Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware/FakeAV


  • This topic is locked This topic is locked
7 replies to this topic

#1 Mista99

Mista99

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 20 April 2012 - 04:45 AM

Hi,
I am wondering just why my malwarebytes program keeps blocking incoming and outgoing access to a potential harmful website..I have the IP address and did a Whois on the address and it came up to a German website...www.3raphegatastus, as far as I know I do not have any dealings with these guys.

These are the sites details, am wondering if I can permanantely block this IP address somehow

IP Information for 83.133.124.191
IP Location: Germany Germany Hanau Lambdanet Communications Deutschland Ag
ASN: AS31197
IP Address: 83.133.124.191 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
Reverse IP: 2 websites use this address. (examples: 3raphegatastusus.com bmeyymltec-k98rws6sw.com)

inetnum: 83.133.96.0 - 83.133.127.255
netname: LNCDE-GREATNET-NEWMEDIA
descr: Greatnet New Media.
country: DE
admin-c: FL1331-RIPE
tech-c: FL1331-RIPE
status: ASSIGNED PA
mnt-by: LNC-MNT
mnt-lower: LNC-MNT
source: RIPE # Filtered

person: Frazzetta Lindner
address: Greatnet New Media
address: Brentenstrasse 4a
address: D-83734 Hausham
address: Germany
phone: +49 1805 47328638
fax-no: +49 1805 444894696
nic-hdl: FL1331-RIPE
abuse-mailbox:
mnt-by: LNC-MNT
source: RIPE # Filtered

route: 83.133.0.0/16
descr: Lambdanet Operations - German region
origin: AS13237
mnt-by: LNC-MNT
source: RIPE # Filtered

I am running Win XP SP3
I did find this virus on a post on here and believe it to be a Rootkit
I also keep getting my Panda Scanner picking up that it is finding .dll files in my system32 folder that are infected and I have been removing them. I did run a full check with both MBAM ( found a rootkit in my Recycler) and Spybot SD( picked up nothing, both are uptodate and running fine.
I downloaded Security Check, FSS and mini tool box and have the results

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 20 April 2012 - 11:48 AM

Hello and welcome. please run these next.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

>>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Mista99

Mista99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 20 April 2012 - 04:49 PM

Hi BoopMe,
Many thanks with your help with this, I was able to run TDSSKiller but it did want me to reboot...this is the result file with that scan. After restarting it, it ran a 2nd scan and no objects were found.

15:08:35.0859 5412 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
15:08:37.0859 5412 ============================================================
15:08:37.0859 5412 Current date / time: 2012/04/20 15:08:37.0859
15:08:37.0859 5412 SystemInfo:
15:08:37.0859 5412
15:08:37.0859 5412 OS Version: 5.1.2600 ServicePack: 3.0
15:08:37.0859 5412 Product type: Workstation
15:08:37.0859 5412 ComputerName: DADS
15:08:37.0859 5412 UserName: Al
15:08:37.0859 5412 Windows directory: C:\WINDOWS
15:08:37.0859 5412 System windows directory: C:\WINDOWS
15:08:37.0859 5412 Processor architecture: Intel x86
15:08:37.0859 5412 Number of processors: 2
15:08:37.0859 5412 Page size: 0x1000
15:08:37.0859 5412 Boot type: Normal boot
15:08:37.0859 5412 ============================================================
15:08:39.0562 5412 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:08:39.0593 5412 \Device\Harddisk0\DR0:
15:08:39.0593 5412 MBR partitions:
15:08:39.0593 5412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
15:08:39.0734 5412 C: <-> \Device\Harddisk0\DR0\Partition0
15:08:39.0750 5412 Initialize success
15:08:39.0750 5412 ============================================================
15:08:46.0000 5384 ============================================================
15:08:46.0000 5384 Scan started
15:08:46.0000 5384 Mode: Manual;
15:08:46.0000 5384 ============================================================
15:08:46.0140 5384 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:08:46.0171 5384 !SASCORE - ok
15:08:46.0265 5384 Abiosdsk - ok
15:08:46.0281 5384 abp480n5 - ok
15:08:46.0343 5384 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:08:46.0359 5384 ACPI - ok
15:08:46.0406 5384 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:08:46.0406 5384 ACPIEC - ok
15:08:46.0484 5384 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:08:46.0484 5384 ADIHdAudAddService - ok
15:08:46.0515 5384 adpu160m - ok
15:08:46.0562 5384 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
15:08:46.0578 5384 AEAudioService - ok
15:08:46.0609 5384 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:08:46.0609 5384 aec - ok
15:08:46.0687 5384 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:08:46.0687 5384 AFD - ok
15:08:46.0718 5384 agpcpq - ok
15:08:46.0734 5384 Aha154x - ok
15:08:46.0734 5384 aic78u2 - ok
15:08:46.0750 5384 aic78xx - ok
15:08:46.0796 5384 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:08:46.0796 5384 Alerter - ok
15:08:46.0828 5384 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:08:46.0859 5384 ALG - ok
15:08:46.0875 5384 AliIde - ok
15:08:46.0937 5384 AmFSM (ef9dd27aa5a3baaf2fd2b44c08a3e622) C:\WINDOWS\system32\DRIVERS\amm8651.sys
15:08:46.0937 5384 AmFSM - ok
15:08:46.0968 5384 amsint - ok
15:08:47.0062 5384 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:08:47.0078 5384 Apple Mobile Device - ok
15:08:47.0140 5384 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:08:47.0140 5384 AppMgmt - ok
15:08:47.0187 5384 asc - ok
15:08:47.0218 5384 asc3350p - ok
15:08:47.0218 5384 asc3550 - ok
15:08:47.0296 5384 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
15:08:47.0328 5384 asdsrv - ok
15:08:47.0468 5384 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:08:47.0484 5384 aspnet_state - ok
15:08:47.0546 5384 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:08:47.0562 5384 AsyncMac - ok
15:08:47.0609 5384 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:08:47.0609 5384 atapi - ok
15:08:47.0671 5384 AtcL001 (f43673d97b9df66999c3dfa6e538ef5b) C:\WINDOWS\system32\DRIVERS\l151x86.sys
15:08:47.0671 5384 AtcL001 - ok
15:08:47.0703 5384 Atdisk - ok
15:08:47.0765 5384 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:08:47.0765 5384 Atmarpc - ok
15:08:47.0796 5384 Atmuni - ok
15:08:47.0906 5384 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:08:47.0906 5384 AudioSrv - ok
15:08:47.0968 5384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:08:47.0968 5384 audstub - ok
15:08:48.0000 5384 AvFlt - ok
15:08:48.0062 5384 avfsmn (0dd083cf4f58bd8aae850d3931f1aa98) C:\WINDOWS\system32\DRIVERS\avfsmn.sys
15:08:48.0062 5384 avfsmn - ok
15:08:48.0109 5384 avhips (908604bc15c3aa0052c791cb31e732a3) C:\WINDOWS\system32\DRIVERS\avhips.sys
15:08:48.0109 5384 avhips - ok
15:08:48.0140 5384 backupexecalertserver - ok
15:08:48.0250 5384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:08:48.0250 5384 Beep - ok
15:08:48.0328 5384 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:08:48.0359 5384 BITS - ok
15:08:48.0437 5384 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:08:48.0484 5384 Bonjour Service - ok
15:08:48.0609 5384 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:08:48.0609 5384 Browser - ok
15:08:48.0625 5384 Cam5603C - ok
15:08:48.0671 5384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:08:48.0671 5384 cbidf2k - ok
15:08:48.0734 5384 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:08:48.0734 5384 CCDECODE - ok
15:08:48.0750 5384 cd20xrnt - ok
15:08:48.0828 5384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:08:48.0828 5384 Cdaudio - ok
15:08:48.0843 5384 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:08:48.0843 5384 Cdfs - ok
15:08:48.0906 5384 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:08:48.0906 5384 Cdrom - ok
15:08:48.0921 5384 Changer - ok
15:08:48.0953 5384 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:08:48.0984 5384 CiSvc - ok
15:08:49.0015 5384 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:08:49.0046 5384 ClipSrv - ok
15:08:49.0125 5384 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:08:49.0156 5384 clr_optimization_v2.0.50727_32 - ok
15:08:49.0156 5384 CmdIde - ok
15:08:49.0171 5384 COMSysApp - ok
15:08:49.0187 5384 Cpqarray - ok
15:08:49.0234 5384 cpuidlep - ok
15:08:49.0281 5384 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:08:49.0296 5384 CryptSvc - ok
15:08:49.0328 5384 dac2w2k - ok
15:08:49.0343 5384 dac960nt - ok
15:08:49.0406 5384 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:08:49.0421 5384 DcomLaunch - ok
15:08:49.0468 5384 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
15:08:49.0468 5384 dgderdrv - ok
15:08:49.0546 5384 dg_ssudbus (d8522960163fa593694e441194a9a574) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
15:08:49.0562 5384 dg_ssudbus - ok
15:08:49.0656 5384 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:08:49.0656 5384 Dhcp - ok
15:08:49.0687 5384 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:08:49.0687 5384 Disk - ok
15:08:49.0703 5384 dmadmin - ok
15:08:49.0765 5384 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:08:49.0781 5384 dmboot - ok
15:08:49.0796 5384 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:08:49.0796 5384 dmio - ok
15:08:49.0812 5384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:08:49.0812 5384 dmload - ok
15:08:49.0859 5384 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:08:49.0859 5384 dmserver - ok
15:08:49.0875 5384 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:08:49.0890 5384 DMusic - ok
15:08:49.0937 5384 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:08:49.0937 5384 Dnscache - ok
15:08:49.0984 5384 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:08:49.0984 5384 Dot3svc - ok
15:08:50.0000 5384 dpti2o - ok
15:08:50.0062 5384 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:08:50.0062 5384 drmkaud - ok
15:08:50.0093 5384 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:08:50.0093 5384 EapHost - ok
15:08:50.0156 5384 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
15:08:50.0187 5384 ehRecvr - ok
15:08:50.0250 5384 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
15:08:50.0281 5384 ehSched - ok
15:08:50.0375 5384 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
15:08:50.0421 5384 EpsonBidirectionalService - ok
15:08:50.0484 5384 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:08:50.0484 5384 ERSvc - ok
15:08:50.0546 5384 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:08:50.0609 5384 Eventlog - ok
15:08:50.0656 5384 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:08:50.0671 5384 EventSystem - ok
15:08:50.0734 5384 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:08:50.0734 5384 Fastfat - ok
15:08:50.0812 5384 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:08:50.0812 5384 FastUserSwitchingCompatibility - ok
15:08:50.0843 5384 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:08:50.0843 5384 Fdc - ok
15:08:51.0000 5384 FileMonitor (105df2089fea245e8f80984ae91158dc) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
15:08:51.0015 5384 FileMonitor - ok
15:08:51.0046 5384 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:08:51.0046 5384 Fips - ok
15:08:51.0062 5384 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:08:51.0062 5384 Flpydisk - ok
15:08:51.0125 5384 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:08:51.0125 5384 FltMgr - ok
15:08:51.0218 5384 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:08:51.0234 5384 FontCache3.0.0.0 - ok
15:08:51.0312 5384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:08:51.0312 5384 Fs_Rec - ok
15:08:51.0375 5384 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:08:51.0375 5384 Ftdisk - ok
15:08:51.0453 5384 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:08:51.0453 5384 GEARAspiWDM - ok
15:08:51.0515 5384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:08:51.0515 5384 Gpc - ok
15:08:51.0546 5384 grmnusb - ok
15:08:51.0593 5384 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
15:08:51.0593 5384 HdAudAddService - ok
15:08:51.0656 5384 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:08:51.0656 5384 HDAudBus - ok
15:08:51.0734 5384 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:08:51.0734 5384 helpsvc - ok
15:08:51.0750 5384 HidServ - ok
15:08:51.0828 5384 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:08:51.0828 5384 hidusb - ok
15:08:51.0875 5384 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:08:51.0875 5384 hkmsvc - ok
15:08:51.0921 5384 hpn - ok
15:08:52.0000 5384 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:08:52.0000 5384 HTTP - ok
15:08:52.0062 5384 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:08:52.0062 5384 HTTPFilter - ok
15:08:52.0109 5384 i2omgmt - ok
15:08:52.0156 5384 i2omp - ok
15:08:52.0234 5384 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:08:52.0234 5384 i8042prt - ok
15:08:52.0265 5384 i81x - ok
15:08:52.0375 5384 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:08:52.0421 5384 idsvc - ok
15:08:52.0437 5384 iifkgi - ok
15:08:52.0484 5384 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:08:52.0484 5384 Imapi - ok
15:08:52.0562 5384 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:08:52.0593 5384 ImapiService - ok
15:08:52.0703 5384 IMFservice (491fb9e6c0bd1383884d64ea5b886ad8) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
15:08:52.0765 5384 IMFservice - ok
15:08:52.0875 5384 ini910u - ok
15:08:52.0921 5384 IntelIde - ok
15:08:53.0015 5384 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:08:53.0015 5384 intelppm - ok
15:08:53.0046 5384 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:08:53.0062 5384 Ip6Fw - ok
15:08:53.0125 5384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:08:53.0125 5384 IpFilterDriver - ok
15:08:53.0187 5384 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:08:53.0187 5384 IpInIp - ok
15:08:53.0250 5384 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:08:53.0250 5384 IpNat - ok
15:08:53.0343 5384 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
15:08:53.0390 5384 iPod Service - ok
15:08:53.0484 5384 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:08:53.0484 5384 IPSec - ok
15:08:53.0531 5384 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:08:53.0531 5384 IRENUM - ok
15:08:53.0562 5384 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:08:53.0562 5384 isapnp - ok
15:08:53.0578 5384 jailm - ok
15:08:53.0671 5384 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
15:08:53.0703 5384 JavaQuickStarterService - ok
15:08:53.0781 5384 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:08:53.0781 5384 Kbdclass - ok
15:08:53.0796 5384 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:08:53.0812 5384 kmixer - ok
15:08:53.0906 5384 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
15:08:53.0906 5384 KMWDFILTER - ok
15:08:53.0984 5384 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:08:53.0984 5384 KSecDD - ok
15:08:54.0078 5384 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:08:54.0078 5384 lanmanserver - ok
15:08:54.0125 5384 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:08:54.0125 5384 lanmanworkstation - ok
15:08:54.0156 5384 lbrtfdc - ok
15:08:54.0234 5384 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:08:54.0234 5384 LmHosts - ok
15:08:54.0281 5384 lxcz_device - ok
15:08:54.0328 5384 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
15:08:54.0328 5384 mbamchameleon - ok
15:08:54.0390 5384 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
15:08:54.0390 5384 MBAMProtector - ok
15:08:54.0515 5384 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:08:54.0546 5384 MBAMService - ok
15:08:54.0656 5384 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
15:08:54.0671 5384 McrdSvc - ok
15:08:54.0734 5384 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:08:54.0734 5384 Messenger - ok
15:08:54.0812 5384 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
15:08:54.0812 5384 MHN - ok
15:08:54.0875 5384 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:08:54.0875 5384 MHNDRV - ok
15:08:54.0921 5384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:08:54.0921 5384 mnmdd - ok
15:08:54.0968 5384 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:08:55.0000 5384 mnmsrvc - ok
15:08:55.0046 5384 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:08:55.0046 5384 Modem - ok
15:08:55.0093 5384 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
15:08:55.0093 5384 motccgp - ok
15:08:55.0156 5384 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
15:08:55.0156 5384 motccgpfl - ok
15:08:55.0203 5384 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
15:08:55.0203 5384 motmodem - ok
15:08:55.0265 5384 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
15:08:55.0265 5384 motport - ok
15:08:55.0343 5384 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:08:55.0343 5384 Mouclass - ok
15:08:55.0406 5384 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:08:55.0406 5384 mouhid - ok
15:08:55.0453 5384 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:08:55.0453 5384 MountMgr - ok
15:08:55.0468 5384 mraid35x - ok
15:08:55.0515 5384 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:08:55.0515 5384 MRxDAV - ok
15:08:55.0625 5384 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:08:55.0625 5384 MRxSmb - ok
15:08:55.0687 5384 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:08:55.0718 5384 MSDTC - ok
15:08:55.0750 5384 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:08:55.0750 5384 Msfs - ok
15:08:55.0781 5384 MSIServer - ok
15:08:55.0843 5384 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:08:55.0843 5384 MSKSSRV - ok
15:08:55.0890 5384 msmpsvc - ok
15:08:55.0968 5384 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:08:55.0968 5384 MSPCLOCK - ok
15:08:56.0031 5384 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:08:56.0031 5384 MSPQM - ok
15:08:56.0125 5384 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:08:56.0125 5384 mssmbios - ok
15:08:56.0156 5384 MSSQL$MSSMLBIZ - ok
15:08:56.0234 5384 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:08:56.0234 5384 MSTEE - ok
15:08:56.0312 5384 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:08:56.0312 5384 MTsensor - ok
15:08:56.0375 5384 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:08:56.0390 5384 Mup - ok
15:08:56.0437 5384 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:08:56.0437 5384 NABTSFEC - ok
15:08:56.0515 5384 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:08:56.0515 5384 napagent - ok
15:08:56.0562 5384 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:08:56.0562 5384 NDIS - ok
15:08:56.0593 5384 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:08:56.0593 5384 NdisIP - ok
15:08:56.0671 5384 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:08:56.0687 5384 NdisTapi - ok
15:08:56.0718 5384 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:08:56.0718 5384 Ndisuio - ok
15:08:56.0750 5384 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:08:56.0750 5384 NdisWan - ok
15:08:56.0843 5384 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:08:56.0843 5384 NDProxy - ok
15:08:56.0875 5384 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:08:56.0875 5384 NetBIOS - ok
15:08:56.0937 5384 NetBT (3c90397f247578e9d7d488da1e40f4fb) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:08:56.0937 5384 NetBT ( Virus.Win32.ZAccess.k ) - infected
15:08:56.0937 5384 NetBT - detected Virus.Win32.ZAccess.k (0)
15:08:57.0015 5384 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:08:57.0062 5384 NetDDE - ok
15:08:57.0078 5384 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:08:57.0078 5384 NetDDEdsdm - ok
15:08:57.0109 5384 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:08:57.0140 5384 Netlogon - ok
15:08:57.0218 5384 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:08:57.0218 5384 Netman - ok
15:08:57.0281 5384 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:08:57.0328 5384 NetTcpPortSharing - ok
15:08:57.0359 5384 njiyt - ok
15:08:57.0453 5384 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:08:57.0453 5384 Nla - ok
15:08:57.0484 5384 nlsvc - ok
15:08:57.0578 5384 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:08:57.0578 5384 Npfs - ok
15:08:57.0609 5384 nsysaudm - ok
15:08:57.0734 5384 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:08:57.0734 5384 Ntfs - ok
15:08:57.0796 5384 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:08:57.0796 5384 NtLmSsp - ok
15:08:57.0859 5384 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:08:57.0875 5384 NtmsSvc - ok
15:08:57.0953 5384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:08:57.0953 5384 Null - ok
15:08:58.0375 5384 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:08:58.0781 5384 nv - ok
15:08:58.0921 5384 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
15:08:58.0937 5384 NVSvc - ok
15:08:59.0062 5384 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:08:59.0187 5384 nvUpdatusService - ok
15:08:59.0281 5384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:08:59.0281 5384 NwlnkFlt - ok
15:08:59.0312 5384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:08:59.0312 5384 NwlnkFwd - ok
15:08:59.0375 5384 Panda Software Controller (78b7642b0c51f24f0835c0226540d58b) C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
15:08:59.0406 5384 Panda Software Controller - ok
15:08:59.0515 5384 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:08:59.0515 5384 Parport - ok
15:08:59.0531 5384 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:08:59.0531 5384 PartMgr - ok
15:08:59.0562 5384 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:08:59.0562 5384 ParVdm - ok
15:08:59.0609 5384 pavboot (55d654258a9c509b671310c314bd30b4) C:\WINDOWS\system32\drivers\pavboot.sys
15:08:59.0609 5384 pavboot - ok
15:08:59.0765 5384 PAVFNSVR (ae848c1613c8738bb83adab4f0845e84) C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
15:08:59.0781 5384 PAVFNSVR - ok
15:08:59.0906 5384 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\WINDOWS\system32\DRIVERS\PavProc.sys
15:08:59.0906 5384 PavProc - ok
15:08:59.0968 5384 PavPrSrv (2ae3f6b23448443bbef5de207159213b) C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
15:09:00.0000 5384 PavPrSrv - ok
15:09:00.0015 5384 PavSRK.sys - ok
15:09:00.0156 5384 PAVSRV (97005413310966001fb6f4a5c503149c) C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
15:09:00.0156 5384 PAVSRV - ok
15:09:00.0171 5384 PavTPK.sys - ok
15:09:00.0234 5384 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:09:00.0234 5384 PCI - ok
15:09:00.0234 5384 PCIDump - ok
15:09:00.0265 5384 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:09:00.0265 5384 PCIIde - ok
15:09:00.0296 5384 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:09:00.0296 5384 Pcmcia - ok
15:09:00.0312 5384 PDCOMP - ok
15:09:00.0343 5384 PDFRAME - ok
15:09:00.0359 5384 PDRELI - ok
15:09:00.0421 5384 PDRFRAME - ok
15:09:00.0484 5384 pejaihbl - ok
15:09:00.0546 5384 perc2 - ok
15:09:00.0578 5384 perc2hib - ok
15:09:00.0656 5384 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:09:00.0656 5384 PlugPlay - ok
15:09:00.0703 5384 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:09:00.0703 5384 PolicyAgent - ok
15:09:00.0781 5384 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:09:00.0781 5384 PptpMiniport - ok
15:09:00.0812 5384 procexp100 - ok
15:09:00.0843 5384 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:09:00.0843 5384 ProtectedStorage - ok
15:09:00.0890 5384 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:09:00.0890 5384 PSched - ok
15:09:00.0890 5384 pserve - ok
15:09:01.0046 5384 PSIMSVC (196c450f2779d0b462c444da4906ea7f) C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
15:09:01.0078 5384 PSIMSVC - ok
15:09:01.0140 5384 PskSvcRetail (341457b79b3fc31a80c346c767045879) C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
15:09:01.0140 5384 PskSvcRetail - ok
15:09:01.0234 5384 PTDCMdm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MSFWHLPR.dll
15:09:01.0250 5384 PTDCMdm ( Backdoor.Multi.ZAccess.gen ) - infected
15:09:01.0250 5384 PTDCMdm - detected Backdoor.Multi.ZAccess.gen (0)
15:09:01.0281 5384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:09:01.0281 5384 Ptilink - ok
15:09:01.0343 5384 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:09:01.0343 5384 PxHelp20 - ok
15:09:01.0406 5384 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
15:09:01.0406 5384 QCDonner - ok
15:09:01.0421 5384 qkbfiltr - ok
15:09:01.0468 5384 ql1080 - ok
15:09:01.0484 5384 Ql10wnt - ok
15:09:01.0531 5384 ql12160 - ok
15:09:01.0546 5384 ql1240 - ok
15:09:01.0562 5384 ql1280 - ok
15:09:01.0593 5384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:09:01.0593 5384 RasAcd - ok
15:09:01.0625 5384 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:09:01.0640 5384 RasAuto - ok
15:09:01.0718 5384 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:09:01.0718 5384 Rasl2tp - ok
15:09:01.0796 5384 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:09:01.0796 5384 RasMan - ok
15:09:01.0828 5384 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:09:01.0828 5384 RasPppoe - ok
15:09:01.0875 5384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:09:01.0875 5384 Raspti - ok
15:09:01.0906 5384 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:09:01.0906 5384 Rdbss - ok
15:09:01.0937 5384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:09:01.0937 5384 RDPCDD - ok
15:09:01.0984 5384 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:09:02.0000 5384 rdpdr - ok
15:09:02.0078 5384 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:09:02.0078 5384 RDPWD - ok
15:09:02.0156 5384 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:09:02.0187 5384 RDSessMgr - ok
15:09:02.0234 5384 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:09:02.0234 5384 redbook - ok
15:09:02.0390 5384 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
15:09:02.0390 5384 RegFilter - ok
15:09:02.0453 5384 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:09:02.0468 5384 RemoteAccess - ok
15:09:02.0515 5384 remoterecord - ok
15:09:02.0593 5384 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:09:02.0593 5384 RemoteRegistry - ok
15:09:02.0625 5384 REVO - ok
15:09:02.0687 5384 RkPavproc1 (ad291c360a62ff1309174e777476d21e) C:\WINDOWS\system32\drivers\RkPavproc1.sys
15:09:02.0687 5384 RkPavproc1 - ok
15:09:02.0734 5384 RkPavproc2 - ok
15:09:02.0765 5384 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:09:02.0828 5384 RpcLocator - ok
15:09:02.0859 5384 rpcnet - ok
15:09:02.0953 5384 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:09:02.0953 5384 RpcSs - ok
15:09:02.0984 5384 rsuq - ok
15:09:03.0031 5384 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:09:03.0031 5384 RSVP - ok
15:09:03.0078 5384 rtl8139 - ok
15:09:03.0109 5384 s125bus - ok
15:09:03.0109 5384 s616mgmt - ok
15:09:03.0171 5384 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:09:03.0171 5384 SamSs - ok
15:09:03.0234 5384 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:09:03.0234 5384 SASDIFSV - ok
15:09:03.0265 5384 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:09:03.0265 5384 SASKUTIL - ok
15:09:03.0359 5384 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:09:03.0375 5384 SCardSvr - ok
15:09:03.0437 5384 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:09:03.0453 5384 Schedule - ok
15:09:03.0531 5384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:09:03.0531 5384 Secdrv - ok
15:09:03.0578 5384 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:09:03.0578 5384 seclogon - ok
15:09:03.0640 5384 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
15:09:03.0656 5384 SenFiltService - ok
15:09:03.0718 5384 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:09:03.0718 5384 SENS - ok
15:09:03.0781 5384 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:09:03.0796 5384 serenum - ok
15:09:03.0828 5384 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:09:03.0828 5384 Serial - ok
15:09:03.0875 5384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:09:03.0875 5384 Sfloppy - ok
15:09:03.0968 5384 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:09:03.0968 5384 SharedAccess - ok
15:09:04.0031 5384 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:09:04.0031 5384 ShellHWDetection - ok
15:09:04.0109 5384 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys
15:09:04.0109 5384 ShldDrv - ok
15:09:04.0125 5384 Simbad - ok
15:09:04.0187 5384 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:09:04.0187 5384 SLIP - ok
15:09:04.0234 5384 Sparrow - ok
15:09:04.0281 5384 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:09:04.0281 5384 splitter - ok
15:09:04.0359 5384 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:09:04.0406 5384 Spooler - ok
15:09:04.0437 5384 sprtsvc_smartagent - ok
15:09:04.0484 5384 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:09:04.0484 5384 sr - ok
15:09:04.0546 5384 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:09:04.0546 5384 srservice - ok
15:09:04.0625 5384 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:09:04.0625 5384 Srv - ok
15:09:04.0671 5384 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:09:04.0671 5384 SSDPSRV - ok
15:09:04.0718 5384 ssudmdm (1b4052f016ba5e087689aba536a0a927) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:09:04.0718 5384 ssudmdm - ok
15:09:04.0781 5384 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:09:04.0781 5384 stisvc - ok
15:09:04.0843 5384 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:09:04.0843 5384 streamip - ok
15:09:04.0890 5384 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:09:04.0890 5384 swenum - ok
15:09:04.0937 5384 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:09:04.0937 5384 swmidi - ok
15:09:04.0984 5384 SwPrv - ok
15:09:05.0015 5384 symc810 - ok
15:09:05.0031 5384 symc8xx - ok
15:09:05.0046 5384 sym_hi - ok
15:09:05.0046 5384 sym_u3 - ok
15:09:05.0078 5384 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:09:05.0078 5384 sysaudio - ok
15:09:05.0125 5384 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:09:05.0156 5384 SysmonLog - ok
15:09:05.0234 5384 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:09:05.0250 5384 TapiSrv - ok
15:09:05.0250 5384 tb2launch - ok
15:09:05.0359 5384 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:09:05.0359 5384 Tcpip - ok
15:09:05.0406 5384 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:09:05.0406 5384 TDPIPE - ok
15:09:05.0484 5384 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:09:05.0484 5384 TDTCP - ok
15:09:05.0531 5384 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:09:05.0531 5384 TermDD - ok
15:09:05.0609 5384 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:09:05.0625 5384 TermService - ok
15:09:05.0718 5384 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:09:05.0718 5384 Themes - ok
15:09:05.0781 5384 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:09:05.0812 5384 TlntSvr - ok
15:09:05.0843 5384 TosIde - ok
15:09:05.0875 5384 tosrfbd - ok
15:09:06.0031 5384 TPSrv (eacbb8e02114329dddece593aedc61fe) C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
15:09:06.0046 5384 TPSrv - ok
15:09:06.0093 5384 trcboot - ok
15:09:06.0140 5384 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:09:06.0140 5384 TrkWks - ok
15:09:06.0156 5384 TSHWMDTCP - ok
15:09:06.0218 5384 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:09:06.0218 5384 Udfs - ok
15:09:06.0265 5384 ultra - ok
15:09:06.0312 5384 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:09:06.0328 5384 Update - ok
15:09:06.0375 5384 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:09:06.0375 5384 upnphost - ok
15:09:06.0437 5384 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:09:06.0468 5384 UPS - ok
15:09:06.0609 5384 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
15:09:06.0609 5384 UrlFilter - ok
15:09:06.0734 5384 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:09:06.0734 5384 usbccgp - ok
15:09:06.0828 5384 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:09:06.0828 5384 usbehci - ok
15:09:06.0875 5384 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:09:06.0875 5384 usbhub - ok
15:09:06.0906 5384 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:09:06.0906 5384 usbprint - ok
15:09:06.0984 5384 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:09:06.0984 5384 usbscan - ok
15:09:07.0046 5384 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:09:07.0062 5384 usbstor - ok
15:09:07.0093 5384 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:09:07.0093 5384 usbuhci - ok
15:09:07.0125 5384 vaiomediaplatform-musicserver-appserver - ok
15:09:07.0203 5384 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:09:07.0203 5384 VgaSave - ok
15:09:07.0234 5384 ViaIde - ok
15:09:07.0281 5384 viamraid - ok
15:09:07.0343 5384 vmnetadapter - ok
15:09:07.0406 5384 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:09:07.0406 5384 VolSnap - ok
15:09:07.0484 5384 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:09:07.0515 5384 VSS - ok
15:09:07.0593 5384 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:09:07.0593 5384 W32Time - ok
15:09:07.0671 5384 W55U01 - ok
15:09:07.0765 5384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:09:07.0765 5384 Wanarp - ok
15:09:07.0843 5384 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:09:07.0875 5384 Wdf01000 - ok
15:09:07.0921 5384 WDICA - ok
15:09:08.0000 5384 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:09:08.0000 5384 wdmaud - ok
15:09:08.0046 5384 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:09:08.0046 5384 WebClient - ok
15:09:08.0093 5384 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:09:08.0109 5384 winmgmt - ok
15:09:08.0187 5384 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:09:08.0187 5384 WmdmPmSN - ok
15:09:08.0296 5384 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:09:08.0296 5384 Wmi - ok
15:09:08.0343 5384 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:09:08.0359 5384 WmiApSrv - ok
15:09:08.0468 5384 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:09:08.0546 5384 WMPNetworkSvc - ok
15:09:08.0671 5384 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:09:08.0687 5384 WpdUsb - ok
15:09:08.0687 5384 wpsscannersvc - ok
15:09:08.0734 5384 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:09:08.0734 5384 WS2IFSL - ok
15:09:08.0796 5384 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:09:08.0796 5384 WSTCODEC - ok
15:09:08.0859 5384 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:09:08.0859 5384 wuauserv - ok
15:09:08.0953 5384 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:09:08.0953 5384 WudfPf - ok
15:09:09.0000 5384 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:09:09.0000 5384 WudfRd - ok
15:09:09.0046 5384 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:09:09.0046 5384 WudfSvc - ok
15:09:09.0062 5384 WUSB54GPV4SRV - ok
15:09:09.0140 5384 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:09:09.0140 5384 WZCSVC - ok
15:09:09.0187 5384 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:09:09.0187 5384 xmlprov - ok
15:09:09.0218 5384 ykrukwso - ok
15:09:09.0250 5384 zpaction - ok
15:09:09.0281 5384 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:09:09.0312 5384 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
15:09:09.0312 5384 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
15:09:09.0312 5384 Boot (0x1200) (32972b976215575244384194d603497a) \Device\Harddisk0\DR0\Partition0
15:09:09.0312 5384 \Device\Harddisk0\DR0\Partition0 - ok
15:09:09.0312 5384 ============================================================
15:09:09.0312 5384 Scan finished
15:09:09.0312 5384 ============================================================
15:09:09.0328 5176 Detected object count: 3
15:09:09.0328 5176 Actual detected object count: 3
15:10:39.0234 5176 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
15:10:39.0234 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\@ - copied to quarantine
15:10:39.0234 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\cfg.ini - copied to quarantine
15:10:39.0281 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\Desktop.ini - copied to quarantine
15:10:39.0328 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\L\ukxypgat - copied to quarantine
15:10:39.0343 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\oemid - copied to quarantine
15:10:39.0343 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\00000001.@ - copied to quarantine
15:10:39.0390 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\00000002.@ - copied to quarantine
15:10:39.0406 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\00000004.@ - copied to quarantine
15:10:39.0437 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\80000000.@ - copied to quarantine
15:10:39.0437 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\80000004.@ - copied to quarantine
15:10:39.0484 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\80000032.@ - copied to quarantine
15:10:39.0546 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\version - copied to quarantine
15:10:39.0671 5176 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
15:10:43.0437 5176 Backup copy found, using it..
15:10:43.0468 5176 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
15:10:46.0562 5176 C:\WINDOWS\$NtUninstallKB2341$\2002533509 - will be deleted on reboot
15:10:46.0687 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\@ - will be deleted on reboot
15:10:46.0687 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\cfg.ini - will be deleted on reboot
15:10:46.0687 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\Desktop.ini - will be deleted on reboot
15:10:46.0703 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\oemid - will be deleted on reboot
15:10:46.0718 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\00000001.@ - will be deleted on reboot
15:10:46.0718 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\00000002.@ - will be deleted on reboot
15:10:46.0718 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\00000004.@ - will be deleted on reboot
15:10:46.0718 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\80000000.@ - will be deleted on reboot
15:10:46.0718 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\80000004.@ - will be deleted on reboot
15:10:46.0718 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\U\80000032.@ - will be deleted on reboot
15:10:46.0718 5176 C:\WINDOWS\$NtUninstallKB2341$\3695236453\version - will be deleted on reboot
15:10:46.0734 5176 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
15:10:46.0843 5176 C:\WINDOWS\system32\MSFWHLPR.dll - copied to quarantine
15:10:46.0859 5176 HKLM\SYSTEM\ControlSet004\services\PTDCMdm - will be deleted on reboot
15:10:46.0859 5176 C:\WINDOWS\system32\MSFWHLPR.dll - will be deleted on reboot
15:10:46.0859 5176 PTDCMdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
15:10:47.0203 5176 \Device\Harddisk0\DR0\# - copied to quarantine
15:10:47.0203 5176 \Device\Harddisk0\DR0 - copied to quarantine
15:10:47.0234 5176 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
15:10:47.0234 5176 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:10:47.0250 5176 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
15:10:47.0281 5176 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:10:47.0281 5176 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:10:47.0281 5176 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:10:47.0281 5176 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:10:47.0296 5176 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:10:47.0296 5176 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
15:10:47.0328 5176 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
15:10:47.0328 5176 \Device\Harddisk0\DR0 - ok
15:10:48.0468 5176 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
15:11:33.0562 4416 Deinitialize success

I downloaded the ASWMBR.exe file but when I ran it my Panda blocked and deleted it as it thought it was a heuristic file

Results of the MBAM

as the box for save report file was unchecked, I can only tell you it said no infections found

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 20 April 2012 - 06:47 PM

Ok very good. lets see if we missed anything and then we can mop up.
You say you DID reboot? It was needed.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



A system Check.
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Mista99

Mista99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 21 April 2012 - 06:58 AM

Yes I had to rebooy , the program did not give me any other option...here is the log files

MiniToolBox by Farbar Version: 18-01-2012
Ran by Al (administrator) on 21-04-2012 at 05:52:51
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Dads

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ss.shawcable.net



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : ss.shawcable.net

Description . . . . . . . . . . . : Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Physical Address. . . . . . . . . : 00-18-F3-43-B6-7B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Friday, April 20, 2012 3:12:51 PM

Lease Expires . . . . . . . . . . : Friday, April 27, 2012 3:12:51 PM

1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.0.1

Name: google.com.ss.shawcable.net
Address: 208.69.32.145



Pinging google.com [74.125.226.40] with 32 bytes of data:



Reply from 74.125.226.40: bytes=32 time=44ms TTL=55

Reply from 74.125.226.40: bytes=32 time=45ms TTL=55



Ping statistics for 74.125.226.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 44ms, Maximum = 45ms, Average = 44ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com.ss.shawcable.net
Address: 208.69.32.145



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=90ms TTL=53

Reply from 72.30.38.140: bytes=32 time=298ms TTL=53



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 90ms, Maximum = 298ms, Average = 194ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com.ss.shawcable.net
Address: 208.69.32.145



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 43 b6 7b ...... Attansic L1 Gigabit Ethernet 10/100/1000Base-T Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 20
192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 20
224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 20
255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [325592] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [325592] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [325592] (PC Tools Research Pty Ltd.)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [325592] (PC Tools Research Pty Ltd.)
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/20/2012 04:37:28 AM) (Source: Application Error) (User: )
Description: Faulting application asdtray.exe, version 1.2.0.0, faulting module asdtray.exe, version 1.2.0.0, fault address 0x00019f6e.
Processing media-specific event for [asdtray.exe!ws!]

Error: (04/19/2012 11:01:19 PM) (Source: Application Error) (User: )
Description: Faulting application apvxdwin.exe, version 12.10.12.17, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011766.
Processing media-specific event for [apvxdwin.exe!ws!]

Error: (04/18/2012 06:33:24 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (04/12/2012 03:51:18 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x151ed554.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/19/2012 04:06:48 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/11/2012 11:12:48 AM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 10.0.6871.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/11/2012 11:12:22 AM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 10.0.6871.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/11/2012 11:12:03 AM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 10.0.6871.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/11/2012 11:08:24 AM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 10.0.6871.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/06/2012 10:53:18 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (04/21/2012 05:03:00 AM) (Source: Schedule) (User: )
Description: The At11.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 04:03:00 AM) (Source: Schedule) (User: )
Description: The At9.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 04:03:00 AM) (Source: Schedule) (User: )
Description: The At10.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 03:03:00 AM) (Source: Schedule) (User: )
Description: The At8.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 03:03:00 AM) (Source: Schedule) (User: )
Description: The At7.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 02:03:00 AM) (Source: Schedule) (User: )
Description: The At6.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 02:03:00 AM) (Source: Schedule) (User: )
Description: The At5.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 01:03:00 AM) (Source: Schedule) (User: )
Description: The At4.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 01:03:00 AM) (Source: Schedule) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942402

Error: (04/21/2012 00:03:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.0.16600)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.5.1 (Version: 9.5.1)
Anvi Smart Defender RC2 (Version: RC2)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Attansic Ethernet Utility (Version: 1.0)
Attansic L1 Gigabit Ethernet Driver
BitTorrent (Version: 7.1.0)
BitTorrentBar Toolbar (Version: 6.2.1.8)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.12)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conduit Engine (Version: )
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.2.0)
Epson CreativeZone
Epson Easy Photo Print 2 (Version: 2.2.3.1)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
Epson FAX Utility (Version: 1.10.00)
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 520 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.3 (Version: 3.3b)
ESET Online Scanner v3
EVGA Display Driver (Version: 1.00.000)
Free M4a to MP3 Converter 6.1
Free Mp3 Wma Converter V 1.91 (Version: 1.91.0.0)
FreeRIP v3.5 (Version: 3.5)
GemMaster Mystic
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Innova OBD PC-Link (Version: 1.1.7)
IObit Malware Fighter (Version: 1.0)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Driver Installation 3.7.0 (Version: 3.7.0)
Motorola Phone Tools (Version: 4.30)
Motorola Phone Tools (Version: 5.00)
Motorola Phone Tools (Version: 5.1.7d 3/3/2009)
Motorola Software Update (Version: 01.11.22)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nero Suite
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Drivers
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Octoshape add-in for Adobe Flash Player
OLYMPUS Master 2 (Version: 1.0.13)
Otto
Panda ActiveScan 2.0 (Version: 01.04.01.0014)
Panda Antivirus Pro 2012 (Version: 11.00.00)
Panda Secure Vault 5
Panda Security Toolbar (Version: 3.0.0.6)
Panda Security URL Filtering (Version: 2.0.0.13)
PokerStars
PowerDVD
QuickTime (Version: 7.70.80.34)
RunAlyzer (Version: 1.6.1.24)
Samsung Kies (Version: 2.1.0.11095_121)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.8.0)
SanctionedMedia
SoundMAX (Version: 5.10.01.4151)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1134)
TagScanner 5.1 build 594
Toolbar Cleaner 1.0
TurboTax 2010 (Version: 1.00.0000)
TurboTax 2011 (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Veetle TV 0.9.18 (Version: 0.9.18)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.581 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Winamp Toolbar
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 16.0 (Version: 16.0.9661)

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 1023.17 MB
Available physical RAM: 369.55 MB
Total Pagefile: 2462.98 MB
Available Pagefile: 1439.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.54 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.88 GB) (Free:64.23 GB) NTFS

========================= Users: ========================================

User accounts for \\DADS

Administrator Al ASPNET
Guest HelpAssistant Jords
SUPPORT_388945a0 UpdatusUser


**** End of log ****

Eset results

C:\Documents and Settings\Al\My Documents\Downloads\freeripmp3-setup.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Documents and Settings\Al\My Documents\Downloads\Setup_FreeConverter.exe Win32/Toolbar.Widgi application deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\141KI2MA\4f91412935d15[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MI6ZVUPJ\4f9140fec0d2e[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MI6ZVUPJ\create[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R31WM57T\contact[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R31WM57T\index[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R31WM57T\timepanther_com[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.N trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.A trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.04.2012_15.08.37\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 21 April 2012 - 09:59 AM

Well we found a lot more than just Fake AV,, In fact I believe there is still a Zeroacess rootkit in here and we need to find it,

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Mista99

Mista99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 21 April 2012 - 12:19 PM

Thanks for the help Boop, curious as to why you think I still might have this nasty pest?..everything that it was doing before has stopped...ex: MBAM no longer is telling me it is bloccking incoming and outgoing access to the IP addresses I sent earlier, Panda no longer picking up random dll files as adware etc

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 22 April 2012 - 12:56 PM

All of these in the Winsock Entries in the MINI log can idicate a Zeroaccess rootkit.
Catalog9 04 mswsock.dll [File Not found] ()
We do not want to leave one there and let it grow..



Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Edited by boopme, 22 April 2012 - 01:02 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users