:

OTL logfile created on: 2/25/2012 6:43:35 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 494.11 Mb Available Physical Memory | 51.55% Memory free
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.69% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.67 Gb Total Space | 177.14 Gb Free Space | 78.50% Space Free | Partition Type: NTFS
Drive D: | 7.19 Gb Total Space | 1.05 Gb Free Space | 14.54% Space Free | Partition Type: FAT32

Computer Name: MELNE804 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
PRC - c:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\bwfiles.dll ()
MOD - C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\FrExt.dll ()
MOD - C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\clntutil.dll ()
MOD - C:\Program Files\Compaq Connections\5577497\Program\HPClientExt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll ()
MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Win32 Services (SafeList) ==========

SRV - (XMLProvS) -- File not found
SRV - (NWADI) -- File not found
SRV - (Iprip) -- File not found
SRV - (citrixxteserver) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (ISSVC) -- c:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
SRV - (navapsvc) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccProxy) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SNDSrvc) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SAVScan) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SymWSC) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050620.007\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050620.007\NAVENG.SYS (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050303.027\SymIDSCo.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SAVRTPEL) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found



========== Chrome ==========

CHR - Extension: Bandoo = C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\

O1 HOSTS File: ([2012/02/13 20:18:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D2E32EE-A83A-4B53-95AA-BB0151735C1D}: DhcpNameServer = 10.10.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4572180-BF4E-43EA-B661-7275A9084965}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/17 10:32:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: citrixxteserver - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/25 17:10:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/25 17:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\tdsskiller
[2012/02/25 17:06:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/25 17:05:45 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\OTL.exe
[2012/02/18 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/02/18 20:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\Oracle
[2012/02/13 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/02/13 22:16:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/13 20:05:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/13 20:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 20:02:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/13 20:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/10 22:06:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/10 21:51:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/10 21:51:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/10 21:51:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/10 21:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/10 21:29:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/10 21:27:00 | 004,399,227 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\ComboFix.exe
[2012/02/08 19:09:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Start Menu\Programs\Administrative Tools
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/25 18:45:02 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/02/25 17:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/25 17:14:19 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/02/25 17:13:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/25 17:11:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/25 17:11:28 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/25 17:05:49 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\OTL.exe
[2012/02/25 16:57:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/18 19:52:30 | 000,000,578 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Administrator.job
[2012/02/18 00:19:10 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/02/13 22:25:04 | 006,668,988 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\French Montana Shot Caller.mp3
[2012/02/13 22:24:36 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/13 20:18:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/13 20:02:45 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/10 22:14:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/10 22:06:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/02/10 21:27:02 | 004,399,227 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\ComboFix.exe
[2012/02/10 19:52:54 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/08 09:44:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/13 22:25:04 | 006,668,988 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\French Montana Shot Caller.mp3
[2012/02/13 22:24:36 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/13 20:02:45 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/10 21:51:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/10 21:51:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/10 21:51:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/10 21:51:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/10 21:51:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/07 22:54:59 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/01/16 19:10:49 | 000,009,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\84e64c79
[2012/01/16 19:10:49 | 000,009,342 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\2eab9094
[2012/01/16 19:10:49 | 000,009,332 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Local Settings\Application Data\196e0500
[2011/12/26 19:40:40 | 000,001,090 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Local Settings\Application Data\n68qu6fd2d2e
[2011/12/26 19:40:40 | 000,001,090 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n68qu6fd2d2e
[2011/12/23 18:19:20 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/23 18:19:20 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/15 19:42:46 | 000,001,194 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\370173d2u587h743k306j0xyi3v8
[2011/10/05 20:03:59 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\wklnhst.dat
[2011/08/09 15:42:29 | 000,035,780 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/19 11:22:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/22 20:53:56 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Local Settings\Application Data\fusioncache.dat
[2011/05/22 18:00:44 | 000,002,068 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w70st7567b4372d
[2010/12/25 11:39:10 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/09 05:21:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ORUN32.EXE
[2010/05/22 16:17:57 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

========== LOP Check ==========

[2010/01/22 20:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/01/22 20:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2011/08/26 17:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009/11/22 05:24:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/22 16:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2011/07/26 07:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/04/03 08:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/24 18:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/08/26 17:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
[2011/08/26 17:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\Bandoo
[2011/05/23 22:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\dtband
[2012/01/15 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\Leadertech
[2012/02/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\MP3Rocket
[2012/02/18 20:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\Oracle
[2009/11/19 00:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\SampleView
[2011/08/26 17:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\searchquband
[2011/08/26 17:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\searchqutoolbar
[2011/06/12 14:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\somototoolbar
[2011/10/05 20:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Application Data\Template
[2012/02/25 18:45:02 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\*. /rp /s >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >


This is the Second OTL that was created:

OTL Extras logfile created on: 2/25/2012 6:43:35 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 494.11 Mb Available Physical Memory | 51.55% Memory free
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.69% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.67 Gb Total Space | 177.14 Gb Free Space | 78.50% Space Free | Partition Type: NTFS
Drive D: | 7.19 Gb Total Space | 1.05 Gb Free Space | 14.54% Space Free | Partition Type: FAT32

Computer Name: MELNE804 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D8F6834B-D5E7-4451-8681-B051ABD8561D}" = ccCommon
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FFC7BA3F-3B0E-4BD8-B638-8547F4E841C0}" = Nickelodeon Toon Twister 3-D
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"220B08B4-42B6-4452-A646-5646B6CB8063" = Flip Words from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FC85AE2-A516-46DC-9622-BEE432D2276B" = Jewel Quest from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only)
"3DB5E24E-D0CE-437E-96BB-35E09A45B800" = Digby's Donuts from Compaq (remove only)
"422C7575-C10D-4795-87FA-9972765379E6" = Mah Jong Quest from Compaq (remove only)
"4A750179-4CAB-4A94-911D-36ECBC64B6B2" = SCRABBLE Blast from Compaq (remove only)
"52AEBC18-F252-4B0C-B3E1-724537D9F873" = Ricochet Lost Worlds from Compaq (remove only)
"53474592-01BC-4338-8647-FE350957D912" = Barnyard Invasion from Compaq (remove only)
"5AF1DD17-7B06-45EF-8592-2E524E458BAB" = Insaniquarium Deluxe from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"9421EC3B-DD11-4A1D-B299-6E00CBFD0313" = Big Kahuna Reef from Compaq (remove only)
"AC542946-E8F0-4163-9902-A1DCB02E327F" = SCRABBLE Rack Attack from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B8DC3DBE-D64E-4EE3-8211-8BCAD6CD3D56" = Swarm from Compaq (remove only)
"BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9" = Shrek 2 Ogre Bowler from Compaq (remove only)
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"Compaq Game Console" = Compaq Game Console and games
"D84AC71A-75E8-4709-8BA5-4B46EAC00C5E" = Bejeweled 2 Deluxe from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only)
"E1A0F769-A43A-4DDB-9F73-12791E453557" = Puzzle Express from Compaq (remove only)
"E618FC78-EE4F-4243-8409-078EB5E0B1F6" = Bookworm Deluxe from Compaq (remove only)
"EC103FAC-9610-4651-BD68-CCEA97C7AB02" = FATE Demo from Compaq (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9" = Slingo Deluxe from Compaq (remove only)
"FA6A73EB-40AB-4B58-851D-3892B3C10EF6" = SCRABBLE from Compaq (remove only)
"Google Chrome" = Google Chrome
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"MP3 Rocket" = MP3 Rocket
"MP3 Rocket FileBulldog Toolbar" = MP3 Rocket FileBulldog Toolbar
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2011 10:48:32 AM | Computer Name = MELNE804 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6547

Error - 11/9/2011 3:50:58 PM | Computer Name = MELNE804 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/9/2011 3:50:58 PM | Computer Name = MELNE804 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18152234

Error - 11/9/2011 3:50:58 PM | Computer Name = MELNE804 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18152234

Error - 11/9/2011 9:11:00 PM | Computer Name = MELNE804 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/9/2011 9:11:00 PM | Computer Name = MELNE804 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15884031

Error - 11/9/2011 9:11:00 PM | Computer Name = MELNE804 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15884031

Error - 11/10/2011 10:51:12 PM | Computer Name = MELNE804 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieplugin.dll, version 7.0.0.0, fault address 0x00143970.

Error - 11/13/2011 10:10:17 PM | Computer Name = MELNE804 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieplugin.dll, version 7.0.0.0, fault address 0x00143970.

Error - 11/18/2011 7:19:16 PM | Computer Name = MELNE804 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/25/2012 8:57:30 PM | Computer Name = MELNE804 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 2/25/2012 8:57:30 PM | Computer Name = MELNE804 | Source = Service Control Manager | ID = 7023
Description = The Network ProService service terminated with the following error:
%%126

Error - 2/25/2012 8:57:34 PM | Computer Name = MELNE804 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Imapi PxHelp20

Error - 2/25/2012 8:57:46 PM | Computer Name = MELNE804 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -93754 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.2.6:123->65.55.21.19:123) is working
properly.

Error - 2/25/2012 9:11:40 PM | Computer Name = MELNE804 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 2/25/2012 9:11:44 PM | Computer Name = MELNE804 | Source = Service Control Manager | ID = 7023
Description = The Susbser service terminated with the following error: %%126

Error - 2/25/2012 9:11:44 PM | Computer Name = MELNE804 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 2/25/2012 9:11:44 PM | Computer Name = MELNE804 | Source = Service Control Manager | ID = 7023
Description = The Network ProService service terminated with the following error:
%%126

Error - 2/25/2012 9:11:45 PM | Computer Name = MELNE804 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
gagp30kx iaStor Imapi IntelIde PxHelp20 ViaIde

Error - 2/25/2012 10:40:11 PM | Computer Name = MELNE804 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.


< End of report >


This is the OTL Fix Log:

========== FILES ==========
< rd c:\windows\$NtUninstallKB6088$\238492159 /c >
C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\cmd.txt deleted successfully.
< rd c:\windows\$NtUninstallKB6088$ /c >
C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator.MELNE804.000\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.33.2 log created on 02252012_170625


This the TDSSKiller Log:

17:09:13.0859 3576 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
17:09:14.0250 3576 ============================================================
17:09:14.0250 3576 Current date / time: 2012/02/25 17:09:14.0250
17:09:14.0250 3576 SystemInfo:
17:09:14.0250 3576
17:09:14.0250 3576 OS Version: 5.1.2600 ServicePack: 3.0
17:09:14.0250 3576 Product type: Workstation
17:09:14.0250 3576 ComputerName: MELNE804
17:09:14.0250 3576 UserName: Compaq_Administrator
17:09:14.0250 3576 Windows directory: C:\WINDOWS
17:09:14.0250 3576 System windows directory: C:\WINDOWS
17:09:14.0250 3576 Processor architecture: Intel x86
17:09:14.0250 3576 Number of processors: 1
17:09:14.0250 3576 Page size: 0x1000
17:09:14.0250 3576 Boot type: Normal boot
17:09:14.0250 3576 ============================================================
17:09:17.0250 3576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:09:17.0312 3576 \Device\Harddisk0\DR0:
17:09:17.0328 3576 MBR used
17:09:17.0328 3576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xE6AB2E
17:09:17.0328 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE6AB6D, BlocksNum 0x1C355B53
17:09:17.0406 3576 Initialize success
17:09:17.0406 3576 ============================================================
17:09:32.0015 3736 ============================================================
17:09:32.0015 3736 Scan started
17:09:32.0015 3736 Mode: Manual; TDLFS;
17:09:32.0015 3736 ============================================================
17:09:33.0281 3736 Abiosdsk - ok
17:09:33.0312 3736 abp480n5 - ok
17:09:33.0359 3736 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:09:33.0375 3736 ACPI - ok
17:09:33.0437 3736 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:09:33.0437 3736 ACPIEC - ok
17:09:33.0453 3736 adpu160m - ok
17:09:33.0515 3736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:09:33.0531 3736 aec - ok
17:09:33.0593 3736 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:09:33.0609 3736 AFD - ok
17:09:33.0625 3736 Aha154x - ok
17:09:33.0656 3736 aic78u2 - ok
17:09:33.0671 3736 aic78xx - ok
17:09:33.0765 3736 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:09:33.0843 3736 ALCXWDM - ok
17:09:33.0875 3736 AliIde - ok
17:09:33.0937 3736 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:09:33.0937 3736 AmdK8 - ok
17:09:33.0953 3736 amsint - ok
17:09:34.0046 3736 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:09:34.0046 3736 Arp1394 - ok
17:09:34.0062 3736 asc - ok
17:09:34.0093 3736 asc3350p - ok
17:09:34.0109 3736 asc3550 - ok
17:09:34.0156 3736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:09:34.0156 3736 AsyncMac - ok
17:09:34.0187 3736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:09:34.0187 3736 atapi - ok
17:09:34.0218 3736 Atdisk - ok
17:09:34.0281 3736 ati2mtag (b33a281dcdf455b069816790275050a7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:09:34.0296 3736 ati2mtag - ok
17:09:34.0359 3736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:09:34.0359 3736 Atmarpc - ok
17:09:34.0390 3736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:09:34.0390 3736 audstub - ok
17:09:34.0437 3736 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
17:09:34.0437 3736 bb-run - ok
17:09:34.0500 3736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:09:34.0500 3736 Beep - ok
17:09:34.0531 3736 catchme - ok
17:09:34.0562 3736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:09:34.0578 3736 cbidf2k - ok
17:09:34.0625 3736 cd20xrnt - ok
17:09:34.0656 3736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:09:34.0656 3736 Cdaudio - ok
17:09:34.0703 3736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:09:34.0703 3736 Cdfs - ok
17:09:34.0734 3736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:09:34.0734 3736 Cdrom - ok
17:09:34.0750 3736 Changer - ok
17:09:34.0781 3736 CmdIde - ok
17:09:34.0859 3736 Cpqarray - ok
17:09:34.0875 3736 dac2w2k - ok
17:09:34.0906 3736 dac960nt - ok
17:09:34.0968 3736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:09:34.0984 3736 Disk - ok
17:09:35.0046 3736 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:09:35.0078 3736 dmboot - ok
17:09:35.0093 3736 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:09:35.0109 3736 dmio - ok
17:09:35.0140 3736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:09:35.0140 3736 dmload - ok
17:09:35.0203 3736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:09:35.0203 3736 DMusic - ok
17:09:35.0343 3736 dpti2o - ok
17:09:35.0390 3736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:09:35.0390 3736 drmkaud - ok
17:09:35.0468 3736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:09:35.0484 3736 Fastfat - ok
17:09:35.0531 3736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:09:35.0531 3736 Fdc - ok
17:09:35.0562 3736 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:09:35.0562 3736 Fips - ok
17:09:35.0593 3736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:09:35.0593 3736 Flpydisk - ok
17:09:35.0625 3736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:09:35.0625 3736 FltMgr - ok
17:09:35.0671 3736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:09:35.0671 3736 Fs_Rec - ok
17:09:35.0703 3736 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:09:35.0703 3736 Ftdisk - ok
17:09:35.0750 3736 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
17:09:35.0750 3736 ftsata2 - ok
17:09:35.0796 3736 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
17:09:35.0796 3736 gagp30kx - ok
17:09:35.0859 3736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:09:35.0859 3736 GEARAspiWDM - ok
17:09:35.0921 3736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:09:35.0921 3736 Gpc - ok
17:09:35.0968 3736 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:09:35.0968 3736 HidUsb - ok
17:09:36.0015 3736 hpn - ok
17:09:36.0078 3736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:09:36.0078 3736 HTTP - ok
17:09:36.0109 3736 i2omgmt - ok
17:09:36.0125 3736 i2omp - ok
17:09:36.0156 3736 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:09:36.0156 3736 i8042prt - ok
17:09:36.0250 3736 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:09:36.0281 3736 iaStor - ok
17:09:36.0312 3736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:09:36.0328 3736 Imapi - ok
17:09:36.0343 3736 ini910u - ok
17:09:36.0375 3736 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:09:36.0375 3736 IntelIde - ok
17:09:36.0421 3736 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:09:36.0437 3736 intelppm - ok
17:09:36.0437 3736 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:09:36.0453 3736 Ip6Fw - ok
17:09:36.0484 3736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:09:36.0484 3736 IpFilterDriver - ok
17:09:36.0515 3736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:09:36.0515 3736 IpInIp - ok
17:09:36.0562 3736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:09:36.0562 3736 IpNat - ok
17:09:36.0609 3736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:09:36.0609 3736 IPSec - ok
17:09:36.0640 3736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:09:36.0656 3736 IRENUM - ok
17:09:36.0687 3736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:09:36.0687 3736 isapnp - ok
17:09:36.0718 3736 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:09:36.0718 3736 Kbdclass - ok
17:09:36.0765 3736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:09:36.0765 3736 kmixer - ok
17:09:36.0828 3736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:09:36.0828 3736 KSecDD - ok
17:09:36.0859 3736 lbrtfdc - ok
17:09:36.0921 3736 ltmodem5 - ok
17:09:37.0000 3736 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:09:37.0000 3736 MHNDRV - ok
17:09:37.0062 3736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:09:37.0062 3736 mnmdd - ok
17:09:37.0125 3736 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:09:37.0125 3736 Modem - ok
17:09:37.0140 3736 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:09:37.0156 3736 MODEMCSA - ok
17:09:37.0171 3736 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:09:37.0171 3736 Mouclass - ok
17:09:37.0234 3736 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:09:37.0234 3736 mouhid - ok
17:09:37.0265 3736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:09:37.0265 3736 MountMgr - ok
17:09:37.0281 3736 mraid35x - ok
17:09:37.0312 3736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:09:37.0312 3736 MRxDAV - ok
17:09:37.0390 3736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:09:37.0421 3736 MRxSmb - ok
17:09:37.0437 3736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:09:37.0437 3736 Msfs - ok
17:09:37.0500 3736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:09:37.0500 3736 MSKSSRV - ok
17:09:37.0515 3736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:09:37.0515 3736 MSPCLOCK - ok
17:09:37.0546 3736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:09:37.0546 3736 MSPQM - ok
17:09:37.0609 3736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:09:37.0609 3736 mssmbios - ok
17:09:37.0671 3736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:09:37.0671 3736 Mup - ok
17:09:37.0890 3736 NAVENG (904b9a1657f52147898196239487c86a) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050620.007\NAVENG.Sys
17:09:37.0906 3736 NAVENG - ok
17:09:37.0937 3736 NAVEX15 (80d74b829f94645e75983b58b4c8bee2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050620.007\NavEx15.Sys
17:09:37.0937 3736 NAVEX15 - ok
17:09:38.0125 3736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:09:38.0125 3736 NDIS - ok
17:09:38.0203 3736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:09:38.0203 3736 NdisTapi - ok
17:09:38.0250 3736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:09:38.0250 3736 Ndisuio - ok
17:09:38.0265 3736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:09:38.0265 3736 NdisWan - ok
17:09:38.0328 3736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:09:38.0328 3736 NDProxy - ok
17:09:38.0359 3736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:09:38.0359 3736 NetBIOS - ok
17:09:38.0390 3736 NetBT (e83b450a3adae2d9ef4170474d94ddcc) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:09:38.0390 3736 NetBT ( Virus.Win32.ZAccess.k ) - infected
17:09:38.0390 3736 NetBT - detected Virus.Win32.ZAccess.k (0)
17:09:38.0468 3736 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:09:38.0468 3736 NIC1394 - ok
17:09:38.0500 3736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:09:38.0500 3736 Npfs - ok
17:09:38.0546 3736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:09:38.0578 3736 Ntfs - ok
17:09:38.0640 3736 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:09:38.0640 3736 NuidFltr - ok
17:09:38.0703 3736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:09:38.0703 3736 Null - ok
17:09:38.0750 3736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:09:38.0750 3736 NwlnkFlt - ok
17:09:38.0765 3736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:09:38.0765 3736 NwlnkFwd - ok
17:09:38.0828 3736 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:09:38.0843 3736 ohci1394 - ok
17:09:38.0890 3736 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:09:38.0890 3736 Parport - ok
17:09:38.0906 3736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:09:38.0906 3736 PartMgr - ok
17:09:38.0968 3736 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:09:38.0968 3736 ParVdm - ok
17:09:38.0984 3736 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:09:38.0984 3736 PCI - ok
17:09:39.0015 3736 PCIDump - ok
17:09:39.0046 3736 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:09:39.0046 3736 PCIIde - ok
17:09:39.0078 3736 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:09:39.0078 3736 Pcmcia - ok
17:09:39.0093 3736 PDCOMP - ok
17:09:39.0125 3736 PDFRAME - ok
17:09:39.0140 3736 PDRELI - ok
17:09:39.0156 3736 PDRFRAME - ok
17:09:39.0171 3736 perc2 - ok
17:09:39.0203 3736 perc2hib - ok
17:09:39.0265 3736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:09:39.0281 3736 PptpMiniport - ok
17:09:39.0343 3736 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:09:39.0343 3736 Processor - ok
17:09:39.0406 3736 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
17:09:39.0406 3736 Ps2 - ok
17:09:39.0421 3736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:09:39.0421 3736 PSched - ok
17:09:39.0453 3736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:09:39.0468 3736 Ptilink - ok
17:09:39.0484 3736 PxHelp20 - ok
17:09:39.0515 3736 ql1080 - ok
17:09:39.0531 3736 Ql10wnt - ok
17:09:39.0546 3736 ql12160 - ok
17:09:39.0578 3736 ql1240 - ok
17:09:39.0593 3736 ql1280 - ok
17:09:39.0625 3736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:09:39.0640 3736 RasAcd - ok
17:09:39.0656 3736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:09:39.0671 3736 Rasl2tp - ok
17:09:39.0703 3736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:09:39.0703 3736 RasPppoe - ok
17:09:39.0750 3736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:09:39.0750 3736 Raspti - ok
17:09:39.0796 3736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:09:39.0812 3736 Rdbss - ok
17:09:39.0843 3736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:09:39.0843 3736 RDPCDD - ok
17:09:39.0875 3736 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:09:39.0890 3736 rdpdr - ok
17:09:39.0953 3736 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:09:39.0953 3736 RDPWD - ok
17:09:40.0031 3736 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:09:40.0031 3736 redbook - ok
17:09:40.0140 3736 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
17:09:40.0140 3736 RTL8023xp - ok
17:09:40.0171 3736 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:09:40.0171 3736 rtl8139 - ok
17:09:40.0359 3736 SAVRT (a00d5aa4748a1002590f08aa00fc660d) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
17:09:40.0359 3736 SAVRT - ok
17:09:40.0421 3736 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
17:09:40.0421 3736 SAVRTPEL - ok
17:09:40.0625 3736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:09:40.0640 3736 Secdrv - ok
17:09:40.0734 3736 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:09:40.0734 3736 Serenum - ok
17:09:40.0796 3736 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:09:40.0796 3736 Serial - ok
17:09:40.0843 3736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:09:40.0843 3736 Sfloppy - ok
17:09:40.0921 3736 Simbad - ok
17:09:40.0968 3736 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
17:09:40.0968 3736 SISNIC - ok
17:09:40.0984 3736 smserial - ok
17:09:41.0015 3736 Sparrow - ok
17:09:41.0171 3736 SPBBCDrv (7314d3261fd973880e0fa31fa32f515b) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:09:41.0187 3736 SPBBCDrv - ok
17:09:41.0234 3736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:09:41.0234 3736 splitter - ok
17:09:41.0265 3736 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:09:41.0265 3736 sr - ok
17:09:41.0343 3736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:09:41.0359 3736 Srv - ok
17:09:41.0406 3736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:09:41.0406 3736 swenum - ok
17:09:41.0437 3736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:09:41.0437 3736 swmidi - ok
17:09:41.0468 3736 symc810 - ok
17:09:41.0500 3736 symc8xx - ok
17:09:41.0562 3736 SYMDNS (02b571d67f5418b6bf1e3a3d3040553d) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
17:09:41.0562 3736 SYMDNS - ok
17:09:41.0656 3736 SymEvent (432b7e43ca674f358db110938963dcff) C:\Program Files\Symantec\SYMEVENT.SYS
17:09:41.0656 3736 SymEvent - ok
17:09:41.0750 3736 SYMFW (bdde97b5e2ef8a963b2ec50114b02a8d) C:\WINDOWS\System32\Drivers\SYMFW.SYS
17:09:41.0765 3736 SYMFW - ok
17:09:41.0812 3736 SYMIDS (60c111edc4f798c51f8213baae773e07) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
17:09:41.0812 3736 SYMIDS - ok
17:09:41.0953 3736 SYMIDSCO (129e4dd78ce7243b2efda0db05851063) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050303.027\symidsco.sys
17:09:41.0968 3736 SYMIDSCO - ok
17:09:42.0031 3736 SYMNDIS (dca35d53d2c246b2f6a3fe69a13dacde) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
17:09:42.0031 3736 SYMNDIS - ok
17:09:42.0062 3736 SYMREDRV (30e8a3b0d7f13a756714eb5978f2a88b) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:09:42.0078 3736 SYMREDRV - ok
17:09:42.0109 3736 SYMTDI (927f521e1d5d9bc5c60522aadf77e346) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:09:42.0109 3736 SYMTDI - ok
17:09:42.0140 3736 sym_hi - ok
17:09:42.0156 3736 sym_u3 - ok
17:09:42.0218 3736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:09:42.0218 3736 sysaudio - ok
17:09:42.0312 3736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:09:42.0312 3736 Tcpip - ok
17:09:42.0375 3736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:09:42.0375 3736 TDPIPE - ok
17:09:42.0390 3736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:09:42.0390 3736 TDTCP - ok
17:09:42.0421 3736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:09:42.0421 3736 TermDD - ok
17:09:42.0453 3736 TosIde - ok
17:09:42.0500 3736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:09:42.0500 3736 Udfs - ok
17:09:42.0515 3736 ultra - ok
17:09:42.0546 3736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:09:42.0562 3736 Update - ok
17:09:42.0625 3736 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:09:42.0640 3736 USBAAPL - ok
17:09:42.0671 3736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:09:42.0671 3736 usbccgp - ok
17:09:42.0718 3736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:09:42.0718 3736 usbehci - ok
17:09:42.0734 3736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:09:42.0734 3736 usbhub - ok
17:09:42.0765 3736 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:09:42.0765 3736 usbohci - ok
17:09:42.0796 3736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:09:42.0796 3736 usbprint - ok
17:09:42.0828 3736 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:09:42.0843 3736 usbscan - ok
17:09:42.0875 3736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:09:42.0875 3736 USBSTOR - ok
17:09:42.0906 3736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:09:42.0906 3736 usbuhci - ok
17:09:42.0921 3736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:09:42.0921 3736 VgaSave - ok
17:09:42.0953 3736 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:09:42.0953 3736 ViaIde - ok
17:09:42.0984 3736 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:09:42.0984 3736 VolSnap - ok
17:09:43.0046 3736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:09:43.0046 3736 Wanarp - ok
17:09:43.0125 3736 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:09:43.0140 3736 Wdf01000 - ok
17:09:43.0156 3736 WDICA - ok
17:09:43.0203 3736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:09:43.0203 3736 wdmaud - ok
17:09:43.0312 3736 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:09:43.0312 3736 WS2IFSL - ok
17:09:43.0390 3736 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
17:09:43.0421 3736 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
17:09:43.0421 3736 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
17:09:43.0421 3736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:09:43.0421 3736 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:09:43.0437 3736 Boot (0x1200) (9fd5ed393556a6465dc8c129ae1f011c) \Device\Harddisk0\DR0\Partition0
17:09:43.0437 3736 \Device\Harddisk0\DR0\Partition0 - ok
17:09:43.0468 3736 Boot (0x1200) (e82faa58481574e3748a424cfc8ece56) \Device\Harddisk0\DR0\Partition1
17:09:43.0484 3736 \Device\Harddisk0\DR0\Partition1 - ok
17:09:43.0484 3736 ============================================================
17:09:43.0484 3736 Scan finished
17:09:43.0484 3736 ============================================================
17:09:43.0500 1528 Detected object count: 3
17:09:43.0500 1528 Actual detected object count: 3
17:10:29.0703 1528 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
17:10:29.0718 1528 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
17:10:31.0765 1528 Backup copy found, using it..
17:10:31.0781 1528 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
17:10:34.0000 1528 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
17:10:34.0046 1528 \Device\Harddisk0\DR0\# - copied to quarantine
17:10:34.0046 1528 \Device\Harddisk0\DR0 - copied to quarantine
17:10:34.0078 1528 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
17:10:34.0093 1528 \Device\Harddisk0\DR0 - ok
17:10:34.0093 1528 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
17:10:34.0093 1528 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:10:34.0093 1528 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:10:40.0234 1960 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users