Help needed with Security Guard 2012

neicey145 · October 7, 2011

I have been trying to remove this virus for 3 days now. Any help would be appreciated. I can't end the 3701517559:139681571.exe in the task manager. I wasn't able to run Malwarebytes' Anti-Malware or GMER. I now get an error message when trying to run Malwarebytes' Anti-Malware, and nothing happens when I try to run GMER.

Is there anyone able to help me remove this virus?

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by HP_Administrator at 6:10:01 on 2011-10-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.636 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\3701517559:139681571.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Page_URL = hxxp://www.msn.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor2\bdt\PCTBrowserDefender.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor2\bdt\PCTBrowserDefender.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup

mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [DMAScheduler] "c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe"

mRun: [bJCFD] "c:\program files\broadjump\client foundation\CFD.exe"

mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [CLCKR] "c:\documents and settings\networkservice\local settings\application data\microsoft\nvvsvc.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: &Search - ?p=ZJxdm128LCUS

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

Trusted Zone: att.net

Trusted Zone: sbcglobal.net

Trusted Zone: yahoo.com\clientapps

Trusted Zone: trymedia.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll

DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab

DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab

DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab

DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} - hxxp://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab

DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab

DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{400D5EEB-F2D4-4AED-AFF0-A1807BD5FB0C} : DhcpNameServer = 68.113.206.10 66.169.221.10

TCP: Interfaces\{6E345638-24B7-40D4-8C15-A9C742ADF41C} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

TCP: Interfaces\{93B47AC3-6CC7-4D87-925F-DCEA4F33E764} : DhcpNameServer = 68.113.206.10 66.169.221.10

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-8-2 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-8-2 744568]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-10-7 207280]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-8-2 136312]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor2\bdt\BDTUpdateService.exe [2011-10-7 112592]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-8-2 130008]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110701.051\IDSXpx86.sys [2011-7-1 355256]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110702.002\NAVENG.SYS [2011-7-2 86008]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110702.002\NAVEX15.SYS [2011-7-2 1542392]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor2\pctsAuxs.exe [2011-10-7 358600]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor2\pctsSvc.exe [2011-10-7 1141200]

.

=============== Created Last 30 ================

.

2011-10-07 10:00:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-07 10:00:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-07 10:00:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3

2011-10-07 08:59:55 767952 ----a-w- c:\windows\BDTSupport.dll

2011-10-07 08:59:54 165840 ----a-w- c:\windows\PCTBDRes.dll

2011-10-07 08:59:54 1636304 ----a-w- c:\windows\PCTBDCore.dll

2011-10-07 08:59:54 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-10-07 08:58:00 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-10-07 08:57:55 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-10-07 08:57:55 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-10-07 08:57:51 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-10-07 08:57:44 -------- d-----w- c:\program files\Spyware Doctor2

2011-10-07 08:57:44 -------- d-----w- c:\program files\common files\PC Tools

2011-10-07 08:57:44 -------- d-----w- c:\documents and settings\hp_administrator\application data\PC Tools

2011-10-07 08:57:44 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-10-07 08:49:54 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes

2011-10-07 08:49:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-07 08:49:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2011-10-07 04:17:07 -------- d-----w- C:\!KillBox

2011-10-06 03:34:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-06 02:57:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-10-06 02:57:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-10-06 02:45:21 -------- d-----w- c:\documents and settings\hp_administrator\application data\Sammsoft

2011-10-04 20:05:40 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-04 20:05:40 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-19 17:16:06 -------- d-----w- c:\program files\iPod

2011-09-19 17:15:38 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-09-19 17:10:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-09-19 17:02:06 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-08-25 20:03:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-02 22:28:54 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-08-02 22:28:54 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2007-08-29 00:44:06 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 6:10:24.68 ===============

dds.txt

LDTate · October 10, 2011

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
Consider what other private information could possibly have been taken from your computer and take appropriate steps
Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

neicey145 · October 11, 2011

I would like to try to clean it please. Thank you for taking time out to help me.

LDTate · October 11, 2011

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

neicey145 · October 12, 2011

After I ran the combo fix and copied the log, my computer became unresponsive. Will I be able to retrieve the log again if I restart the computer?

LDTate · October 12, 2011

It should be on your desktop.

Combofix.txt

Or C:\combofix.txt

neicey145 · October 12, 2011

I had to restart my computer in safe mode because I wasn't able to connect to the internet in normal mode.

ComboFix 11-10-11.05 - HP_Administrator 10/11/2011 17:49:26.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.453 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\nD17714JfDeH17714

c:\documents and settings\All Users\Application Data\nD17714JfDeH17714\nD17714JfDeH17714.exe

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.ico

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Administrator\Application Data\.#

c:\documents and settings\HP_Administrator\Application Data\020000009c83d6e3548C.manifest

c:\documents and settings\HP_Administrator\Application Data\020000009c83d6e3548O.manifest

c:\documents and settings\HP_Administrator\Application Data\020000009c83d6e3548P.manifest

c:\documents and settings\HP_Administrator\Application Data\020000009c83d6e3548S.manifest

c:\documents and settings\HP_Administrator\Application Data\conhost.exe

c:\documents and settings\HP_Administrator\Application Data\Remote

c:\documents and settings\HP_Administrator\Application Data\Remote\czn3_shrd

c:\documents and settings\HP_Administrator\Application Data\Syag

c:\documents and settings\HP_Administrator\Application Data\Syag\pyofl.tmp

c:\documents and settings\HP_Administrator\Application Data\Syag\pyofl.yzg

c:\documents and settings\HP_Administrator\Favorites\Games.url

c:\documents and settings\HP_Administrator\WINDOWS

c:\documents and settings\NetworkService\Application Data\Remote

c:\documents and settings\NetworkService\Application Data\Remote\czn3.dll

c:\documents and settings\NetworkService\Application Data\Remote\czn3_shrd

c:\documents and settings\NetworkService\Application Data\Remote\mnj.dat

c:\documents and settings\NetworkService\Application Data\Remote\nopp

c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\nvvsvc.exe

c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll

c:\program files\Internet Explorer\lvvm.exe

c:\windows\$NtUninstallKB43151$\4155285724\@

c:\windows\$NtUninstallKB43151$\4155285724\bckfg.tmp

c:\windows\$NtUninstallKB43151$\4155285724\cfg.ini

c:\windows\$NtUninstallKB43151$\4155285724\Desktop.ini

c:\windows\$NtUninstallKB43151$\4155285724\keywords

c:\windows\$NtUninstallKB43151$\4155285724\kwrd.dll

c:\windows\$NtUninstallKB43151$\4155285724\L\aqaeidou

c:\windows\$NtUninstallKB43151$\4155285724\lsflt7.ver

c:\windows\$NtUninstallKB43151$\4155285724\U\00000001.@

c:\windows\$NtUninstallKB43151$\4155285724\U\00000002.@

c:\windows\$NtUninstallKB43151$\4155285724\U\80000000.@

c:\windows\$NtUninstallKB43151$\4155285724\U\80000032.@

c:\windows\$NtUninstallKB43151$\417697343

c:\windows\3701517559

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\GnuHashes.ini

c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe

c:\windows\kb913800.exe

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\d3d9caps.dat

c:\windows\system32\GroupPolicy000.dat

c:\windows\system32\info.txt

c:\windows\system32\ps2.bat

C:\xcrashdump.dat

D:\Autorun.inf

c:\windows\$NtUninstallKB43151$ . . . . Failed to delete

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_f7aca0dc

.

((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))

.

2011-10-11 22:01 . 2011-10-11 22:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert

2011-10-11 21:39 . 2011-10-11 21:39 174592 ----a-w- c:\program files\Internet Explorer\52C0\695.exe

2011-10-11 21:35 . 2011-10-11 21:57 -------- d-----w- c:\program files\9EA86

2011-10-11 21:35 . 2011-10-11 21:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\03F9E

2011-10-10 03:37 . 2011-10-10 03:37 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-10-10 03:37 . 2011-10-10 03:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!

2011-10-10 03:36 . 2011-10-10 03:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

2011-10-10 03:36 . 2011-10-10 03:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-10-07 10:00 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-07 10:00 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-07 08:59 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll

2011-10-07 08:59 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll

2011-10-07 08:59 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-10-07 08:59 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll

2011-10-07 08:58 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-10-07 08:57 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-10-07 08:57 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-10-07 08:57 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-10-07 08:57 . 2011-10-07 09:09 -------- d-----w- c:\program files\Spyware Doctor2

2011-10-07 08:57 . 2011-10-07 09:00 -------- d-----w- c:\program files\Common Files\PC Tools

2011-10-07 08:57 . 2011-10-07 08:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools

2011-10-07 08:57 . 2011-10-07 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-10-07 08:49 . 2011-10-07 08:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2011-10-07 08:49 . 2011-10-07 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-07 04:17 . 2011-10-07 04:17 -------- d-----w- C:\!KillBox

2011-10-06 03:34 . 2011-10-06 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-06 02:57 . 2011-10-06 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-10-06 02:57 . 2011-10-06 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-10-06 02:45 . 2011-10-06 02:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft

2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-10-04 23:55 . 2011-10-04 23:55 1324 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp

2011-10-04 20:05 . 2011-10-04 20:05 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-19 17:16 . 2011-09-19 17:16 -------- d-----w- c:\program files\iPod

2011-09-19 17:15 . 2011-09-19 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2011-09-19 17:10 . 2011-09-19 17:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2011-09-19 17:02 . 2011-09-19 17:02 -------- d-----w- c:\program files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-25 20:03 . 2011-08-03 05:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-02 22:28 . 2010-10-04 13:09 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-08-02 22:28 . 2010-10-04 13:09 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-07-15 13:29 . 2004-08-10 04:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2007-08-29 00:44 . 2007-08-29 00:44 774144 ----a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"695.exe"="c:\program files\Internet Explorer\52C0\695.exe" [2011-10-11 174592]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

apnae.exe [2011-10-9 204288]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

.

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]

"Shell"="explorer.exe,c:\documents and settings\HP_Administrator\Application Data\03F9E\46752.exe"

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-07 05:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/7/2011 3:57 AM 207280]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [8/2/2011 5:27 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [8/2/2011 5:27 PM 744568]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [6/16/2011 7:52 PM 810616]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [8/2/2011 5:27 PM 136312]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor2\BDT\BDTUpdateService.exe [10/7/2011 3:59 AM 112592]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [8/2/2011 5:27 PM 130008]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110701.051\IDSXpx86.sys [7/1/2011 10:27 PM 355256]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor2\pctsAuxs.exe [10/7/2011 3:57 AM 358600]

S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]

S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyServer = http=127.0.0.1:57273

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: att.net

Trusted Zone: sbcglobal.net

Trusted Zone: yahoo.com\clientapps

Trusted Zone: trymedia.com

TCP: DhcpNameServer = 192.168.1.254

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe

MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

HKLM_ActiveSetup-{4E40A127-E65C-49C4-BF2E-F061941A6AD3} - c:\documents and settings\NetworkService\Application Data\Remote\czn3.dll

AddRemove-Hardwood Solitaire III Lite - c:\docume~1\HP_ADM~1\LOCALS~1\Temp\sce__0\ -Uninstall

AddRemove-{8912A802-1DD4-41F3-8450-B3209081BDB9} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{8912A~1\Setup.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-11 18:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6L200M0 rev.BACE1G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x85AD031B

user & kernel MBR OK

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(976)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(216)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG10\avgchsvx.exe

c:\program files\AVG\AVG10\avgrsx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\netdde.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\9EA86\lvvm.exe

c:\hp\KBD\KBD.EXE

.

**************************************************************************

.

Completion time: 2011-10-11 18:37:40 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-11 23:37

.

Pre-Run: 113,184,559,104 bytes free

Post-Run: 113,404,157,952 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 71C72905FBBCDDB57394092C51139AA7

LDTate · October 12, 2011

If need be, Download the tool needed to a flash drive or other USB device, and transfer them to the infected computer.

If the tool won't run from the desktop, try running it from the USB device.

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

neicey145 · October 12, 2011

12:33:34.0312 2912 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54

12:33:36.0000 2912 ============================================================

12:33:36.0000 2912 Current date / time: 2011/10/12 12:33:36.0000

12:33:36.0000 2912 SystemInfo:

12:33:36.0000 2912

12:33:36.0000 2912 OS Version: 5.1.2600 ServicePack: 3.0

12:33:36.0000 2912 Product type: Workstation

12:33:36.0000 2912 ComputerName: NEICEY

12:33:36.0000 2912 UserName: HP_Administrator

12:33:36.0000 2912 Windows directory: C:\WINDOWS

12:33:36.0000 2912 System windows directory: C:\WINDOWS

12:33:36.0000 2912 Processor architecture: Intel x86

12:33:36.0000 2912 Number of processors: 1

12:33:36.0000 2912 Page size: 0x1000

12:33:36.0000 2912 Boot type: Safe boot with network

12:33:36.0000 2912 ============================================================

12:33:40.0468 2912 Initialize success

12:33:47.0750 0420 ============================================================

12:33:47.0750 0420 Scan started

12:33:47.0750 0420 Mode: Manual;

12:33:47.0750 0420 ============================================================

12:33:52.0734 0420 Abiosdsk - ok

12:33:52.0828 0420 abp480n5 - ok

12:33:53.0031 0420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:33:53.0046 0420 ACPI - ok

12:33:53.0281 0420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:33:53.0281 0420 ACPIEC - ok

12:33:53.0390 0420 adpu160m - ok

12:33:53.0546 0420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:33:53.0562 0420 aec - ok

12:33:53.0781 0420 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

12:33:53.0781 0420 AFD - ok

12:33:53.0984 0420 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

12:33:54.0093 0420 AgereSoftModem - ok

12:33:54.0187 0420 Aha154x - ok

12:33:54.0281 0420 aic78u2 - ok

12:33:54.0375 0420 aic78xx - ok

12:33:54.0640 0420 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

12:33:54.0750 0420 ALCXWDM - ok

12:33:54.0843 0420 AliIde - ok

12:33:55.0078 0420 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

12:33:55.0078 0420 AmdK8 - ok

12:33:55.0187 0420 amsint - ok

12:33:55.0421 0420 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys

12:33:55.0421 0420 aracpi - ok

12:33:55.0500 0420 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys

12:33:55.0500 0420 arhidfltr - ok

12:33:55.0578 0420 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys

12:33:55.0578 0420 arkbcfltr - ok

12:33:55.0656 0420 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys

12:33:55.0656 0420 armoucfltr - ok

12:33:55.0765 0420 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

12:33:55.0781 0420 Arp1394 - ok

12:33:55.0984 0420 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys

12:33:55.0984 0420 ARPolicy - ok

12:33:56.0078 0420 asc - ok

12:33:56.0187 0420 asc3350p - ok

12:33:56.0250 0420 asc3550 - ok

12:33:56.0531 0420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:33:56.0531 0420 AsyncMac - ok

12:33:56.0625 0420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:33:56.0625 0420 atapi - ok

12:33:56.0703 0420 Atdisk - ok

12:33:56.0859 0420 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

12:33:56.0984 0420 ati2mtag - ok

12:33:57.0296 0420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:33:57.0296 0420 Atmarpc - ok

12:33:57.0453 0420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:33:57.0453 0420 audstub - ok

12:33:57.0703 0420 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

12:33:57.0718 0420 AVGIDSDriver - ok

12:33:57.0843 0420 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

12:33:57.0843 0420 AVGIDSEH - ok

12:33:58.0031 0420 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

12:33:58.0031 0420 AVGIDSFilter - ok

12:33:58.0265 0420 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

12:33:58.0265 0420 AVGIDSShim - ok

12:33:58.0437 0420 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

12:33:58.0453 0420 Avgldx86 - ok

12:33:58.0578 0420 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

12:33:58.0578 0420 Avgmfx86 - ok

12:33:58.0765 0420 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

12:33:58.0765 0420 Avgrkx86 - ok

12:33:58.0953 0420 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

12:33:59.0015 0420 Avgtdix - ok

12:33:59.0187 0420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:33:59.0187 0420 Beep - ok

12:33:59.0406 0420 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys

12:33:59.0546 0420 BHDrvx86 - ok

12:33:59.0640 0420 catchme - ok

12:33:59.0828 0420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:33:59.0828 0420 cbidf2k - ok

12:33:59.0968 0420 cd20xrnt - ok

12:34:00.0046 0420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:34:00.0046 0420 Cdaudio - ok

12:34:00.0171 0420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:34:00.0171 0420 Cdfs - ok

12:34:00.0343 0420 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:34:00.0343 0420 Cdrom - ok

12:34:00.0484 0420 Changer - ok

12:34:00.0687 0420 CmdIde - ok

12:34:00.0843 0420 Cpqarray - ok

12:34:00.0953 0420 dac2w2k - ok

12:34:01.0031 0420 dac960nt - ok

12:34:01.0250 0420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:34:01.0250 0420 Disk - ok

12:34:01.0515 0420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:34:01.0609 0420 dmboot - ok

12:34:01.0734 0420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:34:01.0750 0420 dmio - ok

12:34:01.0859 0420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:34:01.0859 0420 dmload - ok

12:34:02.0000 0420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:34:02.0000 0420 DMusic - ok

12:34:02.0187 0420 dpti2o - ok

12:34:02.0375 0420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:34:02.0375 0420 drmkaud - ok

12:34:02.0625 0420 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

12:34:02.0656 0420 eeCtrl - ok

12:34:02.0953 0420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:34:02.0968 0420 Fastfat - ok

12:34:03.0109 0420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

12:34:03.0140 0420 Fdc - ok

12:34:03.0218 0420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:34:03.0234 0420 Fips - ok

12:34:03.0265 0420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

12:34:03.0281 0420 Flpydisk - ok

12:34:03.0406 0420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:34:03.0406 0420 FltMgr - ok

12:34:03.0656 0420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:34:03.0656 0420 Fs_Rec - ok

12:34:03.0734 0420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:34:03.0734 0420 Ftdisk - ok

12:34:03.0796 0420 ftsata2 - ok

12:34:04.0109 0420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

12:34:04.0140 0420 GEARAspiWDM - ok

12:34:04.0359 0420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:34:04.0359 0420 Gpc - ok

12:34:04.0656 0420 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:34:04.0656 0420 HidUsb - ok

12:34:04.0828 0420 hpn - ok

12:34:05.0031 0420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:34:05.0046 0420 HTTP - ok

12:34:05.0218 0420 i2omgmt - ok

12:34:05.0281 0420 i2omp - ok

12:34:05.0406 0420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:34:05.0406 0420 i8042prt - ok

12:34:05.0562 0420 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys

12:34:05.0609 0420 iaStor - ok

12:34:05.0906 0420 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110701.051\IDSxpx86.sys

12:34:05.0953 0420 IDSxpx86 - ok

12:34:06.0234 0420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:34:06.0234 0420 Imapi - ok

12:34:06.0328 0420 ini910u - ok

12:34:06.0421 0420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

12:34:06.0421 0420 IntelIde - ok

12:34:06.0671 0420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:34:06.0703 0420 intelppm - ok

12:34:06.0796 0420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:34:06.0796 0420 Ip6Fw - ok

12:34:06.0875 0420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:34:06.0890 0420 IpFilterDriver - ok

12:34:07.0031 0420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:34:07.0031 0420 IpInIp - ok

12:34:07.0296 0420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:34:07.0312 0420 IpNat - ok

12:34:07.0500 0420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:34:07.0500 0420 IPSec - ok

12:34:07.0718 0420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:34:07.0718 0420 IRENUM - ok

12:34:07.0812 0420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:34:07.0812 0420 isapnp - ok

12:34:08.0062 0420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:34:08.0062 0420 Kbdclass - ok

12:34:08.0281 0420 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:34:08.0281 0420 kbdhid - ok

12:34:08.0375 0420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:34:08.0375 0420 kmixer - ok

12:34:08.0562 0420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:34:08.0562 0420 KSecDD - ok

12:34:08.0750 0420 lbrtfdc - ok

12:34:09.0046 0420 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

12:34:09.0046 0420 MCSTRM - ok

12:34:09.0265 0420 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

12:34:09.0265 0420 MHNDRV - ok

12:34:09.0437 0420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:34:09.0437 0420 mnmdd - ok

12:34:09.0578 0420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:34:09.0578 0420 Modem - ok

12:34:09.0796 0420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:34:09.0796 0420 Mouclass - ok

12:34:09.0875 0420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:34:09.0875 0420 MountMgr - ok

12:34:10.0140 0420 mraid35x - ok

12:34:10.0234 0420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:34:10.0234 0420 MRxDAV - ok

12:34:10.0453 0420 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:34:10.0468 0420 MRxSmb - ok

12:34:10.0578 0420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:34:10.0578 0420 Msfs - ok

12:34:10.0687 0420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:34:10.0687 0420 MSKSSRV - ok

12:34:10.0812 0420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:34:10.0812 0420 MSPCLOCK - ok

12:34:11.0015 0420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:34:11.0015 0420 MSPQM - ok

12:34:11.0171 0420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:34:11.0171 0420 mssmbios - ok

12:34:11.0406 0420 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

12:34:11.0406 0420 Mup - ok

12:34:11.0687 0420 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110702.002\NAVENG.SYS

12:34:11.0687 0420 NAVENG - ok

12:34:11.0843 0420 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110702.002\NAVEX15.SYS

12:34:11.0875 0420 NAVEX15 - ok

12:34:12.0187 0420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:34:12.0187 0420 NDIS - ok

12:34:12.0296 0420 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:34:12.0296 0420 NdisTapi - ok

12:34:12.0375 0420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:34:12.0375 0420 Ndisuio - ok

12:34:12.0546 0420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:34:12.0546 0420 NdisWan - ok

12:34:12.0671 0420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:34:12.0671 0420 NDProxy - ok

12:34:12.0796 0420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:34:12.0796 0420 NetBIOS - ok

12:34:13.0046 0420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:34:13.0062 0420 NetBT - ok

12:34:13.0265 0420 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

12:34:13.0265 0420 NIC1394 - ok

12:34:13.0500 0420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:34:13.0500 0420 Npfs - ok

12:34:13.0578 0420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:34:13.0593 0420 Ntfs - ok

12:34:13.0687 0420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:34:13.0687 0420 Null - ok

12:34:13.0765 0420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:34:13.0765 0420 NwlnkFlt - ok

12:34:14.0015 0420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:34:14.0015 0420 NwlnkFwd - ok

12:34:14.0265 0420 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

12:34:14.0281 0420 ohci1394 - ok

12:34:14.0406 0420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:34:14.0406 0420 Parport - ok

12:34:14.0640 0420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:34:14.0640 0420 PartMgr - ok

12:34:14.0734 0420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:34:14.0734 0420 ParVdm - ok

12:34:14.0828 0420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:34:14.0843 0420 PCI - ok

12:34:15.0093 0420 PCIDump - ok

12:34:15.0203 0420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:34:15.0203 0420 PCIIde - ok

12:34:15.0296 0420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:34:15.0296 0420 Pcmcia - ok

12:34:15.0406 0420 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys

12:34:15.0406 0420 PCTCore - ok

12:34:15.0593 0420 PDCOMP - ok

12:34:15.0687 0420 PDFRAME - ok

12:34:15.0796 0420 PDRELI - ok

12:34:15.0875 0420 PDRFRAME - ok

12:34:15.0984 0420 perc2 - ok

12:34:16.0046 0420 perc2hib - ok

12:34:16.0343 0420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:34:16.0343 0420 PptpMiniport - ok

12:34:16.0500 0420 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

12:34:16.0500 0420 Processor - ok

12:34:16.0671 0420 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

12:34:16.0671 0420 Ps2 - ok

12:34:16.0906 0420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:34:16.0906 0420 PSched - ok

12:34:17.0015 0420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:34:17.0015 0420 Ptilink - ok

12:34:17.0078 0420 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

12:34:17.0078 0420 PxHelp20 - ok

12:34:17.0187 0420 ql1080 - ok

12:34:17.0265 0420 Ql10wnt - ok

12:34:17.0328 0420 ql12160 - ok

12:34:17.0406 0420 ql1240 - ok

12:34:17.0468 0420 ql1280 - ok

12:34:17.0531 0420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:34:17.0546 0420 RasAcd - ok

12:34:17.0609 0420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:34:17.0625 0420 Rasl2tp - ok

12:34:17.0859 0420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:34:17.0859 0420 RasPppoe - ok

12:34:18.0187 0420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:34:18.0187 0420 Raspti - ok

12:34:18.0421 0420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:34:18.0437 0420 Rdbss - ok

12:34:18.0500 0420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:34:18.0500 0420 RDPCDD - ok

12:34:18.0687 0420 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:34:18.0703 0420 rdpdr - ok

12:34:18.0875 0420 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

12:34:18.0921 0420 RDPWD - ok

12:34:19.0140 0420 redbook (be1c31454204e0f004e1ee8e82d6bb9f) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:34:19.0140 0420 redbook ( Rootkit.Win32.ZAccess.j ) - infected

12:34:19.0140 0420 redbook - detected Rootkit.Win32.ZAccess.j (0)

12:34:19.0359 0420 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

12:34:19.0359 0420 RimUsb - ok

12:34:19.0625 0420 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

12:34:19.0625 0420 RTL8023xp - ok

12:34:19.0734 0420 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

12:34:19.0750 0420 rtl8139 - ok

12:34:20.0093 0420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:34:20.0125 0420 Secdrv - ok

12:34:20.0328 0420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

12:34:20.0343 0420 Serial - ok

12:34:20.0546 0420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:34:20.0562 0420 Sfloppy - ok

12:34:20.0750 0420 Simbad - ok

12:34:20.0875 0420 Sparrow - ok

12:34:21.0046 0420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:34:21.0046 0420 splitter - ok

12:34:21.0218 0420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:34:21.0234 0420 sr - ok

12:34:21.0531 0420 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS

12:34:21.0562 0420 SRTSP - ok

12:34:21.0718 0420 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS

12:34:21.0718 0420 SRTSPX - ok

12:34:22.0000 0420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:34:22.0015 0420 Srv - ok

12:34:22.0250 0420 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

12:34:22.0250 0420 sscdbus - ok

12:34:22.0406 0420 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

12:34:22.0406 0420 sscdmdfl - ok

12:34:22.0484 0420 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

12:34:22.0484 0420 sscdmdm - ok

12:34:22.0578 0420 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys

12:34:22.0578 0420 sscdserd - ok

12:34:22.0843 0420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:34:22.0843 0420 swenum - ok

12:34:22.0937 0420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:34:22.0953 0420 swmidi - ok

12:34:23.0078 0420 symc810 - ok

12:34:23.0187 0420 symc8xx - ok

12:34:23.0390 0420 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS

12:34:23.0406 0420 SymDS - ok

12:34:23.0625 0420 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS

12:34:23.0656 0420 SymEFA - ok

12:34:23.0843 0420 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

12:34:23.0843 0420 SymEvent - ok

12:34:24.0140 0420 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS

12:34:24.0156 0420 SymIRON - ok

12:34:24.0296 0420 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS

12:34:24.0312 0420 SYMTDI - ok

12:34:24.0531 0420 sym_hi - ok

12:34:24.0609 0420 sym_u3 - ok

12:34:24.0734 0420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:34:24.0734 0420 sysaudio - ok

12:34:25.0015 0420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:34:25.0031 0420 Tcpip - ok

12:34:25.0250 0420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:34:25.0250 0420 TDPIPE - ok

12:34:25.0343 0420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:34:25.0343 0420 TDTCP - ok

12:34:25.0500 0420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:34:25.0500 0420 TermDD - ok

12:34:25.0625 0420 TosIde - ok

12:34:25.0843 0420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:34:25.0843 0420 Udfs - ok

12:34:26.0171 0420 ultra - ok

12:34:26.0375 0420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:34:26.0390 0420 Update - ok

12:34:26.0687 0420 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

12:34:26.0687 0420 USBAAPL - ok

12:34:26.0828 0420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:34:26.0843 0420 usbccgp - ok

12:34:27.0031 0420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:34:27.0031 0420 usbehci - ok

12:34:27.0312 0420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:34:27.0312 0420 usbhub - ok

12:34:27.0437 0420 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

12:34:27.0437 0420 usbohci - ok

12:34:27.0578 0420 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:34:27.0578 0420 usbprint - ok

12:34:27.0640 0420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:34:27.0656 0420 usbscan - ok

12:34:27.0765 0420 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:34:27.0765 0420 usbstor - ok

12:34:27.0921 0420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:34:27.0921 0420 usbuhci - ok

12:34:28.0015 0420 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

12:34:28.0015 0420 USB_RNDIS - ok

12:34:28.0078 0420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:34:28.0078 0420 VgaSave - ok

12:34:28.0250 0420 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

12:34:28.0250 0420 ViaIde - ok

12:34:28.0359 0420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:34:28.0359 0420 VolSnap - ok

12:34:28.0656 0420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:34:28.0656 0420 Wanarp - ok

12:34:28.0781 0420 WDICA - ok

12:34:28.0859 0420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:34:28.0859 0420 wdmaud - ok

12:34:29.0265 0420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

12:34:29.0265 0420 WS2IFSL - ok

12:34:29.0500 0420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:34:29.0500 0420 WudfPf - ok

12:34:29.0734 0420 MBR (0x1B8) (2adb60a78d6aefd3efeae86ca9cb5e30) \Device\Harddisk0\DR0

12:34:29.0734 0420 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

12:34:29.0734 0420 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

12:34:29.0750 0420 Boot (0x1200) (da8777a31c786b5bc3c6eb87232c7933) \Device\Harddisk0\DR0\Partition0

12:34:29.0750 0420 \Device\Harddisk0\DR0\Partition0 - ok

12:34:29.0812 0420 Boot (0x1200) (a4035f831e5990842970d183a9bc8356) \Device\Harddisk0\DR0\Partition1

12:34:29.0812 0420 \Device\Harddisk0\DR0\Partition1 - ok

12:34:29.0828 0420 ============================================================

12:34:29.0828 0420 Scan finished

12:34:29.0828 0420 ============================================================

12:34:29.0875 2964 Detected object count: 2

12:34:29.0875 2964 Actual detected object count: 2

12:34:49.0437 2964 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813

12:34:58.0375 2964 Backup copy found, using it..

12:34:58.0421 2964 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot

12:34:58.0421 2964 redbook ( Rootkit.Win32.ZAccess.j ) - User select action: Cure

12:34:58.0500 2964 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

12:34:58.0500 2964 \Device\Harddisk0\DR0 - ok

12:34:58.0500 2964 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

neicey145 · October 12, 2011

I just tried to connect to the internet while starting Windows normally, and I still can't. Also, I noticed 695.exe and 46752.exe has started showing up in my task manager. I thought TDDS was going to kill it but it didn't.

LDTate · October 12, 2011

Please run TDSSKiller again.

neicey145 · October 12, 2011

17:39:29.0953 0404 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54

17:39:30.0296 0404 ============================================================

17:39:30.0296 0404 Current date / time: 2011/10/12 17:39:30.0296

17:39:30.0296 0404 SystemInfo:

17:39:30.0296 0404

17:39:30.0296 0404 OS Version: 5.1.2600 ServicePack: 3.0

17:39:30.0296 0404 Product type: Workstation

17:39:30.0296 0404 ComputerName: NEICEY

17:39:30.0296 0404 UserName: HP_Administrator

17:39:30.0296 0404 Windows directory: C:\WINDOWS

17:39:30.0296 0404 System windows directory: C:\WINDOWS

17:39:30.0296 0404 Processor architecture: Intel x86

17:39:30.0296 0404 Number of processors: 1

17:39:30.0296 0404 Page size: 0x1000

17:39:30.0296 0404 Boot type: Safe boot with network

17:39:30.0296 0404 ============================================================

17:39:32.0312 0404 Initialize success

17:39:36.0359 0248 ============================================================

17:39:36.0359 0248 Scan started

17:39:36.0359 0248 Mode: Manual;

17:39:36.0359 0248 ============================================================

17:39:38.0359 0248 Abiosdsk - ok

17:39:38.0453 0248 abp480n5 - ok

17:39:38.0640 0248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:39:38.0703 0248 ACPI - ok

17:39:38.0921 0248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:39:38.0921 0248 ACPIEC - ok

17:39:38.0984 0248 adpu160m - ok

17:39:39.0078 0248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:39:39.0078 0248 aec - ok

17:39:39.0203 0248 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

17:39:39.0218 0248 AFD - ok

17:39:39.0312 0248 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

17:39:39.0359 0248 AgereSoftModem - ok

17:39:39.0562 0248 Aha154x - ok

17:39:39.0734 0248 aic78u2 - ok

17:39:39.0796 0248 aic78xx - ok

17:39:39.0984 0248 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

17:39:40.0093 0248 ALCXWDM - ok

17:39:40.0187 0248 AliIde - ok

17:39:40.0312 0248 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

17:39:40.0312 0248 AmdK8 - ok

17:39:40.0515 0248 amsint - ok

17:39:40.0765 0248 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys

17:39:40.0765 0248 aracpi - ok

17:39:40.0828 0248 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys

17:39:40.0828 0248 arhidfltr - ok

17:39:40.0937 0248 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys

17:39:40.0937 0248 arkbcfltr - ok

17:39:41.0062 0248 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys

17:39:41.0062 0248 armoucfltr - ok

17:39:41.0171 0248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:39:41.0171 0248 Arp1394 - ok

17:39:41.0234 0248 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys

17:39:41.0234 0248 ARPolicy - ok

17:39:41.0312 0248 asc - ok

17:39:41.0468 0248 asc3350p - ok

17:39:41.0546 0248 asc3550 - ok

17:39:41.0796 0248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:39:41.0796 0248 AsyncMac - ok

17:39:41.0953 0248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:39:41.0953 0248 atapi - ok

17:39:42.0015 0248 Atdisk - ok

17:39:42.0140 0248 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:39:42.0171 0248 ati2mtag - ok

17:39:42.0343 0248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:39:42.0359 0248 Atmarpc - ok

17:39:42.0531 0248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:39:42.0531 0248 audstub - ok

17:39:42.0703 0248 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

17:39:42.0703 0248 AVGIDSDriver - ok

17:39:42.0828 0248 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

17:39:42.0828 0248 AVGIDSEH - ok

17:39:42.0984 0248 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

17:39:43.0000 0248 AVGIDSFilter - ok

17:39:43.0078 0248 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

17:39:43.0078 0248 AVGIDSShim - ok

17:39:43.0265 0248 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

17:39:43.0281 0248 Avgldx86 - ok

17:39:43.0343 0248 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

17:39:43.0343 0248 Avgmfx86 - ok

17:39:43.0531 0248 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

17:39:43.0531 0248 Avgrkx86 - ok

17:39:43.0625 0248 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

17:39:43.0625 0248 Avgtdix - ok

17:39:43.0734 0248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:39:43.0734 0248 Beep - ok

17:39:43.0953 0248 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys

17:39:44.0031 0248 BHDrvx86 - ok

17:39:44.0140 0248 catchme - ok

17:39:44.0328 0248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:39:44.0328 0248 cbidf2k - ok

17:39:44.0406 0248 cd20xrnt - ok

17:39:44.0484 0248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:39:44.0484 0248 Cdaudio - ok

17:39:44.0609 0248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:39:44.0625 0248 Cdfs - ok

17:39:44.0781 0248 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:39:44.0781 0248 Cdrom - ok

17:39:44.0953 0248 Changer - ok

17:39:45.0093 0248 CmdIde - ok

17:39:45.0312 0248 Cpqarray - ok

17:39:45.0390 0248 dac2w2k - ok

17:39:45.0468 0248 dac960nt - ok

17:39:45.0640 0248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:39:45.0640 0248 Disk - ok

17:39:45.0953 0248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:39:46.0046 0248 dmboot - ok

17:39:46.0281 0248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:39:46.0281 0248 dmio - ok

17:39:46.0375 0248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:39:46.0375 0248 dmload - ok

17:39:46.0578 0248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:39:46.0578 0248 DMusic - ok

17:39:46.0734 0248 dpti2o - ok

17:39:46.0812 0248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:39:46.0812 0248 drmkaud - ok

17:39:47.0046 0248 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

17:39:47.0062 0248 eeCtrl - ok

17:39:47.0359 0248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:39:47.0375 0248 Fastfat - ok

17:39:47.0500 0248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:39:47.0500 0248 Fdc - ok

17:39:47.0578 0248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:39:47.0578 0248 Fips - ok

17:39:47.0687 0248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:39:47.0703 0248 Flpydisk - ok

17:39:48.0015 0248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:39:48.0046 0248 FltMgr - ok

17:39:48.0296 0248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:39:48.0296 0248 Fs_Rec - ok

17:39:48.0375 0248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:39:48.0406 0248 Ftdisk - ok

17:39:48.0546 0248 ftsata2 - ok

17:39:48.0796 0248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

17:39:48.0796 0248 GEARAspiWDM - ok

17:39:48.0937 0248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:39:48.0937 0248 Gpc - ok

17:39:49.0218 0248 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:39:49.0218 0248 HidUsb - ok

17:39:49.0375 0248 hpn - ok

17:39:49.0578 0248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:39:49.0593 0248 HTTP - ok

17:39:49.0718 0248 i2omgmt - ok

17:39:49.0781 0248 i2omp - ok

17:39:49.0906 0248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:39:49.0906 0248 i8042prt - ok

17:39:50.0046 0248 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys

17:39:50.0093 0248 iaStor - ok

17:39:50.0375 0248 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110701.051\IDSxpx86.sys

17:39:50.0390 0248 IDSxpx86 - ok

17:39:50.0671 0248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:39:50.0671 0248 Imapi - ok

17:39:50.0765 0248 ini910u - ok

17:39:50.0906 0248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:39:50.0906 0248 IntelIde - ok

17:39:51.0156 0248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:39:51.0156 0248 intelppm - ok

17:39:51.0250 0248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:39:51.0250 0248 Ip6Fw - ok

17:39:51.0328 0248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:39:51.0328 0248 IpFilterDriver - ok

17:39:51.0468 0248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:39:51.0468 0248 IpInIp - ok

17:39:51.0718 0248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:39:51.0718 0248 IpNat - ok

17:39:51.0859 0248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:39:51.0859 0248 IPSec - ok

17:39:51.0984 0248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:39:51.0984 0248 IRENUM - ok

17:39:52.0218 0248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:39:52.0218 0248 isapnp - ok

17:39:52.0406 0248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:39:52.0406 0248 Kbdclass - ok

17:39:52.0500 0248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:39:52.0500 0248 kbdhid - ok

17:39:52.0750 0248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:39:52.0828 0248 kmixer - ok

17:39:52.0953 0248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:39:52.0953 0248 KSecDD - ok

17:39:53.0171 0248 lbrtfdc - ok

17:39:53.0500 0248 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

17:39:53.0500 0248 MCSTRM - ok

17:39:53.0656 0248 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

17:39:53.0656 0248 MHNDRV - ok

17:39:53.0734 0248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:39:53.0734 0248 mnmdd - ok

17:39:53.0953 0248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:39:53.0953 0248 Modem - ok

17:39:54.0031 0248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:39:54.0031 0248 Mouclass - ok

17:39:54.0109 0248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:39:54.0109 0248 MountMgr - ok

17:39:54.0187 0248 mraid35x - ok

17:39:54.0375 0248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:39:54.0375 0248 MRxDAV - ok

17:39:54.0531 0248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:39:54.0562 0248 MRxSmb - ok

17:39:54.0859 0248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:39:54.0859 0248 Msfs - ok

17:39:54.0984 0248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:39:54.0984 0248 MSKSSRV - ok

17:39:55.0093 0248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:39:55.0093 0248 MSPCLOCK - ok

17:39:55.0281 0248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:39:55.0281 0248 MSPQM - ok

17:39:55.0437 0248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:39:55.0437 0248 mssmbios - ok

17:39:55.0593 0248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:39:55.0593 0248 Mup - ok

17:39:55.0890 0248 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110702.002\NAVENG.SYS

17:39:55.0906 0248 NAVENG - ok

17:39:56.0046 0248 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110702.002\NAVEX15.SYS

17:39:56.0109 0248 NAVEX15 - ok

17:39:56.0328 0248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:39:56.0343 0248 NDIS - ok

17:39:56.0453 0248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:39:56.0453 0248 NdisTapi - ok

17:39:56.0531 0248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:39:56.0531 0248 Ndisuio - ok

17:39:56.0687 0248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:39:56.0703 0248 NdisWan - ok

17:39:56.0937 0248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:39:56.0937 0248 NDProxy - ok

17:39:57.0062 0248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:39:57.0062 0248 NetBIOS - ok

17:39:57.0171 0248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:39:57.0171 0248 NetBT - ok

17:39:57.0468 0248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:39:57.0500 0248 NIC1394 - ok

17:39:57.0687 0248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:39:57.0687 0248 Npfs - ok

17:39:57.0765 0248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:39:57.0796 0248 Ntfs - ok

17:39:58.0031 0248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:39:58.0031 0248 Null - ok

17:39:58.0093 0248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:39:58.0093 0248 NwlnkFlt - ok

17:39:58.0171 0248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:39:58.0171 0248 NwlnkFwd - ok

17:39:58.0265 0248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:39:58.0281 0248 ohci1394 - ok

17:39:58.0546 0248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:39:58.0562 0248 Parport - ok

17:39:58.0625 0248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:39:58.0625 0248 PartMgr - ok

17:39:58.0875 0248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:39:58.0875 0248 ParVdm - ok

17:39:59.0062 0248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:39:59.0062 0248 PCI - ok

17:39:59.0140 0248 PCIDump - ok

17:39:59.0218 0248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:39:59.0218 0248 PCIIde - ok

17:39:59.0328 0248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:39:59.0328 0248 Pcmcia - ok

17:39:59.0500 0248 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys

17:39:59.0515 0248 PCTCore - ok

17:39:59.0828 0248 PDCOMP - ok

17:39:59.0968 0248 PDFRAME - ok

17:40:00.0078 0248 PDRELI - ok

17:40:00.0156 0248 PDRFRAME - ok

17:40:00.0234 0248 perc2 - ok

17:40:00.0281 0248 perc2hib - ok

17:40:00.0484 0248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:40:00.0484 0248 PptpMiniport - ok

17:40:00.0718 0248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

17:40:00.0718 0248 Processor - ok

17:40:01.0031 0248 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

17:40:01.0031 0248 Ps2 - ok

17:40:01.0234 0248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:40:01.0250 0248 PSched - ok

17:40:01.0375 0248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:40:01.0390 0248 Ptilink - ok

17:40:01.0468 0248 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:40:01.0468 0248 PxHelp20 - ok

17:40:01.0531 0248 ql1080 - ok

17:40:01.0593 0248 Ql10wnt - ok

17:40:01.0703 0248 ql12160 - ok

17:40:01.0765 0248 ql1240 - ok

17:40:01.0843 0248 ql1280 - ok

17:40:01.0906 0248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:40:01.0906 0248 RasAcd - ok

17:40:02.0109 0248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:40:02.0109 0248 Rasl2tp - ok

17:40:02.0281 0248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:40:02.0296 0248 RasPppoe - ok

17:40:02.0406 0248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:40:02.0406 0248 Raspti - ok

17:40:02.0546 0248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:40:02.0562 0248 Rdbss - ok

17:40:02.0828 0248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:40:02.0828 0248 RDPCDD - ok

17:40:02.0968 0248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:40:02.0984 0248 rdpdr - ok

17:40:03.0109 0248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:40:03.0109 0248 RDPWD - ok

17:40:03.0343 0248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:40:03.0343 0248 redbook - ok

17:40:03.0546 0248 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

17:40:03.0546 0248 RimUsb - ok

17:40:03.0843 0248 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

17:40:03.0843 0248 RTL8023xp - ok

17:40:03.0906 0248 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

17:40:03.0921 0248 rtl8139 - ok

17:40:04.0265 0248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:40:04.0265 0248 Secdrv - ok

17:40:04.0437 0248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

17:40:04.0437 0248 Serial - ok

17:40:04.0750 0248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:40:04.0750 0248 Sfloppy - ok

17:40:04.0937 0248 Simbad - ok

17:40:05.0078 0248 Sparrow - ok

17:40:05.0187 0248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:40:05.0187 0248 splitter - ok

17:40:05.0437 0248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:40:05.0437 0248 sr - ok

17:40:05.0671 0248 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS

17:40:05.0703 0248 SRTSP - ok

17:40:06.0062 0248 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS

17:40:06.0062 0248 SRTSPX - ok

17:40:06.0203 0248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:40:06.0218 0248 Srv - ok

17:40:06.0453 0248 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

17:40:06.0453 0248 sscdbus - ok

17:40:06.0546 0248 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

17:40:06.0578 0248 sscdmdfl - ok

17:40:06.0703 0248 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

17:40:06.0703 0248 sscdmdm - ok

17:40:06.0906 0248 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys

17:40:06.0906 0248 sscdserd - ok

17:40:07.0078 0248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:40:07.0078 0248 swenum - ok

17:40:07.0265 0248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:40:07.0265 0248 swmidi - ok

17:40:07.0390 0248 symc810 - ok

17:40:07.0468 0248 symc8xx - ok

17:40:07.0812 0248 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS

17:40:07.0843 0248 SymDS - ok

17:40:07.0968 0248 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS

17:40:08.0000 0248 SymEFA - ok

17:40:08.0140 0248 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

17:40:08.0140 0248 SymEvent - ok

17:40:08.0390 0248 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS

17:40:08.0406 0248 SymIRON - ok

17:40:08.0625 0248 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS

17:40:08.0625 0248 SYMTDI - ok

17:40:08.0843 0248 sym_hi - ok

17:40:08.0906 0248 sym_u3 - ok

17:40:09.0031 0248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:40:09.0031 0248 sysaudio - ok

17:40:09.0187 0248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:40:09.0203 0248 Tcpip - ok

17:40:09.0421 0248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:40:09.0421 0248 TDPIPE - ok

17:40:09.0531 0248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:40:09.0531 0248 TDTCP - ok

17:40:09.0687 0248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:40:09.0687 0248 TermDD - ok

17:40:09.0890 0248 TosIde - ok

17:40:10.0015 0248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:40:10.0015 0248 Udfs - ok

17:40:10.0140 0248 ultra - ok

17:40:10.0359 0248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:40:10.0375 0248 Update - ok

17:40:10.0593 0248 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:40:10.0609 0248 USBAAPL - ok

17:40:10.0828 0248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:40:10.0843 0248 usbccgp - ok

17:40:11.0031 0248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:40:11.0031 0248 usbehci - ok

17:40:11.0250 0248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:40:11.0250 0248 usbhub - ok

17:40:11.0328 0248 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

17:40:11.0328 0248 usbohci - ok

17:40:11.0453 0248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:40:11.0453 0248 usbprint - ok

17:40:11.0640 0248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:40:11.0640 0248 usbscan - ok

17:40:11.0796 0248 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:40:11.0796 0248 usbstor - ok

17:40:11.0875 0248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:40:11.0875 0248 usbuhci - ok

17:40:12.0000 0248 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

17:40:12.0000 0248 USB_RNDIS - ok

17:40:12.0078 0248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:40:12.0078 0248 VgaSave - ok

17:40:12.0312 0248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

17:40:12.0328 0248 ViaIde - ok

17:40:12.0390 0248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:40:12.0390 0248 VolSnap - ok

17:40:12.0687 0248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:40:12.0687 0248 Wanarp - ok

17:40:12.0734 0248 WDICA - ok

17:40:12.0812 0248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:40:12.0828 0248 wdmaud - ok

17:40:13.0171 0248 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:40:13.0187 0248 WS2IFSL - ok

17:40:13.0328 0248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:40:13.0328 0248 WudfPf - ok

17:40:13.0578 0248 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0

17:40:13.0609 0248 \Device\Harddisk0\DR0 - ok

17:40:13.0640 0248 Boot (0x1200) (da8777a31c786b5bc3c6eb87232c7933) \Device\Harddisk0\DR0\Partition0

17:40:13.0640 0248 \Device\Harddisk0\DR0\Partition0 - ok

17:40:13.0656 0248 Boot (0x1200) (a4035f831e5990842970d183a9bc8356) \Device\Harddisk0\DR0\Partition1

17:40:13.0656 0248 \Device\Harddisk0\DR0\Partition1 - ok

17:40:13.0656 0248 ============================================================

17:40:13.0656 0248 Scan finished

17:40:13.0656 0248 ============================================================

17:40:13.0703 1780 Detected object count: 0

17:40:13.0703 1780 Actual detected object count: 0

LDTate · October 12, 2011

I just tried to connect to the internet while starting Windows normally, and I still can't. Also, I noticed 695.exe and 46752.exe has started showing up

Is that still happening?

neicey145 · October 12, 2011

Yes

LDTate · October 12, 2011

Lets run a new Combofix scan now.

neicey145 · October 13, 2011

ComboFix 11-10-12.04 - HP_Administrator 10/12/2011 18:23:18.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.348 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))

.

2011-10-12 06:52 . 2011-10-12 06:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-10-12 03:43 . 2011-10-12 03:43 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2011-10-11 22:01 . 2011-10-11 22:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert

2011-10-11 21:35 . 2011-10-11 21:57 -------- d-----w- c:\program files\9EA86

2011-10-10 03:37 . 2011-10-10 03:37 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-10-10 03:37 . 2011-10-10 03:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!

2011-10-10 03:36 . 2011-10-10 03:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

2011-10-10 03:36 . 2011-10-10 03:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-10-07 10:00 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-07 10:00 . 2011-10-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware