Jump to content

ping.exe wrecking havoc


Recommended Posts

Hi,

Encountered two problems today: ping.exe along with yan.exe, and that annoying XP Antivirus 2012 thing. I think I've knocked out the second, but the first is still hanging on and messing with my system. Right now I can't start any programs, blocking my ability to run malwarebytes again. I've run dds.scr and have the files for you. Thank you in advance for your assistance!!!

attach.txt

dds.zip

Link to post
Share on other sites

Welcome to the forum.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

See if following this guide works for getting your programss to run MBAM to scan.

It's not going to fix the ping.exe problem, slao scan the system with OTL and post the logs.

if not...........

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/12/24 08:38:26 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe
    PRC - [2011/12/24 08:38:26 | 000,079,872 | ---- | M] () -- C:\WINDOWS\Temp\hki50534.exe
    MOD - [2011/12/24 08:38:26 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe
    MOD - [2011/12/24 08:38:26 | 000,079,872 | ---- | M] () -- C:\WINDOWS\Temp\hki50534.exe
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O37 - HKU\S-1-5-21-1778200288-313098189-2685242751-1003\...exe [@ = ssC] -- "C:\Documents and Settings\D810\Local Settings\Application Data\yan.exe" -a "%1" %*
    [2011/11/26 15:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\nonG4aQH6W7R9Tq
    [2011/11/26 15:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\CUCekIBrzNAuDo
    [2011/11/26 15:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\lVelIBtzPyAiDoF
    [2011/11/26 15:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\BpmH5sWJ7E
    [2011/11/26 02:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\24FA9
    [2011/11/26 02:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\D0724
    [2011/11/26 02:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\LP
    [2011/11/26 02:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\KnG5aQHdWKfLhXj
    [2011/11/26 02:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\gClIBtzPNc1voFa
    [2011/11/26 02:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\SF3pn5aQJdKfZhX
    [2011/11/26 02:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D810\Application Data\AG4amH6sW
    [2011/12/24 08:38:26 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe
    [2011/12/24 08:38:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe.b
    [2011/12/24 06:16:46 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\EJSfc8.com
    [2011/12/23 17:34:38 | 000,014,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k
    [2011/12/23 17:22:09 | 000,014,174 | -HS- | M] () -- C:\Documents and Settings\D810\Local Settings\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k
    [2011/12/24 08:38:26 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe
    [2011/12/24 08:38:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe.b
    [2011/12/24 06:16:57 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\EJSfc8.com
    [2011/12/23 13:49:43 | 000,014,174 | -HS- | C] () -- C:\Documents and Settings\D810\Local Settings\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k
    [2011/12/23 13:49:43 | 000,014,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k
    [2011/11/26 14:40:40 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\EJSfc8.com__
    [2011/11/26 14:40:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\EJSfc8.com_.b
    [2011/04/05 18:28:06 | 000,009,700 | -HS- | C] () -- C:\Documents and Settings\D810\Local Settings\Application Data\3lhqy33xpt11p
    [2011/04/05 18:28:06 | 000,009,700 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3lhqy33xpt11p
    [2011/11/26 02:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\AG4amH6sW
    [2011/06/20 17:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\Amazon
    [2011/11/26 15:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\BpmH5sWJ7E
    [2011/11/26 15:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\CUCekIBrzNAuDo
    [2011/11/26 02:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\D0724
    [2011/11/26 02:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\gClIBtzPNc1voFa
    [2011/11/26 02:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\KnG5aQHdWKfLhXj
    [2011/11/26 15:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\lVelIBtzPyAiDoF
    [2011/11/26 15:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\nonG4aQH6W7R9Tq
    [2011/11/26 02:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D810\Application Data\SF3pn5aQJdKfZhX

    :files
    C:\WINDOWS\tasks\*.job
    :Commands
    [emptytemp]
    [createrestorepoint]

    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Here is the new log file. I can run exe files and ping.exe is not in the running processes! I would be grateful for any advice to protect my computer in the future.

All processes killed

========== OTL ==========

No active process named iiXmTlQ6.exe was found!

No active process named hki50534.exe was found!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1778200288-313098189-2685242751-1003_Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1778200288-313098189-2685242751-1003_Classes\ssC\ deleted successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

C:\Documents and Settings\D810\Application Data\nonG4aQH6W7R9Tq folder moved successfully.

C:\Documents and Settings\D810\Application Data\CUCekIBrzNAuDo folder moved successfully.

C:\Documents and Settings\D810\Application Data\lVelIBtzPyAiDoF folder moved successfully.

C:\Documents and Settings\D810\Application Data\BpmH5sWJ7E folder moved successfully.

C:\Program Files\24FA9 folder moved successfully.

C:\Documents and Settings\D810\Application Data\D0724 folder moved successfully.

C:\Program Files\LP\F2AD folder moved successfully.

C:\Program Files\LP folder moved successfully.

C:\Documents and Settings\D810\Application Data\KnG5aQHdWKfLhXj folder moved successfully.

C:\Documents and Settings\D810\Application Data\gClIBtzPNc1voFa folder moved successfully.

C:\Documents and Settings\D810\Application Data\SF3pn5aQJdKfZhX folder moved successfully.

C:\Documents and Settings\D810\Application Data\AG4amH6sW folder moved successfully.

C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe.b moved successfully.

C:\WINDOWS\system32\EJSfc8.com moved successfully.

C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k moved successfully.

C:\Documents and Settings\D810\Local Settings\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k moved successfully.

File C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe not found.

File C:\Documents and Settings\All Users\Application Data\iiXmTlQ6.exe.b not found.

File C:\WINDOWS\System32\EJSfc8.com not found.

File C:\Documents and Settings\D810\Local Settings\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k not found.

File C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k not found.

C:\WINDOWS\system32\EJSfc8.com__ moved successfully.

C:\WINDOWS\system32\EJSfc8.com_.b moved successfully.

C:\Documents and Settings\D810\Local Settings\Application Data\3lhqy33xpt11p moved successfully.

C:\Documents and Settings\All Users\Application Data\3lhqy33xpt11p moved successfully.

Folder C:\Documents and Settings\D810\Application Data\AG4amH6sW\ not found.

C:\Documents and Settings\D810\Application Data\Amazon\MP3 Downloader folder moved successfully.

C:\Documents and Settings\D810\Application Data\Amazon folder moved successfully.

Folder C:\Documents and Settings\D810\Application Data\BpmH5sWJ7E\ not found.

Folder C:\Documents and Settings\D810\Application Data\CUCekIBrzNAuDo\ not found.

Folder C:\Documents and Settings\D810\Application Data\D0724\ not found.

Folder C:\Documents and Settings\D810\Application Data\gClIBtzPNc1voFa\ not found.

Folder C:\Documents and Settings\D810\Application Data\KnG5aQHdWKfLhXj\ not found.

Folder C:\Documents and Settings\D810\Application Data\lVelIBtzPyAiDoF\ not found.

Folder C:\Documents and Settings\D810\Application Data\nonG4aQH6W7R9Tq\ not found.

Folder C:\Documents and Settings\D810\Application Data\SF3pn5aQJdKfZhX\ not found.

========== FILES ==========

C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.

C:\WINDOWS\tasks\At1.job moved successfully.

C:\WINDOWS\tasks\At101.job moved successfully.

C:\WINDOWS\tasks\At102.job moved successfully.

C:\WINDOWS\tasks\At103.job moved successfully.

C:\WINDOWS\tasks\At104.job moved successfully.

C:\WINDOWS\tasks\At105.job moved successfully.

C:\WINDOWS\tasks\At106.job moved successfully.

C:\WINDOWS\tasks\At107.job moved successfully.

C:\WINDOWS\tasks\At108.job moved successfully.

C:\WINDOWS\tasks\At109.job moved successfully.

C:\WINDOWS\tasks\At110.job moved successfully.

C:\WINDOWS\tasks\At111.job moved successfully.

C:\WINDOWS\tasks\At112.job moved successfully.

C:\WINDOWS\tasks\At113.job moved successfully.

C:\WINDOWS\tasks\At114.job moved successfully.

C:\WINDOWS\tasks\At115.job moved successfully.

C:\WINDOWS\tasks\At116.job moved successfully.

C:\WINDOWS\tasks\At117.job moved successfully.

C:\WINDOWS\tasks\At118.job moved successfully.

C:\WINDOWS\tasks\At119.job moved successfully.

C:\WINDOWS\tasks\At120.job moved successfully.

C:\WINDOWS\tasks\At121.job moved successfully.

C:\WINDOWS\tasks\At122.job moved successfully.

C:\WINDOWS\tasks\At123.job moved successfully.

C:\WINDOWS\tasks\At124.job moved successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\tasks\At4.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job moved successfully.

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1778200288-313098189-2685242751-1003.job moved successfully.

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job moved successfully.

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1778200288-313098189-2685242751-1003.job moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 1573477 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 3387747 bytes

->Flash cache emptied: 56504 bytes

User: All Users

User: D810

->Temp folder emptied: 3052393 bytes

->Temporary Internet Files folder emptied: 20081943 bytes

->Java cache emptied: 652013 bytes

->FireFox cache emptied: 41609184 bytes

->Google Chrome cache emptied: 6339613 bytes

->Flash cache emptied: 2673991 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 343 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 9585042 bytes

->Java cache emptied: 937 bytes

->Flash cache emptied: 26000 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2175612 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 24192 bytes

Windows Temp folder emptied: 273940 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 199667977 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 89209 bytes

RecycleBin emptied: 1210882 bytes

Total Files Cleaned = 279.00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: D810

->Temp folder emptied: 247296 bytes

->Temporary Internet Files folder emptied: 10175169 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 11567715 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12252011_083045

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\7%2526ty%253D73%2526sig%253D102034680001969142940%2526page%253D3%2526tbnh%253D87%2526tbnw%253D159%2526start%253D47%2526ndsp%253D22%2526ved%253D1t%253A429%252Cr%253A0%252Cs%253A47[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\;cc=us;age=nl;gender=nl;asi=;lo=wx_12;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322982694181120_cat-fcst_fam-hrly_ch-nl_tile-4_pos-wx_ws;tile=4;sz=970x66;ord=1322322982694181120[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\;cc=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-8_pos-wx_hdn;tile=8;sz=1x1;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\;dma=nl;st=nl;cc=nl;age=nl;gender=nl;asi=nl;lo=wx_56;u=dma-nl_st-nl_cid-nl_ord-1322322911663493773_cat-base_fam-video_ch-nl_tile-1_pos-wx_pc;tile=1;sz=1x1;ord=1322322911663493773[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-4_pos-wx_sl3;tile=4;sz=180x35;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\a=nl;st=nl;cc=nl;age=nl;gender=nl;asi=nl;lo=wx_56;u=dma-nl_st-nl_cid-nl_ord-1322322911663493773_cat-base_fam-video_ch-nl_tile-2_pos-wx_bb;tile=2;sz=970x66;ord=1322322911663493773[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\c=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-10_pos-wx_wp2;tile=10;sz=234x60;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\e=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-8_pos-wx_ontv;tile=8;sz=274x66,274x182;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\l;asi=;lo=wx_12;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322982694181120_cat-fcst_fam-hrly_ch-nl_tile-1_pos-wx_300var;tile=1;sz=300x600,300x250,300x1050;ord=1322322982694181120[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\l;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-5_pos-wx_ontv;tile=5;sz=274x66,274x182;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\mi;cc=us;age=nl;gender=nl;asi=;lo=wx_12;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322982694181120_cat-fcst_fam-hrly_ch-nl_tile-3_pos-wx_hdn;tile=3;sz=1x1;ord=1322322982694181120[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\module-1-base,module-2-seasonpromo,module-3-dl,module-4-ontv,module-5-onthisday,module-6-forecastlanding,module-7-laplinker,module-8-localalerts,module-9-iwitness[1].css not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\nl;cc=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-3_pos-wx_wlpr;tile=3;sz=1x1;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\s;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-11_pos-wx_md2;tile=11;sz=270x75;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\QE8EJMKW\s;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-10_pos-wx_md1;tile=10;sz=270x75;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\;cc=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-9_pos-wx_wp1;tile=9;sz=234x60;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\=mi;cc=us;age=nl;gender=nl;asi=;lo=wx_12;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322982694181120_cat-fcst_fam-hrly_ch-nl_tile-2_pos-wx_pc;tile=2;sz=1x1;ord=1322322982694181120[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\=nl;cc=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-6_pos-wx_hdn;tile=6;sz=1x1;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-4_pos-wx_sl3;tile=4;sz=180x35;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-9_pos-wx_sl2;tile=9;sz=265x35;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-3_pos-wx_t2;tile=3;sz=125x125;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-1_pos-wx_300var;tile=1;sz=300x600,300x250,300x1050;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\c=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-7_pos-wx_ws;tile=7;sz=970x66;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\e=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-13_pos-wx_mid300;tile=13;sz=300x250;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\e=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-13_pos-wx_mid300;tile=13;sz=300x250;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\O00CLKPW\l;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-5_pos-wx_ontv;tile=5;sz=274x66,274x182;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\GSQ27R3Q\7%2526ty%253D73%2526sig%253D102034680001969142940%2526page%253D3%2526tbnh%253D87%2526tbnw%253D159%2526start%253D47%2526ndsp%253D22%2526ved%253D1t%253A429%252Cr%253A0%252Cs%253A47[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\GSQ27R3Q\=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-2_pos-wx_t1;tile=2;sz=125x125;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\GSQ27R3Q\=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-3_pos-wx_t2;tile=3;sz=125x125;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\GSQ27R3Q\=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-2_pos-wx_t1;tile=2;sz=125x125;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\GSQ27R3Q\dma=nl;st=nl;cc=nl;age=nl;gender=nl;asi=nl;lo=wx_56;u=dma-nl_st-nl_cid-nl_ord-1322322911663493773_cat-base_fam-video_ch-nl_tile-3_pos-wx_hdn;tile=3;sz=1x1;ord=1322322911663493773[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\GSQ27R3Q\i;cc=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-6_pos-wx_pc;tile=6;sz=1x1;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\GSQ27R3Q\s;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-11_pos-wx_md2;tile=11;sz=270x75;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-1_pos-wx_300var;tile=1;sz=300x600,300x250,300x1050;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\;cc=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-7_pos-wx_sl3;tile=7;sz=180x35;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\;cc=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-8_pos-wx_hdn;tile=8;sz=1x1;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\=nl;cc=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-2_pos-wx_pds;tile=2;sz=7x7;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-9_pos-wx_sl2;tile=9;sz=265x35;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-1_pos-wx_300var;tile=1;sz=300x600,300x250,300x1050;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\c=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-11_pos-wx_wp3;tile=11;sz=234x60;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\c=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-12_pos-wx_pds;tile=12;sz=7x7;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\c=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-12_pos-wx_pds;tile=12;sz=7x7;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\c=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322973257267479_cat-fcst_fam-tday_ch-nl_tile-7_pos-wx_ws;tile=7;sz=970x66;ord=1322322973257267479[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\dma=nl;st=nl;cc=nl;age=nl;gender=nl;asi=nl;lo=wx_56;u=dma-nl_st-nl_cid-nl_ord-1322322911663493773_cat-base_fam-video_ch-nl_tile-4_pos-wx_pds;tile=4;sz=7x7;ord=1322322911663493773[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\i;cc=us;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-6_pos-wx_pc;tile=6;sz=1x1;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\l;cc=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-5_pos-wx_ws;tile=5;sz=970x66;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\mi;cc=us;age=nl;gender=nl;asi=;lo=wx_12;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322982694181120_cat-fcst_fam-hrly_ch-nl_tile-5_pos-wx_pds;tile=5;sz=7x7;ord=1322322982694181120[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\s;age=nl;gender=nl;asi=nl;lo=wx_52;lo=wx_t3wsf;u=dma-505_st-mi_cid-nl_ord-1322322849225535869_cat-fcst_fam-tday_ch-nl_tile-10_pos-wx_md1;tile=10;sz=270x75;ord=1322322849225535869[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\Temporary Internet Files\Content.IE5\3HRS50JN\t=nl;cc=nl;age=;gender=nl;asi=nl;lo=wx_39;lo=wx_t3wsh;u=dma-nl_st-nl_cid-nl_ord-1322322817866228357_cat-base_fam-home_ch-nl_tile-4_pos-wx_pc;tile=4;sz=1x1;ord=1322322817866228357[1] not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\~DF27E0.tmp not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\~DF28A1.tmp not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\~DF297E.tmp not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\~DF2A08.tmp not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\~DF2CDE.tmp not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\~DF2CEF.tmp not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\~DFA943.tmp not found!

File\Folder C:\Documents and Settings\D810\Local Settings\Temp\~DFBACA.tmp not found!

C:\Documents and Settings\D810\Local Settings\Temporary Internet Files\Content.IE5\9X53ZDAA\index[2].htm moved successfully.

C:\Documents and Settings\D810\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V26LRLGH\fw-nonplayer-banner[1].htm not found!

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V26LRLGH\fw-nonplayer-banner[2].htm not found!

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V26LRLGH\MevioBPFX[1].swf moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QXQSOSO6\adme_mevio_com[1].txt moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KIUD4PFZ\html;ord=1324819891671[1].htm moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KIUD4PFZ\sandbox[1].php moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KIUD4PFZ\tntwo[1].php moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4Y9LTXWB\findwhat[1].txt moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4Y9LTXWB\redirect_v94_cim_11_16_2[1].html moved successfully.

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4Y9LTXWB\s[1].htm not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

OK, I ran it once and it came up with one to cure. Rebooted the computer wen instructed. Here is the file.

00:19:52.0656 3400 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

00:19:53.0125 3400 ============================================================

00:19:53.0125 3400 Current date / time: 2011/12/26 00:19:53.0125

00:19:53.0125 3400 SystemInfo:

00:19:53.0125 3400

00:19:53.0125 3400 OS Version: 5.1.2600 ServicePack: 2.0

00:19:53.0125 3400 Product type: Workstation

00:19:53.0125 3400 ComputerName: DELL-62052

00:19:53.0125 3400 UserName: D810

00:19:53.0125 3400 Windows directory: C:\WINDOWS

00:19:53.0125 3400 System windows directory: C:\WINDOWS

00:19:53.0125 3400 Processor architecture: Intel x86

00:19:53.0125 3400 Number of processors: 1

00:19:53.0125 3400 Page size: 0x1000

00:19:53.0125 3400 Boot type: Normal boot

00:19:53.0125 3400 ============================================================

00:19:54.0765 3400 Initialize success

00:21:39.0140 3020 ============================================================

00:21:39.0140 3020 Scan started

00:21:39.0140 3020 Mode: Manual; SigCheck; TDLFS;

00:21:39.0140 3020 ============================================================

00:21:39.0875 3020 Abiosdsk - ok

00:21:39.0890 3020 abp480n5 - ok

00:21:39.0968 3020 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

00:21:41.0703 3020 ACPI - ok

00:21:41.0796 3020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

00:21:41.0906 3020 ACPIEC - ok

00:21:41.0921 3020 adpu160m - ok

00:21:41.0953 3020 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

00:21:42.0062 3020 aec - ok

00:21:42.0109 3020 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

00:21:42.0250 3020 AFD - ok

00:21:42.0265 3020 Aha154x - ok

00:21:42.0281 3020 aic78u2 - ok

00:21:42.0281 3020 aic78xx - ok

00:21:42.0296 3020 AliIde - ok

00:21:42.0312 3020 amsint - ok

00:21:42.0328 3020 asc - ok

00:21:42.0343 3020 asc3350p - ok

00:21:42.0343 3020 asc3550 - ok

00:21:42.0375 3020 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

00:21:42.0593 3020 AsyncMac - ok

00:21:42.0656 3020 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

00:21:42.0796 3020 atapi - ok

00:21:42.0812 3020 Atdisk - ok

00:21:42.0875 3020 ati2mtag (2a6c99cfdc23c9c26d0e30b1c99748d4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

00:21:43.0000 3020 ati2mtag - ok

00:21:43.0109 3020 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

00:21:43.0265 3020 Atmarpc - ok

00:21:43.0375 3020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

00:21:43.0593 3020 audstub - ok

00:21:43.0656 3020 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

00:21:43.0687 3020 b57w2k - ok

00:21:43.0703 3020 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

00:21:43.0765 3020 BCM43XX - ok

00:21:43.0828 3020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

00:21:43.0906 3020 Beep - ok

00:21:43.0968 3020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

00:21:44.0062 3020 cbidf2k - ok

00:21:44.0062 3020 cd20xrnt - ok

00:21:44.0078 3020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

00:21:44.0171 3020 Cdaudio - ok

00:21:44.0218 3020 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

00:21:44.0343 3020 Cdfs - ok

00:21:44.0359 3020 Cdrom - ok

00:21:44.0390 3020 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

00:21:44.0421 3020 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

00:21:44.0421 3020 cercsr6 - detected UnsignedFile.Multi.Generic (1)

00:21:44.0484 3020 Changer - ok

00:21:44.0500 3020 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

00:21:44.0625 3020 CmBatt - ok

00:21:44.0640 3020 CmdIde - ok

00:21:44.0671 3020 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

00:21:44.0781 3020 Compbatt - ok

00:21:44.0796 3020 Cpqarray - ok

00:21:44.0812 3020 dac2w2k - ok

00:21:44.0828 3020 dac960nt - ok

00:21:44.0843 3020 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

00:21:44.0968 3020 Disk - ok

00:21:45.0109 3020 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

00:21:45.0281 3020 dmboot - ok

00:21:45.0296 3020 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

00:21:45.0453 3020 dmio - ok

00:21:45.0468 3020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

00:21:45.0609 3020 dmload - ok

00:21:45.0656 3020 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

00:21:45.0843 3020 DMusic - ok

00:21:45.0906 3020 dpti2o - ok

00:21:45.0937 3020 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

00:21:46.0109 3020 drmkaud - ok

00:21:46.0171 3020 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

00:21:46.0343 3020 Fastfat - ok

00:21:46.0375 3020 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

00:21:46.0531 3020 Fdc - ok

00:21:46.0546 3020 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

00:21:46.0718 3020 Fips - ok

00:21:46.0718 3020 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

00:21:46.0812 3020 Flpydisk - ok

00:21:46.0859 3020 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

00:21:46.0953 3020 FltMgr - ok

00:21:46.0968 3020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

00:21:47.0078 3020 Fs_Rec - ok

00:21:47.0093 3020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

00:21:47.0203 3020 Ftdisk - ok

00:21:47.0234 3020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

00:21:47.0234 3020 GEARAspiWDM - ok

00:21:47.0265 3020 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

00:21:47.0375 3020 Gpc - ok

00:21:47.0406 3020 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

00:21:47.0437 3020 GTIPCI21 - ok

00:21:47.0484 3020 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

00:21:47.0578 3020 HidUsb - ok

00:21:47.0640 3020 hpn - ok

00:21:47.0687 3020 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

00:21:47.0718 3020 HSFHWICH - ok

00:21:47.0781 3020 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS

00:21:47.0906 3020 HSF_DPV - ok

00:21:47.0953 3020 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

00:21:48.0109 3020 HTTP - ok

00:21:48.0171 3020 i2omgmt - ok

00:21:48.0187 3020 i2omp - ok

00:21:48.0203 3020 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

00:21:48.0343 3020 i8042prt - ok

00:21:48.0375 3020 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

00:21:48.0546 3020 Imapi - ok

00:21:48.0562 3020 ini910u - ok

00:21:48.0656 3020 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

00:21:48.0812 3020 IntelIde - ok

00:21:48.0828 3020 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

00:21:49.0000 3020 intelppm - ok

00:21:49.0031 3020 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

00:21:49.0218 3020 Ip6Fw - ok

00:21:49.0234 3020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

00:21:49.0390 3020 IpFilterDriver - ok

00:21:49.0406 3020 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

00:21:49.0687 3020 IpInIp - ok

00:21:49.0718 3020 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

00:21:49.0812 3020 IpNat - ok

00:21:49.0828 3020 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

00:21:49.0921 3020 IPSec - ok

00:21:49.0953 3020 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

00:21:49.0984 3020 IRENUM - ok

00:21:50.0000 3020 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

00:21:50.0093 3020 isapnp - ok

00:21:50.0140 3020 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

00:21:50.0250 3020 Kbdclass - ok

00:21:50.0296 3020 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

00:21:50.0421 3020 kmixer - ok

00:21:50.0484 3020 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

00:21:50.0593 3020 KSecDD - ok

00:21:50.0609 3020 lbrtfdc - ok

00:21:50.0625 3020 MBAMSwissArmy - ok

00:21:50.0640 3020 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

00:21:50.0671 3020 mdmxsdk - ok

00:21:50.0687 3020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

00:21:50.0796 3020 mnmdd - ok

00:21:50.0828 3020 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

00:21:50.0937 3020 Modem - ok

00:21:50.0953 3020 motccgp - ok

00:21:50.0953 3020 motccgpfl - ok

00:21:50.0968 3020 motmodem - ok

00:21:50.0984 3020 motport - ok

00:21:51.0000 3020 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

00:21:51.0109 3020 Mouclass - ok

00:21:51.0156 3020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

00:21:51.0281 3020 mouhid - ok

00:21:51.0296 3020 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

00:21:51.0437 3020 MountMgr - ok

00:21:51.0453 3020 mraid35x - ok

00:21:51.0531 3020 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

00:21:51.0640 3020 MRxDAV - ok

00:21:51.0671 3020 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

00:21:51.0812 3020 MRxSmb - ok

00:21:51.0875 3020 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

00:21:51.0984 3020 Msfs - ok

00:21:52.0015 3020 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

00:21:52.0171 3020 MSKSSRV - ok

00:21:52.0187 3020 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

00:21:52.0312 3020 MSPCLOCK - ok

00:21:52.0328 3020 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

00:21:52.0421 3020 MSPQM - ok

00:21:52.0468 3020 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

00:21:52.0578 3020 mssmbios - ok

00:21:52.0609 3020 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

00:21:52.0703 3020 Mup - ok

00:21:52.0718 3020 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

00:21:52.0812 3020 NDIS - ok

00:21:52.0859 3020 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

00:21:52.0968 3020 NdisTapi - ok

00:21:53.0000 3020 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

00:21:53.0125 3020 Ndisuio - ok

00:21:53.0156 3020 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

00:21:53.0250 3020 NdisWan - ok

00:21:53.0265 3020 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

00:21:53.0359 3020 NDProxy - ok

00:21:53.0390 3020 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

00:21:53.0515 3020 NetBIOS - ok

00:21:53.0562 3020 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

00:21:53.0671 3020 NetBT - ok

00:21:53.0703 3020 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

00:21:53.0796 3020 Npfs - ok

00:21:53.0859 3020 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

00:21:54.0000 3020 Ntfs - ok

00:21:54.0203 3020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

00:21:54.0328 3020 Null - ok

00:21:54.0359 3020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

00:21:54.0515 3020 NwlnkFlt - ok

00:21:54.0531 3020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

00:21:54.0640 3020 NwlnkFwd - ok

00:21:54.0703 3020 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

00:21:54.0843 3020 Parport - ok

00:21:54.0875 3020 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

00:21:55.0000 3020 PartMgr - ok

00:21:55.0031 3020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

00:21:55.0156 3020 ParVdm - ok

00:21:55.0203 3020 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

00:21:55.0359 3020 PCI - ok

00:21:55.0375 3020 PCIDump - ok

00:21:55.0375 3020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

00:21:55.0515 3020 PCIIde - ok

00:21:55.0546 3020 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

00:21:55.0640 3020 Pcmcia - ok

00:21:55.0656 3020 PDCOMP - ok

00:21:55.0671 3020 PDFRAME - ok

00:21:55.0671 3020 PDRELI - ok

00:21:55.0687 3020 PDRFRAME - ok

00:21:55.0703 3020 perc2 - ok

00:21:55.0703 3020 perc2hib - ok

00:21:55.0750 3020 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

00:21:55.0859 3020 PptpMiniport - ok

00:21:55.0906 3020 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

00:21:56.0015 3020 PSched - ok

00:21:56.0031 3020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

00:21:56.0140 3020 Ptilink - ok

00:21:56.0140 3020 ql1080 - ok

00:21:56.0156 3020 Ql10wnt - ok

00:21:56.0171 3020 ql12160 - ok

00:21:56.0171 3020 ql1240 - ok

00:21:56.0187 3020 ql1280 - ok

00:21:56.0218 3020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

00:21:56.0328 3020 RasAcd - ok

00:21:56.0359 3020 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

00:21:56.0468 3020 Rasl2tp - ok

00:21:56.0500 3020 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

00:21:56.0609 3020 RasPppoe - ok

00:21:56.0625 3020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

00:21:56.0734 3020 Raspti - ok

00:21:56.0781 3020 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

00:21:56.0906 3020 Rdbss - ok

00:21:56.0921 3020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

00:21:57.0031 3020 RDPCDD - ok

00:21:57.0078 3020 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

00:21:57.0218 3020 rdpdr - ok

00:21:57.0234 3020 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

00:21:57.0359 3020 RDPWD - ok

00:21:57.0406 3020 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

00:21:57.0515 3020 redbook - ok

00:21:57.0625 3020 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

00:21:57.0671 3020 Secdrv - ok

00:21:57.0703 3020 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

00:21:57.0812 3020 serenum - ok

00:21:57.0843 3020 Serial (e21ca4d34fa1800fa896c2aff36c6b5b) C:\WINDOWS\system32\DRIVERS\serial.sys

00:21:57.0843 3020 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: e21ca4d34fa1800fa896c2aff36c6b5b, Fake md5: cd9404d115a00d249f70a371b46d5a26

00:21:57.0843 3020 Serial ( Rootkit.Win32.ZAccess.aml ) - infected

00:21:57.0843 3020 Serial - detected Rootkit.Win32.ZAccess.aml (0)

00:21:57.0890 3020 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

00:21:58.0031 3020 Sfloppy - ok

00:21:58.0046 3020 Simbad - ok

00:21:58.0046 3020 Sparrow - ok

00:21:58.0109 3020 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

00:21:58.0234 3020 splitter - ok

00:21:58.0328 3020 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

00:21:58.0390 3020 sr - ok

00:21:58.0406 3020 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

00:21:58.0546 3020 Srv - ok

00:21:58.0593 3020 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

00:21:58.0640 3020 STAC97 - ok

00:21:58.0671 3020 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

00:21:58.0812 3020 StillCam - ok

00:21:58.0828 3020 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

00:21:59.0000 3020 swenum - ok

00:21:59.0031 3020 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

00:21:59.0234 3020 swmidi - ok

00:21:59.0343 3020 symc810 - ok

00:21:59.0359 3020 symc8xx - ok

00:21:59.0375 3020 sym_hi - ok

00:21:59.0375 3020 sym_u3 - ok

00:21:59.0406 3020 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

00:21:59.0734 3020 sysaudio - ok

00:21:59.0781 3020 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

00:21:59.0984 3020 Tcpip - ok

00:22:00.0015 3020 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

00:22:00.0109 3020 TDPIPE - ok

00:22:00.0171 3020 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

00:22:00.0296 3020 TDTCP - ok

00:22:00.0328 3020 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

00:22:00.0406 3020 TermDD - ok

00:22:00.0421 3020 TosIde - ok

00:22:00.0484 3020 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

00:22:00.0609 3020 Udfs - ok

00:22:00.0640 3020 ultra - ok

00:22:00.0687 3020 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

00:22:00.0812 3020 Update - ok

00:22:00.0859 3020 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

00:22:00.0890 3020 USBAAPL - ok

00:22:00.0937 3020 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

00:22:01.0046 3020 usbehci - ok

00:22:01.0078 3020 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

00:22:01.0218 3020 usbhub - ok

00:22:01.0250 3020 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

00:22:01.0359 3020 usbscan - ok

00:22:01.0421 3020 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

00:22:01.0546 3020 USBSTOR - ok

00:22:01.0593 3020 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

00:22:01.0718 3020 usbuhci - ok

00:22:01.0796 3020 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

00:22:01.0937 3020 VgaSave - ok

00:22:01.0953 3020 ViaIde - ok

00:22:01.0984 3020 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

00:22:02.0125 3020 VolSnap - ok

00:22:02.0250 3020 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys

00:22:02.0421 3020 w29n51 - ok

00:22:02.0531 3020 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

00:22:02.0718 3020 Wanarp - ok

00:22:02.0828 3020 wceusbsh (b85b448fd2c398970382a28e47cf4bc6) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

00:22:03.0078 3020 wceusbsh - ok

00:22:03.0156 3020 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

00:22:03.0171 3020 Wdf01000 - ok

00:22:03.0187 3020 WDICA - ok

00:22:03.0265 3020 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

00:22:03.0375 3020 wdmaud - ok

00:22:03.0437 3020 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

00:22:03.0515 3020 winachsf - ok

00:22:03.0625 3020 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

00:22:03.0656 3020 WpdUsb - ok

00:22:03.0703 3020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

00:22:03.0765 3020 WudfPf - ok

00:22:03.0796 3020 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

00:22:03.0828 3020 WudfRd - ok

00:22:03.0859 3020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

00:22:04.0125 3020 \Device\Harddisk0\DR0 - ok

00:22:04.0140 3020 Boot (0x1200) (2c4e9e80fc1185db21d870d3d8a6a99a) \Device\Harddisk0\DR0\Partition0

00:22:04.0140 3020 \Device\Harddisk0\DR0\Partition0 - ok

00:22:04.0140 3020 ============================================================

00:22:04.0140 3020 Scan finished

00:22:04.0140 3020 ============================================================

00:22:04.0265 0504 Detected object count: 2

00:22:04.0265 0504 Actual detected object count: 2

00:22:51.0718 0504 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

00:22:51.0718 0504 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:22:51.0937 0504 Backup copy found, using it..

00:22:51.0953 0504 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot

00:22:53.0718 0504 Serial ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure

00:22:59.0562 2960 Deinitialize success

Link to post
Share on other sites

Ran new copy. Unassigned file cercsr6 was detected, but I skipped it rather than delete it for now. Here is the latest log. Thank you again for helping me!!

15:10:10.0906 0584 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

15:10:11.0531 0584 ============================================================

15:10:11.0531 0584 Current date / time: 2011/12/26 15:10:11.0531

15:10:11.0531 0584 SystemInfo:

15:10:11.0531 0584

15:10:11.0531 0584 OS Version: 5.1.2600 ServicePack: 2.0

15:10:11.0531 0584 Product type: Workstation

15:10:11.0531 0584 ComputerName: DELL-62052

15:10:11.0531 0584 UserName: D810

15:10:11.0531 0584 Windows directory: C:\WINDOWS

15:10:11.0531 0584 System windows directory: C:\WINDOWS

15:10:11.0531 0584 Processor architecture: Intel x86

15:10:11.0531 0584 Number of processors: 1

15:10:11.0531 0584 Page size: 0x1000

15:10:11.0531 0584 Boot type: Normal boot

15:10:11.0531 0584 ============================================================

15:10:13.0109 0584 Initialize success

15:10:24.0093 2244 ============================================================

15:10:24.0093 2244 Scan started

15:10:24.0093 2244 Mode: Manual; SigCheck; TDLFS;

15:10:24.0093 2244 ============================================================

15:10:25.0734 2244 Abiosdsk - ok

15:10:25.0750 2244 abp480n5 - ok

15:10:25.0812 2244 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:10:27.0796 2244 ACPI - ok

15:10:27.0921 2244 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:10:28.0156 2244 ACPIEC - ok

15:10:28.0171 2244 adpu160m - ok

15:10:28.0218 2244 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

15:10:28.0328 2244 aec - ok

15:10:28.0359 2244 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

15:10:28.0484 2244 AFD - ok

15:10:28.0484 2244 Aha154x - ok

15:10:28.0500 2244 aic78u2 - ok

15:10:28.0515 2244 aic78xx - ok

15:10:28.0531 2244 AliIde - ok

15:10:28.0546 2244 amsint - ok

15:10:28.0562 2244 asc - ok

15:10:28.0562 2244 asc3350p - ok

15:10:28.0578 2244 asc3550 - ok

15:10:28.0625 2244 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:10:28.0718 2244 AsyncMac - ok

15:10:28.0750 2244 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:10:28.0859 2244 atapi - ok

15:10:28.0875 2244 Atdisk - ok

15:10:28.0984 2244 ati2mtag (2a6c99cfdc23c9c26d0e30b1c99748d4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

15:10:29.0125 2244 ati2mtag - ok

15:10:29.0203 2244 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:10:29.0328 2244 Atmarpc - ok

15:10:29.0375 2244 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:10:29.0546 2244 audstub - ok

15:10:29.0562 2244 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

15:10:29.0593 2244 b57w2k - ok

15:10:29.0609 2244 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

15:10:29.0687 2244 BCM43XX - ok

15:10:29.0718 2244 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:10:29.0812 2244 Beep - ok

15:10:29.0859 2244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:10:29.0953 2244 cbidf2k - ok

15:10:29.0968 2244 cd20xrnt - ok

15:10:29.0984 2244 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:10:30.0078 2244 Cdaudio - ok

15:10:30.0125 2244 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

15:10:30.0250 2244 Cdfs - ok

15:10:30.0265 2244 Cdrom - ok

15:10:30.0296 2244 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

15:10:30.0312 2244 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

15:10:30.0312 2244 cercsr6 - detected UnsignedFile.Multi.Generic (1)

15:10:30.0375 2244 Changer - ok

15:10:30.0390 2244 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:10:30.0531 2244 CmBatt - ok

15:10:30.0546 2244 CmdIde - ok

15:10:30.0578 2244 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:10:30.0984 2244 Compbatt - ok

15:10:31.0000 2244 Cpqarray - ok

15:10:31.0015 2244 dac2w2k - ok

15:10:31.0031 2244 dac960nt - ok

15:10:31.0062 2244 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

15:10:31.0234 2244 Disk - ok

15:10:31.0296 2244 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

15:10:31.0609 2244 dmboot - ok

15:10:31.0625 2244 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

15:10:31.0750 2244 dmio - ok

15:10:31.0781 2244 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:10:31.0875 2244 dmload - ok

15:10:31.0921 2244 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

15:10:32.0031 2244 DMusic - ok

15:10:32.0109 2244 dpti2o - ok

15:10:32.0156 2244 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

15:10:32.0250 2244 drmkaud - ok

15:10:32.0312 2244 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

15:10:32.0421 2244 Fastfat - ok

15:10:32.0453 2244 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

15:10:32.0578 2244 Fdc - ok

15:10:32.0593 2244 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

15:10:32.0734 2244 Fips - ok

15:10:32.0734 2244 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:10:32.0859 2244 Flpydisk - ok

15:10:32.0906 2244 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

15:10:33.0031 2244 FltMgr - ok

15:10:33.0046 2244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:10:33.0171 2244 Fs_Rec - ok

15:10:33.0187 2244 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:10:33.0312 2244 Ftdisk - ok

15:10:33.0343 2244 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:10:33.0359 2244 GEARAspiWDM - ok

15:10:33.0375 2244 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:10:33.0500 2244 Gpc - ok

15:10:33.0531 2244 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

15:10:33.0562 2244 GTIPCI21 - ok

15:10:33.0625 2244 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:10:33.0703 2244 HidUsb - ok

15:10:33.0765 2244 hpn - ok

15:10:33.0828 2244 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

15:10:33.0859 2244 HSFHWICH - ok

15:10:33.0968 2244 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS

15:10:34.0093 2244 HSF_DPV - ok

15:10:34.0140 2244 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

15:10:34.0312 2244 HTTP - ok

15:10:34.0375 2244 i2omgmt - ok

15:10:34.0390 2244 i2omp - ok

15:10:34.0421 2244 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:10:34.0640 2244 i8042prt - ok

15:10:34.0671 2244 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:10:34.0765 2244 Imapi - ok

15:10:34.0781 2244 ini910u - ok

15:10:34.0828 2244 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

15:10:34.0906 2244 IntelIde - ok

15:10:34.0968 2244 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:10:35.0078 2244 intelppm - ok

15:10:35.0109 2244 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

15:10:35.0218 2244 Ip6Fw - ok

15:10:35.0250 2244 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:10:35.0359 2244 IpFilterDriver - ok

15:10:35.0375 2244 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:10:35.0484 2244 IpInIp - ok

15:10:35.0531 2244 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:10:35.0625 2244 IpNat - ok

15:10:35.0656 2244 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:10:35.0750 2244 IPSec - ok

15:10:35.0781 2244 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:10:35.0812 2244 IRENUM - ok

15:10:35.0828 2244 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:10:35.0937 2244 isapnp - ok

15:10:35.0968 2244 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:10:36.0062 2244 Kbdclass - ok

15:10:36.0125 2244 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

15:10:36.0234 2244 kmixer - ok

15:10:36.0296 2244 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

15:10:36.0406 2244 KSecDD - ok

15:10:36.0421 2244 lbrtfdc - ok

15:10:36.0437 2244 MBAMSwissArmy - ok

15:10:36.0453 2244 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

15:10:36.0484 2244 mdmxsdk - ok

15:10:36.0500 2244 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:10:36.0609 2244 mnmdd - ok

15:10:36.0656 2244 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

15:10:36.0765 2244 Modem - ok

15:10:36.0781 2244 motccgp - ok

15:10:36.0781 2244 motccgpfl - ok

15:10:36.0796 2244 motmodem - ok

15:10:36.0812 2244 motport - ok

15:10:36.0843 2244 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:10:36.0968 2244 Mouclass - ok

15:10:37.0015 2244 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:10:37.0125 2244 mouhid - ok

15:10:37.0156 2244 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

15:10:37.0312 2244 MountMgr - ok

15:10:37.0312 2244 mraid35x - ok

15:10:37.0328 2244 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:10:37.0484 2244 MRxDAV - ok

15:10:37.0531 2244 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:10:37.0640 2244 MRxSmb - ok

15:10:37.0703 2244 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

15:10:37.0796 2244 Msfs - ok

15:10:37.0828 2244 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:10:37.0937 2244 MSKSSRV - ok

15:10:37.0953 2244 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:10:38.0046 2244 MSPCLOCK - ok

15:10:38.0046 2244 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

15:10:38.0140 2244 MSPQM - ok

15:10:38.0187 2244 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:10:38.0296 2244 mssmbios - ok

15:10:38.0312 2244 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

15:10:38.0406 2244 Mup - ok

15:10:38.0453 2244 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

15:10:38.0546 2244 NDIS - ok

15:10:38.0593 2244 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:10:38.0703 2244 NdisTapi - ok

15:10:38.0734 2244 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:10:38.0859 2244 Ndisuio - ok

15:10:38.0859 2244 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:10:38.0968 2244 NdisWan - ok

15:10:38.0984 2244 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

15:10:39.0078 2244 NDProxy - ok

15:10:39.0109 2244 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:10:39.0234 2244 NetBIOS - ok

15:10:39.0265 2244 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:10:39.0390 2244 NetBT - ok

15:10:39.0468 2244 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

15:10:39.0750 2244 Npfs - ok

15:10:39.0812 2244 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

15:10:39.0984 2244 Ntfs - ok

15:10:40.0031 2244 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:10:40.0140 2244 Null - ok

15:10:40.0218 2244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:10:40.0390 2244 NwlnkFlt - ok

15:10:40.0406 2244 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:10:40.0578 2244 NwlnkFwd - ok

15:10:40.0671 2244 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

15:10:40.0843 2244 Parport - ok

15:10:41.0031 2244 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

15:10:41.0187 2244 PartMgr - ok

15:10:41.0218 2244 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:10:41.0375 2244 ParVdm - ok

15:10:41.0468 2244 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

15:10:41.0640 2244 PCI - ok

15:10:41.0656 2244 PCIDump - ok

15:10:41.0671 2244 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

15:10:41.0890 2244 PCIIde - ok

15:10:41.0921 2244 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

15:10:42.0093 2244 Pcmcia - ok

15:10:42.0109 2244 PDCOMP - ok

15:10:42.0125 2244 PDFRAME - ok

15:10:42.0140 2244 PDRELI - ok

15:10:42.0156 2244 PDRFRAME - ok

15:10:42.0156 2244 perc2 - ok

15:10:42.0171 2244 perc2hib - ok

15:10:42.0234 2244 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:10:42.0421 2244 PptpMiniport - ok

15:10:42.0437 2244 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

15:10:42.0609 2244 PSched - ok

15:10:42.0640 2244 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:10:42.0765 2244 Ptilink - ok

15:10:42.0781 2244 ql1080 - ok

15:10:42.0781 2244 Ql10wnt - ok

15:10:42.0796 2244 ql12160 - ok

15:10:42.0812 2244 ql1240 - ok

15:10:42.0812 2244 ql1280 - ok

15:10:42.0859 2244 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:10:42.0937 2244 RasAcd - ok

15:10:42.0984 2244 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:10:43.0062 2244 Rasl2tp - ok

15:10:43.0093 2244 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:10:43.0187 2244 RasPppoe - ok

15:10:43.0203 2244 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:10:43.0281 2244 Raspti - ok

15:10:43.0328 2244 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:10:43.0437 2244 Rdbss - ok

15:10:43.0484 2244 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:10:43.0578 2244 RDPCDD - ok

15:10:43.0640 2244 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:10:43.0734 2244 rdpdr - ok

15:10:43.0765 2244 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

15:10:43.0875 2244 RDPWD - ok

15:10:43.0906 2244 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:10:44.0015 2244 redbook - ok

15:10:44.0125 2244 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:10:44.0203 2244 Secdrv - ok

15:10:44.0234 2244 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:10:44.0343 2244 serenum - ok

15:10:44.0390 2244 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

15:10:44.0515 2244 Serial - ok

15:10:44.0531 2244 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:10:44.0703 2244 Sfloppy - ok

15:10:44.0718 2244 Simbad - ok

15:10:44.0734 2244 Sparrow - ok

15:10:44.0765 2244 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

15:10:44.0859 2244 splitter - ok

15:10:44.0937 2244 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

15:10:44.0984 2244 sr - ok

15:10:45.0015 2244 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

15:10:45.0171 2244 Srv - ok

15:10:45.0250 2244 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

15:10:45.0296 2244 STAC97 - ok

15:10:45.0359 2244 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

15:10:45.0484 2244 StillCam - ok

15:10:45.0500 2244 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:10:45.0656 2244 swenum - ok

15:10:45.0687 2244 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

15:10:45.0843 2244 swmidi - ok

15:10:45.0859 2244 symc810 - ok

15:10:45.0875 2244 symc8xx - ok

15:10:45.0906 2244 sym_hi - ok

15:10:45.0906 2244 sym_u3 - ok

15:10:45.0953 2244 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

15:10:46.0109 2244 sysaudio - ok

15:10:46.0171 2244 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:10:46.0312 2244 Tcpip - ok

15:10:46.0390 2244 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:10:46.0531 2244 TDPIPE - ok

15:10:46.0546 2244 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

15:10:46.0750 2244 TDTCP - ok

15:10:46.0796 2244 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:10:46.0968 2244 TermDD - ok

15:10:46.0984 2244 TosIde - ok

15:10:47.0031 2244 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

15:10:47.0218 2244 Udfs - ok

15:10:47.0234 2244 ultra - ok

15:10:47.0250 2244 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

15:10:47.0421 2244 Update - ok

15:10:47.0546 2244 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

15:10:47.0593 2244 USBAAPL - ok

15:10:47.0625 2244 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:10:47.0734 2244 usbehci - ok

15:10:47.0750 2244 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:10:47.0875 2244 usbhub - ok

15:10:47.0937 2244 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:10:48.0031 2244 usbscan - ok

15:10:48.0125 2244 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:10:48.0250 2244 USBSTOR - ok

15:10:48.0265 2244 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:10:48.0390 2244 usbuhci - ok

15:10:48.0421 2244 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

15:10:48.0578 2244 VgaSave - ok

15:10:48.0593 2244 ViaIde - ok

15:10:48.0640 2244 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

15:10:48.0781 2244 VolSnap - ok

15:10:48.0906 2244 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys

15:10:49.0093 2244 w29n51 - ok

15:10:49.0218 2244 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:10:49.0421 2244 Wanarp - ok

15:10:49.0531 2244 wceusbsh (b85b448fd2c398970382a28e47cf4bc6) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

15:10:49.0796 2244 wceusbsh - ok

15:10:49.0843 2244 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

15:10:49.0875 2244 Wdf01000 - ok

15:10:49.0968 2244 WDICA - ok

15:10:50.0046 2244 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

15:10:50.0250 2244 wdmaud - ok

15:10:50.0328 2244 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

15:10:50.0421 2244 winachsf - ok

15:10:50.0484 2244 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

15:10:50.0515 2244 WpdUsb - ok

15:10:50.0546 2244 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:10:50.0593 2244 WudfPf - ok

15:10:50.0656 2244 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:10:50.0687 2244 WudfRd - ok

15:10:50.0718 2244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:10:51.0015 2244 \Device\Harddisk0\DR0 - ok

15:10:51.0031 2244 Boot (0x1200) (2c4e9e80fc1185db21d870d3d8a6a99a) \Device\Harddisk0\DR0\Partition0

15:10:51.0031 2244 \Device\Harddisk0\DR0\Partition0 - ok

15:10:51.0031 2244 ============================================================

15:10:51.0031 2244 Scan finished

15:10:51.0031 2244 ============================================================

15:10:51.0156 1624 Detected object count: 1

15:10:51.0156 1624 Actual detected object count: 1

15:16:29.0562 1624 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

15:16:29.0562 1624 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:16:37.0000 1232 Deinitialize success

Link to post
Share on other sites

Done as requested. Found something as noted below.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.28.01

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

D810 :: DELL-62052 [administrator]

12/27/2011 9:45:07 PM

mbam-log-2011-12-27 (21-45-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 178049

Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\D810\Local Settings\Temp\0.960122319290339.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Combofix run, here is the file. Just an observation, everything seemed to be going fine but the XP antithing popped up just as I was typing to you everything was fine. Not sure what triggered it or delayed it popping back up. When it did I noticed a program yao.exe running in processes.

ComboFix 11-12-28.03 - D810 12/28/2011 15:38:35.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1711 [GMT -5:00]

Running from: c:\documents and settings\D810\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\D810\Local Settings\Application Data\yoa.exe

c:\documents and settings\NetworkService\Local Settings\Application Data\ulbrnii.dll

c:\windows\$NtUninstallKB8816$

c:\windows\$NtUninstallKB8816$\1433324908

c:\windows\$NtUninstallKB8816$\3732143107\@

c:\windows\$NtUninstallKB8816$\3732143107\bckfg.tmp

c:\windows\$NtUninstallKB8816$\3732143107\cfg.ini

c:\windows\$NtUninstallKB8816$\3732143107\Desktop.ini

c:\windows\$NtUninstallKB8816$\3732143107\keywords

c:\windows\$NtUninstallKB8816$\3732143107\kwrd.dll

c:\windows\$NtUninstallKB8816$\3732143107\L\cyabhhce

c:\windows\$NtUninstallKB8816$\3732143107\U\00000001.@

c:\windows\$NtUninstallKB8816$\3732143107\U\00000002.@

c:\windows\$NtUninstallKB8816$\3732143107\U\00000004.@

c:\windows\$NtUninstallKB8816$\3732143107\U\80000000.@

c:\windows\$NtUninstallKB8816$\3732143107\U\80000004.@

c:\windows\$NtUninstallKB8816$\3732143107\U\80000032.@

c:\windows\system32\sqlesw32.dll

.

c:\windows\system32\drivers\cdrom.sys was missing

Restored copy from - c:\windows\system32\dllcache\cdrom.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

-------\Service_6to4

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))

.

.

2011-12-28 20:44 . 2004-08-04 03:59 49536 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-28 20:44 . 2004-08-04 03:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-25 13:30 . 2011-12-25 13:30 -------- d-----w- C:\_OTL

2011-12-24 01:53 . 2011-12-24 01:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-12-23 22:33 . 2011-12-23 22:34 -------- d-----w- c:\documents and settings\Administrator

2011-12-08 03:49 . 2011-12-08 03:49 -------- d-----w- c:\program files\iPod

2011-12-08 03:49 . 2011-12-08 03:50 -------- d-----w- c:\program files\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-28 19:47 . 2004-08-04 10:00 64896 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-10 20:24 . 2011-04-08 02:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-18 10:31 . 2011-06-20 11:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-31 273544]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

.

c:\documents and settings\D810\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2011-6-15 253952]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=

.

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/25/2009 3:01 AM 88192]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 12:20 PM 136176]

S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe --> c:\program files\Motorola\MotoHelper\MotoHelperService.exe [?]

S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [8/4/2004 5:00 AM 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 12:20 PM 136176]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Sqlses REG_MULTI_SZ SqlCSS

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1778200288-313098189-2685242751-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1778200288-313098189-2685242751-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://frontier.my.yahoo.com/

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\D810\Application Data\Mozilla\Firefox\Profiles\wrue3wzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

.

Notify-Sqlseses - sqlesw32.dll

SafeBoot-32826074.sys

SafeBoot-73645469.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-28 15:47

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,b7,be,d7,d0,e0,95,48,b2,9f,ec,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,b7,be,d7,d0,e0,95,48,b2,9f,ec,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(832)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(4008)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\progra~1\WINDOW~4\Datamngr\DATAMN~1.EXE

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-12-28 15:50:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-28 20:49

.

Pre-Run: 57,863,000,064 bytes free

Post-Run: 57,872,523,264 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 850E4BBDE24308C241F1E84781E8E208

Link to post
Share on other sites

Combofix reloaded and ran. Here is the text file.

ComboFix 11-12-29.05 - D810 12/29/2011 19:12:31.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1544 [GMT -5:00]

Running from: c:\documents and settings\D810\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\D810\Local Settings\Application Data\rbb.exe

c:\documents and settings\D810\Templates\jty15vx11ia5vhwasqdk727331b5tml672i75xdgte8

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))

.

.

2011-12-28 20:44 . 2004-08-04 03:59 49536 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-28 20:44 . 2004-08-04 03:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-25 13:30 . 2011-12-25 13:30 -------- d-----w- C:\_OTL

2011-12-24 01:53 . 2011-12-24 01:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-12-23 22:33 . 2011-12-23 22:34 -------- d-----w- c:\documents and settings\Administrator

2011-12-08 03:49 . 2011-12-08 03:49 -------- d-----w- c:\program files\iPod

2011-12-08 03:49 . 2011-12-08 03:50 -------- d-----w- c:\program files\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-28 19:47 . 2004-08-04 10:00 64896 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-10 20:24 . 2011-04-08 02:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-18 10:31 . 2011-06-20 11:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-28_20.46.56 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 10:00 . 2011-12-28 20:42 40394 c:\windows\system32\perfc009.dat

+ 2004-08-04 10:00 . 2011-12-28 20:51 40394 c:\windows\system32\perfc009.dat

+ 2004-08-04 10:00 . 2011-12-28 20:51 312172 c:\windows\system32\perfh009.dat

- 2004-08-04 10:00 . 2011-12-28 20:42 312172 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-31 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-31 273544]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

.

c:\documents and settings\D810\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2011-6-15 253952]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=

.

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/25/2009 3:01 AM 88192]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 12:20 PM 136176]

S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe --> c:\program files\Motorola\MotoHelper\MotoHelperService.exe [?]

S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [8/4/2004 5:00 AM 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 12:20 PM 136176]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - GUPDATEM

*NewlyCreated* - GUSVC

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Sqlses REG_MULTI_SZ SqlCSS

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1778200288-313098189-2685242751-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-12-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1778200288-313098189-2685242751-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://frontier.my.yahoo.com/

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\D810\Application Data\Mozilla\Firefox\Profiles\wrue3wzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-29 19:19

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,b7,be,d7,d0,e0,95,48,b2,9f,ec,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,b7,be,d7,d0,e0,95,48,b2,9f,ec,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(832)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-12-29 19:21:46

ComboFix-quarantined-files.txt 2011-12-30 00:21

ComboFix2.txt 2011-12-29 05:32

ComboFix3.txt 2011-12-28 20:50

.

Pre-Run: 57,848,455,168 bytes free

Post-Run: 57,845,088,256 bytes free

.

- - End Of File - - DAA00C5C52654476C661B36F07CF684C

Link to post
Share on other sites

Already done, here's the file. Ran it again with no findings. Also reloaded Combofix with not findings and ran tdskiller with no findings. Cleaned the registry with Ccleaner and ran Combofix again with no findings. Things seem to be operating normally, but will it be in 24 hours?

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.28.01

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

D810 :: DELL-62052 [administrator]

12/29/2011 8:00:11 PM

mbam-log-2011-12-29 (20-00-11).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214122

Time elapsed: 20 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\D810\Local Settings\Application Data\yoa.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\D810\Local Settings\Application Data\yoa.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\D810\Local Settings\Application Data\yoa.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\Documents and Settings\D810\My Documents\46VbSy6x.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\D810\Local Settings\Application Data\yoa.exe.vir (Trojan.FakeAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C6972A65-9918-4E24-AA75-601FE06A17BD}\RP265\A0131861.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C6972A65-9918-4E24-AA75-601FE06A17BD}\RP270\A0133949.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

C:\_OTL\MovedFiles\12252011_083045\C_Documents and Settings\All Users\Application Data\iiXmTlQ6.exe (Trojan.Email) -> Quarantined and deleted successfully.

C:\_OTL\MovedFiles\12252011_083045\C_WINDOWS\system32\EJSfc8.com (Trojan.Krypt) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Will do, in the mean time I rebooted, update MBAM and ran it again. Found something again, file listed below. Do you think there's something buried in the registry regenerating this thing?

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.30.01

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

D810 :: DELL-62052 [administrator]

12/29/2011 10:47:08 PM

mbam-log-2011-12-29 (22-47-08).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214799

Time elapsed: 21 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Documents and Settings\D810\Application Data\Sun\Java\Deployment\cache\6.0\44\68619c2c-15b3ba40 (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\D810\Local Settings\Application Data\rbb.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.