Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Connectivity


  • Please log in to reply
35 replies to this topic

#1 JerryP90

JerryP90

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 02:14 AM

I used tdss following a turorial from the forums. It removed the TDSS but after reboot the internet connection states that is attempting to aquire adress network (IP Address) but it doesnt. I attempted to repair to no avail.


I was able to restore to a prior date and the internet connection is on. I downloaded Windows Security Essentials as my antivirus.

Here is what FSS told me now.

Farbar Service Scanner Version: 09-06-2012
Ran by Compaq_Owner (administrator) on 13-06-2012 at 00:32:37
Running from "C:\Documents and Settings\Compaq_Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
IE proxy is enabled.



Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 05:00] - [2008-04-13 12:21] - 0162816 ____A (MySlarez) 4F36749C2A8B0DCB78E53439D0D907BB

ATTENTION!=====> C:\WINDOWS\system32\Drivers\netbt.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

Edited by hamluis, 13 June 2012 - 07:36 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:44 AM

Posted 13 June 2012 - 09:00 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:44 AM

Posted 13 June 2012 - 09:17 AM

If TDSSkiller removes netbt.sys and if you lose connection,post the new FSS log.DO not try a system restore again :thumbsup:

#4 JerryP90

JerryP90
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 09:52 AM

Heres is TDSS Log.

07:29:39.0609 2656 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:29:40.0140 2656 ============================================================
07:29:40.0140 2656 Current date / time: 2012/06/13 07:29:40.0140
07:29:40.0140 2656 SystemInfo:
07:29:40.0140 2656
07:29:40.0140 2656 OS Version: 5.1.2600 ServicePack: 3.0
07:29:40.0140 2656 Product type: Workstation
07:29:40.0140 2656 ComputerName: YOUR-27E1513D96
07:29:40.0140 2656 UserName: Compaq_Owner
07:29:40.0140 2656 Windows directory: C:\WINDOWS
07:29:40.0140 2656 System windows directory: C:\WINDOWS
07:29:40.0140 2656 Processor architecture: Intel x86
07:29:40.0140 2656 Number of processors: 1
07:29:40.0140 2656 Page size: 0x1000
07:29:40.0140 2656 Boot type: Normal boot
07:29:40.0140 2656 ============================================================
07:29:47.0328 2656 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:29:47.0609 2656 ============================================================
07:29:47.0609 2656 \Device\Harddisk0\DR0:
07:29:47.0984 2656 MBR partitions:
07:29:47.0984 2656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF11CF
07:29:47.0984 2656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDF120E, BlocksNum 0x11C278B3
07:29:47.0984 2656 ============================================================
07:29:48.0093 2656 C: <-> \Device\Harddisk0\DR0\Partition1
07:29:48.0125 2656 D: <-> \Device\Harddisk0\DR0\Partition0
07:29:48.0218 2656 ============================================================
07:29:48.0218 2656 Initialize success
07:29:48.0218 2656 ============================================================
07:30:07.0812 0740 ============================================================
07:30:07.0812 0740 Scan started
07:30:07.0812 0740 Mode: Manual; TDLFS;
07:30:07.0812 0740 ============================================================
07:30:08.0515 0740 6to4 - ok
07:30:08.0546 0740 Abiosdsk - ok
07:30:08.0562 0740 abp480n5 - ok
07:30:08.0625 0740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:30:08.0640 0740 ACPI - ok
07:30:08.0671 0740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:30:08.0718 0740 ACPIEC - ok
07:30:08.0843 0740 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:30:09.0343 0740 AdobeFlashPlayerUpdateSvc - ok
07:30:09.0359 0740 adpu160m - ok
07:30:09.0437 0740 AE1000 (861fda9771c4eb75f17aec4cd171c9b6) C:\WINDOWS\system32\DRIVERS\AE1000XP.sys
07:30:09.0625 0740 AE1000 - ok
07:30:09.0656 0740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:30:09.0781 0740 aec - ok
07:30:09.0828 0740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:30:09.0843 0740 AFD - ok
07:30:09.0921 0740 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
07:30:10.0109 0740 AgereSoftModem - ok
07:30:10.0125 0740 Aha154x - ok
07:30:10.0140 0740 aic78u2 - ok
07:30:10.0156 0740 aic78xx - ok
07:30:10.0390 0740 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
07:30:10.0593 0740 ALCXWDM - ok
07:30:10.0718 0740 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:30:10.0765 0740 Alerter - ok
07:30:10.0796 0740 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:30:11.0015 0740 ALG - ok
07:30:11.0062 0740 AliIde - ok
07:30:11.0109 0740 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
07:30:11.0109 0740 AmdK8 - ok
07:30:11.0125 0740 amsint - ok
07:30:11.0171 0740 Andbus (3e59df4984fbd6800d6621480b38a34e) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
07:30:11.0218 0740 Andbus - ok
07:30:11.0265 0740 AndDiag (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
07:30:11.0328 0740 AndDiag - ok
07:30:11.0343 0740 AndGps (1d2c90e25483363d54b652898bbc8f2a) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
07:30:11.0390 0740 AndGps - ok
07:30:11.0421 0740 ANDModem (b1b06a95da2cac7fa19832c60c348c85) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
07:30:11.0500 0740 ANDModem - ok
07:30:11.0515 0740 AppMgmt - ok
07:30:11.0546 0740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:30:11.0640 0740 Arp1394 - ok
07:30:11.0656 0740 asc - ok
07:30:11.0671 0740 asc3350p - ok
07:30:11.0687 0740 asc3550 - ok
07:30:11.0796 0740 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:30:11.0937 0740 aspnet_state - ok
07:30:11.0968 0740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:30:12.0000 0740 AsyncMac - ok
07:30:12.0015 0740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:30:12.0015 0740 atapi - ok
07:30:12.0031 0740 Atdisk - ok
07:30:12.0093 0740 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe
07:30:12.0437 0740 Ati HotKey Poller - ok
07:30:12.0531 0740 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:30:12.0968 0740 ati2mtag - ok
07:30:13.0015 0740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:30:13.0078 0740 Atmarpc - ok
07:30:13.0125 0740 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:30:13.0218 0740 AudioSrv - ok
07:30:13.0250 0740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:30:13.0281 0740 audstub - ok
07:30:13.0312 0740 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
07:30:13.0359 0740 bb-run - ok
07:30:13.0390 0740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:30:13.0437 0740 Beep - ok
07:30:13.0500 0740 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:30:13.0718 0740 BITS - ok
07:30:13.0750 0740 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:30:13.0796 0740 Browser - ok
07:30:13.0828 0740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:30:13.0859 0740 cbidf2k - ok
07:30:13.0875 0740 cd20xrnt - ok
07:30:13.0906 0740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:30:13.0953 0740 Cdaudio - ok
07:30:14.0000 0740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:30:14.0093 0740 Cdfs - ok
07:30:14.0125 0740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:30:14.0203 0740 Cdrom - ok
07:30:14.0218 0740 Changer - ok
07:30:14.0250 0740 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:30:14.0328 0740 CiSvc - ok
07:30:14.0359 0740 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:30:14.0484 0740 ClipSrv - ok
07:30:14.0593 0740 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:30:14.0765 0740 clr_optimization_v2.0.50727_32 - ok
07:30:14.0781 0740 CmdIde - ok
07:30:14.0796 0740 COMSysApp - ok
07:30:14.0828 0740 Cpqarray - ok
07:30:14.0859 0740 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:30:14.0968 0740 CryptSvc - ok
07:30:14.0984 0740 dac2w2k - ok
07:30:15.0000 0740 dac960nt - ok
07:30:15.0062 0740 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:30:15.0078 0740 DcomLaunch - ok
07:30:15.0125 0740 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:30:15.0218 0740 Dhcp - ok
07:30:15.0265 0740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:30:15.0343 0740 Disk - ok
07:30:15.0343 0740 dmadmin - ok
07:30:15.0437 0740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:30:15.0531 0740 dmboot - ok
07:30:15.0562 0740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:30:15.0625 0740 dmio - ok
07:30:15.0656 0740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:30:15.0703 0740 dmload - ok
07:30:15.0734 0740 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:30:15.0781 0740 dmserver - ok
07:30:15.0828 0740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:30:15.0890 0740 DMusic - ok
07:30:15.0937 0740 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
07:30:15.0953 0740 Dnscache - ok
07:30:16.0031 0740 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:30:16.0234 0740 Dot3svc - ok
07:30:16.0250 0740 dpti2o - ok
07:30:16.0281 0740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:30:16.0328 0740 drmkaud - ok
07:30:16.0359 0740 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:30:16.0703 0740 EapHost - ok
07:30:16.0750 0740 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:30:16.0796 0740 ERSvc - ok
07:30:16.0843 0740 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:30:16.0843 0740 Eventlog - ok
07:30:16.0906 0740 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
07:30:16.0921 0740 EventSystem - ok
07:30:16.0984 0740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:30:17.0046 0740 Fastfat - ok
07:30:17.0093 0740 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:30:17.0140 0740 FastUserSwitchingCompatibility - ok
07:30:17.0187 0740 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
07:30:17.0375 0740 Fax - ok
07:30:17.0421 0740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:30:17.0500 0740 Fdc - ok
07:30:17.0515 0740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:30:17.0593 0740 Fips - ok
07:30:17.0625 0740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:30:17.0656 0740 Flpydisk - ok
07:30:17.0703 0740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:30:17.0750 0740 FltMgr - ok
07:30:17.0875 0740 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:30:18.0000 0740 FontCache3.0.0.0 - ok
07:30:18.0031 0740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:30:18.0109 0740 Fs_Rec - ok
07:30:18.0140 0740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:30:18.0203 0740 Ftdisk - ok
07:30:18.0234 0740 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
07:30:18.0265 0740 ftsata2 - ok
07:30:18.0296 0740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:30:18.0406 0740 Gpc - ok
07:30:18.0484 0740 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:30:18.0562 0740 helpsvc - ok
07:30:18.0578 0740 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
07:30:18.0640 0740 HidServ - ok
07:30:18.0687 0740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:30:18.0718 0740 HidUsb - ok
07:30:18.0765 0740 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:30:18.0890 0740 hkmsvc - ok
07:30:18.0906 0740 hpn - ok
07:30:18.0968 0740 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:30:19.0031 0740 HPZid412 - ok
07:30:19.0062 0740 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:30:19.0125 0740 HPZipr12 - ok
07:30:19.0171 0740 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:30:19.0250 0740 HPZius12 - ok
07:30:19.0296 0740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:30:19.0312 0740 HTTP - ok
07:30:19.0343 0740 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:30:19.0406 0740 HTTPFilter - ok
07:30:19.0421 0740 i2omgmt - ok
07:30:19.0437 0740 i2omp - ok
07:30:19.0484 0740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:30:19.0546 0740 i8042prt - ok
07:30:19.0625 0740 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
07:30:19.0812 0740 iaStor - ok
07:30:19.0921 0740 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:30:20.0046 0740 IDriverT - ok
07:30:20.0203 0740 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:30:20.0656 0740 idsvc - ok
07:30:20.0781 0740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:30:20.0875 0740 Imapi - ok
07:30:20.0921 0740 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:30:21.0046 0740 ImapiService - ok
07:30:21.0062 0740 ini910u - ok
07:30:21.0109 0740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:30:21.0140 0740 IntelIde - ok
07:30:21.0187 0740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:30:21.0234 0740 intelppm - ok
07:30:21.0265 0740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:30:21.0328 0740 Ip6Fw - ok
07:30:21.0359 0740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:30:21.0406 0740 IpFilterDriver - ok
07:30:21.0437 0740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:30:21.0500 0740 IpInIp - ok
07:30:21.0531 0740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:30:21.0546 0740 IpNat - ok
07:30:21.0562 0740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:30:21.0640 0740 IPSec - ok
07:30:21.0656 0740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:30:21.0687 0740 IRENUM - ok
07:30:21.0718 0740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:30:21.0750 0740 isapnp - ok
07:30:21.0765 0740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:30:21.0796 0740 Kbdclass - ok
07:30:21.0812 0740 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:30:21.0859 0740 kbdhid - ok
07:30:21.0890 0740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:30:21.0890 0740 kmixer - ok
07:30:21.0937 0740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:30:21.0953 0740 KSecDD - ok
07:30:22.0000 0740 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
07:30:22.0000 0740 lanmanserver - ok
07:30:22.0046 0740 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
07:30:22.0062 0740 lanmanworkstation - ok
07:30:22.0062 0740 lbrtfdc - ok
07:30:22.0203 0740 LightScribeService (6e68e520e6f2f5dce97a9ff947038769) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:30:22.0296 0740 LightScribeService - ok
07:30:22.0328 0740 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:30:22.0359 0740 LmHosts - ok
07:30:22.0437 0740 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
07:30:22.0468 0740 MBAMSwissArmy - ok
07:30:22.0562 0740 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
07:30:23.0281 0740 MDM - ok
07:30:23.0328 0740 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:30:23.0343 0740 Messenger - ok
07:30:23.0375 0740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:30:23.0390 0740 mnmdd - ok
07:30:23.0421 0740 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
07:30:23.0515 0740 mnmsrvc - ok
07:30:23.0546 0740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:30:23.0562 0740 Modem - ok
07:30:23.0578 0740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:30:23.0609 0740 Mouclass - ok
07:30:23.0640 0740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:30:23.0687 0740 mouhid - ok
07:30:23.0718 0740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:30:23.0781 0740 MountMgr - ok
07:30:23.0859 0740 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:30:23.0906 0740 MpFilter - ok
07:30:24.0062 0740 MpKsl25888e0b (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86A72110-F637-47E1-AC05-4D14B444EE4B}\MpKsl25888e0b.sys
07:30:24.0062 0740 MpKsl25888e0b - ok
07:30:24.0078 0740 mraid35x - ok
07:30:24.0109 0740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:30:24.0156 0740 MRxDAV - ok
07:30:24.0218 0740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:30:24.0234 0740 MRxSmb - ok
07:30:24.0281 0740 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
07:30:24.0296 0740 MSDTC - ok
07:30:24.0312 0740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:30:24.0453 0740 Msfs - ok
07:30:24.0468 0740 MSIServer - ok
07:30:24.0500 0740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:30:24.0515 0740 MSKSSRV - ok
07:30:24.0609 0740 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:30:24.0609 0740 MsMpSvc - ok
07:30:24.0640 0740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:30:24.0656 0740 MSPCLOCK - ok
07:30:24.0671 0740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:30:24.0703 0740 MSPQM - ok
07:30:24.0734 0740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:30:24.0734 0740 mssmbios - ok
07:30:24.0781 0740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:30:24.0781 0740 Mup - ok
07:30:24.0828 0740 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:30:25.0000 0740 napagent - ok
07:30:25.0046 0740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:30:25.0125 0740 NDIS - ok
07:30:25.0171 0740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:30:25.0171 0740 NdisTapi - ok
07:30:25.0203 0740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:30:25.0234 0740 Ndisuio - ok
07:30:25.0250 0740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:30:25.0328 0740 NdisWan - ok
07:30:25.0359 0740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:30:25.0375 0740 NDProxy - ok
07:30:25.0390 0740 NecUsb - ok
07:30:25.0437 0740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:30:25.0484 0740 NetBIOS - ok
07:30:25.0531 0740 NetBT (4f36749c2a8b0dcb78e53439d0d907bb) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:30:25.0812 0740 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\netbt.sys. md5: 4f36749c2a8b0dcb78e53439d0d907bb
07:30:25.0828 0740 NetBT ( Virus.Win32.ZAccess.l ) - infected
07:30:25.0828 0740 NetBT - detected Virus.Win32.ZAccess.l (0)
07:30:25.0968 0740 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:30:26.0531 0740 NetDDE - ok
07:30:26.0546 0740 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:30:26.0546 0740 NetDDEdsdm - ok
07:30:26.0578 0740 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:30:26.0578 0740 Netlogon - ok
07:30:26.0625 0740 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:30:26.0781 0740 Netman - ok
07:30:26.0796 0740 NetTcpActivator - ok
07:30:26.0921 0740 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:30:26.0984 0740 NetTcpPortSharing - ok
07:30:27.0015 0740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:30:27.0015 0740 NIC1394 - ok
07:30:27.0078 0740 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
07:30:27.0093 0740 Nla - ok
07:30:27.0140 0740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:30:27.0203 0740 Npfs - ok
07:30:27.0250 0740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:30:27.0328 0740 Ntfs - ok
07:30:27.0343 0740 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:30:27.0343 0740 NtLmSsp - ok
07:30:27.0406 0740 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:30:27.0531 0740 NtmsSvc - ok
07:30:27.0578 0740 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
07:30:27.0625 0740 NuidFltr - ok
07:30:27.0656 0740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:30:27.0718 0740 Null - ok
07:30:27.0734 0740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:30:27.0765 0740 NwlnkFlt - ok
07:30:27.0796 0740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:30:27.0859 0740 NwlnkFwd - ok
07:30:27.0906 0740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:30:27.0906 0740 ohci1394 - ok
07:30:28.0046 0740 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:30:28.0140 0740 ose - ok
07:30:28.0203 0740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:30:28.0250 0740 Parport - ok
07:30:28.0281 0740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:30:28.0296 0740 PartMgr - ok
07:30:28.0343 0740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:30:28.0359 0740 ParVdm - ok
07:30:28.0375 0740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:30:28.0500 0740 PCI - ok
07:30:28.0515 0740 PCIDump - ok
07:30:28.0546 0740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:30:28.0578 0740 PCIIde - ok
07:30:28.0656 0740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:30:28.0750 0740 Pcmcia - ok
07:30:28.0765 0740 PDCOMP - ok
07:30:28.0781 0740 PDFRAME - ok
07:30:28.0781 0740 PDRELI - ok
07:30:28.0796 0740 PDRFRAME - ok
07:30:28.0812 0740 perc2 - ok
07:30:28.0812 0740 perc2hib - ok
07:30:29.0109 0740 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:30:29.0109 0740 PlugPlay - ok
07:30:29.0281 0740 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
07:30:29.0296 0740 Pml Driver HPZ12 - ok
07:30:29.0312 0740 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:30:29.0312 0740 PolicyAgent - ok
07:30:29.0359 0740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:30:29.0406 0740 PptpMiniport - ok
07:30:29.0437 0740 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
07:30:29.0484 0740 Processor - ok
07:30:29.0500 0740 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:30:29.0500 0740 ProtectedStorage - ok
07:30:29.0562 0740 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
07:30:29.0640 0740 Ps2 - ok
07:30:29.0687 0740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:30:29.0750 0740 PSched - ok
07:30:29.0765 0740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:30:29.0796 0740 Ptilink - ok
07:30:29.0828 0740 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:30:29.0921 0740 PxHelp20 - ok
07:30:29.0937 0740 ql1080 - ok
07:30:29.0937 0740 Ql10wnt - ok
07:30:29.0953 0740 ql12160 - ok
07:30:29.0968 0740 ql1240 - ok
07:30:29.0968 0740 ql1280 - ok
07:30:30.0015 0740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:30:30.0046 0740 RasAcd - ok
07:30:30.0093 0740 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:30:30.0140 0740 RasAuto - ok
07:30:30.0171 0740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:30:30.0203 0740 Rasl2tp - ok
07:30:30.0265 0740 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:30:30.0359 0740 RasMan - ok
07:30:30.0421 0740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:30:30.0453 0740 RasPppoe - ok
07:30:30.0500 0740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:30:30.0531 0740 Raspti - ok
07:30:30.0578 0740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:30:30.0656 0740 Rdbss - ok
07:30:30.0703 0740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:30:30.0718 0740 RDPCDD - ok
07:30:30.0765 0740 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
07:30:30.0765 0740 RDPWD - ok
07:30:30.0812 0740 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:30:31.0140 0740 RDSessMgr - ok
07:30:31.0250 0740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:30:31.0328 0740 redbook - ok
07:30:31.0375 0740 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:30:31.0546 0740 RemoteAccess - ok
07:30:31.0671 0740 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
07:30:31.0796 0740 RimUsb - ok
07:30:31.0828 0740 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
07:30:31.0906 0740 RpcLocator - ok
07:30:32.0000 0740 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:30:32.0000 0740 RpcSs - ok
07:30:32.0062 0740 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
07:30:32.0156 0740 RSVP - ok
07:30:32.0218 0740 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
07:30:32.0296 0740 RTL8023xp - ok
07:30:32.0343 0740 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:30:32.0375 0740 rtl8139 - ok
07:30:32.0406 0740 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:30:32.0406 0740 SamSs - ok
07:30:32.0562 0740 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:30:32.0921 0740 SCardSvr - ok
07:30:33.0156 0740 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:30:33.0296 0740 Schedule - ok
07:30:33.0640 0740 SDScannerService (8dcd2c2aa1debe7edaac90e398765976) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
07:30:33.0687 0740 SDScannerService - ok
07:30:33.0812 0740 SDUpdateService (5de1be0423c8cc00e8c47dbf4f987dd4) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
07:30:33.0843 0740 SDUpdateService - ok
07:30:34.0000 0740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:30:34.0031 0740 Secdrv - ok
07:30:34.0078 0740 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:30:34.0109 0740 seclogon - ok
07:30:34.0125 0740 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
07:30:34.0140 0740 SENS - ok
07:30:34.0187 0740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
07:30:34.0281 0740 Serial - ok
07:30:34.0328 0740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:30:34.0343 0740 Sfloppy - ok
07:30:34.0406 0740 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:30:34.0531 0740 SharedAccess - ok
07:30:34.0562 0740 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:30:34.0578 0740 ShellHWDetection - ok
07:30:34.0578 0740 Simbad - ok
07:30:34.0593 0740 Sparrow - ok
07:30:34.0640 0740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:30:34.0656 0740 splitter - ok
07:30:34.0687 0740 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
07:30:34.0703 0740 Spooler - ok
07:30:34.0718 0740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:30:34.0781 0740 sr - ok
07:30:34.0843 0740 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:30:34.0937 0740 srservice - ok
07:30:35.0031 0740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:30:35.0062 0740 Srv - ok
07:30:35.0125 0740 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:30:35.0203 0740 SSDPSRV - ok
07:30:35.0250 0740 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:30:35.0437 0740 stisvc - ok
07:30:35.0484 0740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:30:35.0500 0740 swenum - ok
07:30:35.0546 0740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:30:35.0593 0740 swmidi - ok
07:30:35.0625 0740 SwPrv - ok
07:30:35.0640 0740 symc810 - ok
07:30:35.0656 0740 symc8xx - ok
07:30:35.0671 0740 sym_hi - ok
07:30:35.0687 0740 sym_u3 - ok
07:30:35.0718 0740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:30:35.0781 0740 sysaudio - ok
07:30:35.0812 0740 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:30:35.0906 0740 SysmonLog - ok
07:30:35.0953 0740 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:30:36.0000 0740 TapiSrv - ok
07:30:36.0046 0740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:30:36.0062 0740 Tcpip - ok
07:30:36.0109 0740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:30:36.0125 0740 TDPIPE - ok
07:30:36.0140 0740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:30:36.0171 0740 TDTCP - ok
07:30:36.0187 0740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:30:36.0234 0740 TermDD - ok
07:30:36.0281 0740 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:30:36.0390 0740 TermService - ok
07:30:36.0437 0740 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:30:36.0437 0740 Themes - ok
07:30:36.0437 0740 TosIde - ok
07:30:36.0484 0740 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:30:36.0531 0740 TrkWks - ok
07:30:36.0562 0740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:30:36.0609 0740 Udfs - ok
07:30:36.0625 0740 ultra - ok
07:30:36.0640 0740 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
07:30:36.0703 0740 UMWdf - ok
07:30:36.0765 0740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:30:36.0812 0740 Update - ok
07:30:36.0875 0740 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:30:36.0968 0740 upnphost - ok
07:30:37.0000 0740 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:30:37.0171 0740 UPS - ok
07:30:37.0203 0740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:30:37.0265 0740 usbccgp - ok
07:30:37.0312 0740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:30:37.0343 0740 usbehci - ok
07:30:37.0359 0740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:30:37.0406 0740 usbhub - ok
07:30:37.0421 0740 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:30:37.0468 0740 usbohci - ok
07:30:37.0500 0740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:30:37.0531 0740 usbprint - ok
07:30:37.0546 0740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:30:37.0578 0740 usbscan - ok
07:30:37.0593 0740 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:30:37.0640 0740 usbstor - ok
07:30:37.0687 0740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:30:37.0718 0740 usbuhci - ok
07:30:37.0734 0740 USIUDF - ok
07:30:37.0765 0740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:30:37.0781 0740 VgaSave - ok
07:30:37.0796 0740 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:30:37.0828 0740 ViaIde - ok
07:30:37.0859 0740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:30:37.0921 0740 VolSnap - ok
07:30:37.0968 0740 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:30:38.0156 0740 VSS - ok
07:30:38.0281 0740 vToolbarUpdater10.2.0 - ok
07:30:38.0328 0740 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:30:38.0375 0740 W32Time - ok
07:30:38.0390 0740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:30:38.0437 0740 Wanarp - ok
07:30:38.0515 0740 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:30:38.0625 0740 Wdf01000 - ok
07:30:38.0640 0740 WDICA - ok
07:30:38.0671 0740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:30:38.0781 0740 wdmaud - ok
07:30:38.0812 0740 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:30:38.0875 0740 WebClient - ok
07:30:38.0968 0740 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:30:39.0078 0740 winmgmt - ok
07:30:39.0140 0740 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
07:30:39.0171 0740 WmdmPmSN - ok
07:30:39.0218 0740 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:30:39.0359 0740 WmiApSrv - ok
07:30:39.0406 0740 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
07:30:39.0437 0740 WpdUsb - ok
07:30:39.0484 0740 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:30:39.0500 0740 wuauserv - ok
07:30:39.0578 0740 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:30:39.0734 0740 WZCSVC - ok
07:30:39.0796 0740 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:30:39.0843 0740 xmlprov - ok
07:30:39.0890 0740 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
07:30:39.0953 0740 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:30:39.0953 0740 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:30:39.0968 0740 Boot (0x1200) (6454f7054c3036f98e9de129f59d886a) \Device\Harddisk0\DR0\Partition0
07:30:39.0968 0740 \Device\Harddisk0\DR0\Partition0 - ok
07:30:39.0968 0740 Boot (0x1200) (2d1b57c35883198c719ea28552891dda) \Device\Harddisk0\DR0\Partition1
07:30:39.0968 0740 \Device\Harddisk0\DR0\Partition1 - ok
07:30:39.0984 0740 ============================================================
07:30:39.0984 0740 Scan finished
07:30:39.0984 0740 ============================================================
07:30:39.0984 2552 Detected object count: 2
07:30:39.0984 2552 Actual detected object count: 2
07:33:27.0578 2552 NetBT ( Virus.Win32.ZAccess.l ) - skipped by user
07:33:27.0578 2552 NetBT ( Virus.Win32.ZAccess.l ) - User select action: Skip
07:33:27.0578 2552 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:33:27.0578 2552 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#5 JerryP90

JerryP90
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 10:05 AM

Here is GMER Log.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-13 07:59:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 SAMSUNG_SP1604N/R rev.TM100-24
Running: 1l9r4hyz.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kftcqfow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\DRIVERS\netbt.sys Access is denied.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3700] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 049BC770 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 049BC6B0 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 049BC530 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 049BC5F0 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 049BC940 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 049BCCA0 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 049BCBB0 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 049BCAC0 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 049BCE20 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 049BBC20 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 049BCF00 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 049BBD80 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0846C940 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0846CCA0 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0846CBB0 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0846CAC0 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0846CE20 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 0846BC20 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 0846CF00 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 0846BD80 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TenchisTV\tbTen2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) F27EF000-F2809000 (106496 bytes)

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:44 AM

Posted 13 June 2012 - 10:48 AM

07:33:27.0578 2552 NetBT ( Virus.Win32.ZAccess.l ) - skipped by user
07:33:27.0578 2552 NetBT ( Virus.Win32.ZAccess.l ) - User select action: Skip
07:33:27.0578 2552 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:33:27.0578 2552 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Do not skip.Run TDSSkiller and delete both of them.Post the new log

You may lose internet connection

Download

Farbar Service Scanner

Launch it and type

netbt.sys in search BOX,Click on search files

Post the generated log

Edited by narenxp, 13 June 2012 - 10:48 AM.


#7 JerryP90

JerryP90
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 11:01 AM

Farbar Service Scanner Version: 09-06-2012
Ran by Compaq_Owner (administrator) on 13-06-2012 at 08:56:30
Running from "C:\Documents and Settings\Compaq_Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors
IE proxy is enabled.



Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\Drivers\netbt.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:44 AM

Posted 13 June 2012 - 12:18 PM

Download

Farbar Service Scanner

Launch it and type

netbt.sys in search BOX,Click on search files

Post the generated log



#9 JerryP90

JerryP90
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 03:40 PM

Farbar Service Scanner Version: 09-06-2012
Ran by Compaq_Owner (administrator) on 13-06-2012 at 09:00:47
Running from "C:\Documents and Settings\Compaq_Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors
IE proxy is enabled.



File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\Drivers\netbt.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:44 AM

Posted 13 June 2012 - 07:50 PM

Please follow my instructions :thumbup2:

Launch Farbar Service Scanner and type

netbt.sys in search BOX,Click on search files options

Post the generated log

#11 JerryP90

JerryP90
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 08:42 PM

I did...that's the log I got.

#12 JerryP90

JerryP90
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 08:45 PM

Ill do it again and repost

#13 JerryP90

JerryP90
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 09:25 PM

Farbar Service Scanner Version: 09-06-2012
Ran by Compaq_Owner (administrator) on 13-06-2012 at 19:13:21
Microsoft Windows XP Home Edition Service Pack 3 (X86)

************************************************
======== Search: "netbt.sys" =========

C:\WINDOWS\system32\drivers\netbt.sys
[2012-06-13 16:22] - [2004-08-03 23:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\dllcache\netbt.sys
[2012-06-13 16:22] - [2004-08-03 23:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2011-11-02 01:02] - [2008-04-13 12:21] - 0162816 ____A (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2011-11-02 08:26] - [2004-08-04 05:00] - 0162816 ___AC (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

====== End Of Search ======

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:44 AM

Posted 13 June 2012 - 10:52 PM

Download

NETBT

Launch it,click YES

Restart the PC and post the new FSS log

#15 JerryP90

JerryP90
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 13 June 2012 - 11:01 PM

I just did a new FS scan here are the logs....they changed for some reason.

Farbar Service Scanner Version: 09-06-2012
Ran by Compaq_Owner (administrator) on 13-06-2012 at 20:48:34
Microsoft Windows XP Home Edition Service Pack 3 (X86)

************************************************
======== Search: "netbt.sys" =========

C:\WINDOWS\system32\drivers\netbt.sys
[2004-08-04 05:00] - [2008-04-13 12:21] - 0162816 ____A (MySlarez) 4F36749C2A8B0DCB78E53439D0D907BB

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2011-11-02 01:02] - [2008-04-13 12:21] - 0162816 ____A (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2011-11-02 08:26] - [2004-08-04 05:00] - 0162816 ___AC (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

====== End Of Search ======




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users