malware installed but now error "Windows cannot access the specified..."

[karr]

To start:

Code 19 error for network drivers.

Tried to restore to an earlier date - unsuccessful.

Tried to run mcafee - unsuccessful.

Tried to uninstal network drivers - unsuccessful.

Downloaded Malwarebytes. Installed. Started a full scan and then it quit.

Now I get the error, "Windows cannot access the specified..."

This is on a netbook with no current net access. A working pc and thumbdrive are available.

Please help!

Thanks!

[karr]

forgot to add it's an xp.

[karr]

After seeing instructions for other uses I ran the TDSSkiller and DDS. Results below:

00:43:24.0156 4000 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

00:43:24.0171 4000 ============================================================

00:43:24.0171 4000 Current date / time: 2011/09/28 00:43:24.0171

00:43:24.0171 4000 SystemInfo:

00:43:24.0171 4000

00:43:24.0171 4000 OS Version: 5.1.2600 ServicePack: 3.0

00:43:24.0171 4000 Product type: Workstation

00:43:24.0171 4000 ComputerName: SQUIDLY

00:43:24.0171 4000 UserName: Karla Reece

00:43:24.0171 4000 Windows directory: C:\WINDOWS

00:43:24.0171 4000 System windows directory: C:\WINDOWS

00:43:24.0281 4000 Processor architecture: Intel x86

00:43:24.0281 4000 Number of processors: 2

00:43:24.0281 4000 Page size: 0x1000

00:43:24.0281 4000 Boot type: Normal boot

00:43:24.0281 4000 ============================================================

00:43:25.0843 4000 Initialize success

00:43:28.0734 3304 ============================================================

00:43:28.0734 3304 Scan started

00:43:28.0734 3304 Mode: Manual;

00:43:28.0734 3304 ============================================================

00:43:29.0640 3304 ab391c51 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1360804267:1422320558.exe

00:43:29.0718 3304 Suspicious file (Hidden): C:\WINDOWS\1360804267:1422320558.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

00:43:29.0718 3304 ab391c51 ( HiddenFile.Multi.Generic ) - warning

00:43:29.0718 3304 ab391c51 - detected HiddenFile.Multi.Generic (1)

00:43:29.0765 3304 Abiosdsk - ok

00:43:29.0781 3304 abp480n5 - ok

00:43:29.0843 3304 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

00:43:29.0843 3304 ACPI - ok

00:43:29.0875 3304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

00:43:29.0890 3304 ACPIEC - ok

00:43:29.0906 3304 adpu160m - ok

00:43:29.0953 3304 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

00:43:29.0968 3304 aec - ok

00:43:30.0015 3304 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

00:43:30.0015 3304 AFD - ok

00:43:30.0031 3304 Aha154x - ok

00:43:30.0046 3304 aic78u2 - ok

00:43:30.0062 3304 aic78xx - ok

00:43:30.0093 3304 AliIde - ok

00:43:30.0125 3304 amsint - ok

00:43:30.0234 3304 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys

00:43:30.0265 3304 AR5416 - ok

00:43:30.0281 3304 asc - ok

00:43:30.0296 3304 asc3350p - ok

00:43:30.0312 3304 asc3550 - ok

00:43:30.0375 3304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

00:43:30.0390 3304 AsyncMac - ok

00:43:30.0531 3304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

00:43:30.0531 3304 atapi - ok

00:43:30.0765 3304 Atdisk - ok

00:43:30.0828 3304 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

00:43:30.0843 3304 Atmarpc - ok

00:43:30.0875 3304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

00:43:30.0890 3304 audstub - ok

00:43:30.0906 3304 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

00:43:30.0906 3304 Beep - ok

00:43:31.0000 3304 BTKRNL (48aad36baefb7820bfeb986763226905) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

00:43:31.0015 3304 BTKRNL - ok

00:43:31.0062 3304 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys

00:43:31.0062 3304 BTWUSB - ok

00:43:31.0125 3304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

00:43:31.0125 3304 cbidf2k - ok

00:43:31.0156 3304 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

00:43:31.0156 3304 CCDECODE - ok

00:43:31.0171 3304 cd20xrnt - ok

00:43:31.0203 3304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

00:43:31.0203 3304 Cdaudio - ok

00:43:31.0250 3304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

00:43:31.0250 3304 Cdfs - ok

00:43:31.0265 3304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

00:43:31.0265 3304 Cdrom - ok

00:43:31.0281 3304 Changer - ok

00:43:31.0343 3304 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

00:43:31.0343 3304 CmBatt - ok

00:43:31.0359 3304 CmdIde - ok

00:43:31.0390 3304 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

00:43:31.0390 3304 Compbatt - ok

00:43:31.0421 3304 Cpqarray - ok

00:43:31.0453 3304 dac2w2k - ok

00:43:31.0468 3304 dac960nt - ok

00:43:31.0500 3304 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

00:43:31.0500 3304 Disk - ok

00:43:31.0578 3304 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

00:43:31.0593 3304 dmboot - ok

00:43:31.0640 3304 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

00:43:31.0656 3304 dmio - ok

00:43:31.0687 3304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

00:43:31.0703 3304 dmload - ok

00:43:31.0750 3304 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

00:43:31.0765 3304 DMusic - ok

00:43:31.0812 3304 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys

00:43:31.0812 3304 DNSeFilter - ok

00:43:31.0859 3304 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS

00:43:31.0859 3304 DOSMEMIO - ok

00:43:31.0875 3304 dpti2o - ok

00:43:31.0906 3304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

00:43:31.0906 3304 drmkaud - ok

00:43:31.0968 3304 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

00:43:31.0968 3304 Fastfat - ok

00:43:32.0000 3304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

00:43:32.0000 3304 Fdc - ok

00:43:32.0046 3304 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

00:43:32.0046 3304 Fips - ok

00:43:32.0062 3304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

00:43:32.0078 3304 Flpydisk - ok

00:43:32.0125 3304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

00:43:32.0140 3304 FltMgr - ok

00:43:32.0171 3304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

00:43:32.0171 3304 Fs_Rec - ok

00:43:32.0187 3304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

00:43:32.0203 3304 Ftdisk - ok

00:43:32.0250 3304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

00:43:32.0250 3304 GEARAspiWDM - ok

00:43:32.0281 3304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

00:43:32.0296 3304 Gpc - ok

00:43:32.0390 3304 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

00:43:32.0390 3304 HDAudBus - ok

00:43:32.0453 3304 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

00:43:32.0453 3304 HidUsb - ok

00:43:32.0484 3304 hpn - ok

00:43:32.0546 3304 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

00:43:32.0562 3304 HTTP - ok

00:43:32.0578 3304 i2omgmt - ok

00:43:32.0609 3304 i2omp - ok

00:43:32.0656 3304 i8042prt (991da51d7726402ed767bd11a03a2941) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

00:43:32.0656 3304 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 991da51d7726402ed767bd11a03a2941, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30

00:43:32.0656 3304 i8042prt ( ForgedFile.Multi.Generic ) - warning

00:43:32.0656 3304 i8042prt - detected ForgedFile.Multi.Generic (1)

00:43:32.0906 3304 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

00:43:33.0078 3304 ialm - ok

00:43:33.0203 3304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

00:43:33.0203 3304 Imapi - ok

00:43:33.0234 3304 ini910u - ok

00:43:33.0437 3304 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys

00:43:33.0531 3304 IntcAzAudAddService - ok

00:43:33.0609 3304 IntelIde - ok

00:43:33.0656 3304 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

00:43:33.0656 3304 intelppm - ok

00:43:33.0687 3304 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

00:43:33.0687 3304 Ip6Fw - ok

00:43:33.0703 3304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

00:43:33.0703 3304 IpFilterDriver - ok

00:43:33.0718 3304 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

00:43:33.0718 3304 IpInIp - ok

00:43:33.0750 3304 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

00:43:33.0750 3304 IpNat - ok

00:43:33.0781 3304 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

00:43:33.0796 3304 IPSec - ok

00:43:33.0828 3304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

00:43:33.0828 3304 IRENUM - ok

00:43:33.0875 3304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

00:43:33.0890 3304 isapnp - ok

00:43:33.0921 3304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

00:43:33.0921 3304 Kbdclass - ok

00:43:33.0968 3304 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

00:43:33.0968 3304 kmixer - ok

00:43:34.0000 3304 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

00:43:34.0015 3304 KSecDD - ok

00:43:34.0031 3304 lbrtfdc - ok

00:43:34.0109 3304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

00:43:34.0109 3304 mnmdd - ok

00:43:34.0156 3304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

00:43:34.0171 3304 Modem - ok

00:43:34.0203 3304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

00:43:34.0203 3304 Mouclass - ok

00:43:34.0250 3304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

00:43:34.0250 3304 mouhid - ok

00:43:34.0281 3304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

00:43:34.0296 3304 MountMgr - ok

00:43:34.0296 3304 mraid35x - ok

00:43:34.0343 3304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

00:43:34.0343 3304 MRxDAV - ok

00:43:34.0406 3304 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

00:43:34.0421 3304 MRxSmb - ok

00:43:34.0453 3304 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

00:43:34.0453 3304 Msfs - ok

00:43:34.0515 3304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

00:43:34.0515 3304 MSKSSRV - ok

00:43:34.0546 3304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

00:43:34.0546 3304 MSPCLOCK - ok

00:43:34.0562 3304 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

00:43:34.0578 3304 MSPQM - ok

00:43:34.0593 3304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

00:43:34.0609 3304 mssmbios - ok

00:43:34.0625 3304 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

00:43:34.0625 3304 MSTEE - ok

00:43:34.0671 3304 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

00:43:34.0671 3304 Mup - ok

00:43:34.0687 3304 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

00:43:34.0687 3304 NABTSFEC - ok

00:43:34.0765 3304 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

00:43:34.0765 3304 NDIS - ok

00:43:34.0781 3304 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

00:43:34.0781 3304 NdisIP - ok

00:43:34.0828 3304 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

00:43:34.0828 3304 NdisTapi - ok

00:43:34.0875 3304 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

00:43:34.0875 3304 Ndisuio - ok

00:43:34.0890 3304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

00:43:34.0890 3304 NdisWan - ok

00:43:34.0921 3304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

00:43:34.0921 3304 NDProxy - ok

00:43:34.0953 3304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

00:43:34.0953 3304 NetBIOS - ok

00:43:35.0000 3304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

00:43:35.0000 3304 NetBT - ok

00:43:35.0046 3304 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

00:43:35.0046 3304 Npfs - ok

00:43:35.0093 3304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

00:43:35.0109 3304 Ntfs - ok

00:43:35.0171 3304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

00:43:35.0171 3304 Null - ok

00:43:35.0234 3304 NWADI (c83766c4a147159254ff16f1a6c9dc6e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

00:43:35.0234 3304 NWADI - ok

00:43:35.0265 3304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

00:43:35.0265 3304 NwlnkFlt - ok

00:43:35.0296 3304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

00:43:35.0296 3304 NwlnkFwd - ok

00:43:35.0359 3304 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys

00:43:35.0359 3304 NWUSBCDFIL - ok

00:43:35.0406 3304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

00:43:35.0406 3304 Parport - ok

00:43:35.0437 3304 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

00:43:35.0437 3304 PartMgr - ok

00:43:35.0484 3304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

00:43:35.0484 3304 ParVdm - ok

00:43:35.0515 3304 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

00:43:35.0531 3304 PCI - ok

00:43:35.0531 3304 PCIDump - ok

00:43:35.0562 3304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

00:43:35.0562 3304 PCIIde - ok

00:43:35.0593 3304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

00:43:35.0609 3304 Pcmcia - ok

00:43:35.0625 3304 PDCOMP - ok

00:43:35.0640 3304 PDFRAME - ok

00:43:35.0656 3304 PDRELI - ok

00:43:35.0671 3304 PDRFRAME - ok

00:43:35.0687 3304 perc2 - ok

00:43:35.0718 3304 perc2hib - ok

00:43:35.0796 3304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

00:43:35.0796 3304 PptpMiniport - ok

00:43:35.0828 3304 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

00:43:35.0828 3304 PSched - ok

00:43:35.0859 3304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

00:43:35.0859 3304 Ptilink - ok

00:43:35.0890 3304 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

00:43:35.0890 3304 PxHelp20 - ok

00:43:35.0906 3304 ql1080 - ok

00:43:35.0937 3304 Ql10wnt - ok

00:43:35.0953 3304 ql12160 - ok

00:43:35.0968 3304 ql1240 - ok

00:43:35.0984 3304 ql1280 - ok

00:43:36.0031 3304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

00:43:36.0031 3304 RasAcd - ok

00:43:36.0062 3304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

00:43:36.0062 3304 Rasl2tp - ok

00:43:36.0093 3304 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

00:43:36.0093 3304 RasPppoe - ok

00:43:36.0109 3304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

00:43:36.0125 3304 Raspti - ok

00:43:36.0140 3304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

00:43:36.0156 3304 Rdbss - ok

00:43:36.0187 3304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

00:43:36.0187 3304 RDPCDD - ok

00:43:36.0250 3304 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

00:43:36.0265 3304 RDPWD - ok

00:43:36.0312 3304 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

00:43:36.0312 3304 redbook - ok

00:43:36.0406 3304 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

00:43:36.0406 3304 Secdrv - ok

00:43:36.0453 3304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

00:43:36.0453 3304 Serial - ok

00:43:36.0484 3304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

00:43:36.0484 3304 Sfloppy - ok

00:43:36.0515 3304 Simbad - ok

00:43:36.0562 3304 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

00:43:36.0562 3304 SLIP - ok

00:43:36.0625 3304 SMNDIS5 - ok

00:43:36.0640 3304 Sparrow - ok

00:43:36.0687 3304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

00:43:36.0687 3304 splitter - ok

00:43:36.0750 3304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

00:43:36.0765 3304 sr - ok

00:43:36.0828 3304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

00:43:36.0828 3304 Srv - ok

00:43:36.0859 3304 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

00:43:36.0859 3304 streamip - ok

00:43:36.0921 3304 SUEPD (c0137b5947ae3d3fc1c17ba6fdfb3dad) C:\WINDOWS\system32\DRIVERS\SUE_PD.sys

00:43:36.0921 3304 SUEPD - ok

00:43:36.0968 3304 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

00:43:36.0968 3304 swenum - ok

00:43:36.0984 3304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

00:43:36.0984 3304 swmidi - ok

00:43:37.0015 3304 symc810 - ok

00:43:37.0031 3304 symc8xx - ok

00:43:37.0046 3304 sym_hi - ok

00:43:37.0078 3304 sym_u3 - ok

00:43:37.0125 3304 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys

00:43:37.0140 3304 SynTP - ok

00:43:37.0187 3304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

00:43:37.0187 3304 sysaudio - ok

00:43:37.0265 3304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

00:43:37.0281 3304 Tcpip - ok

00:43:37.0312 3304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

00:43:37.0328 3304 TDPIPE - ok

00:43:37.0359 3304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

00:43:37.0359 3304 TDTCP - ok

00:43:37.0390 3304 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

00:43:37.0390 3304 TermDD - ok

00:43:37.0421 3304 TosIde - ok

00:43:37.0500 3304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

00:43:37.0515 3304 Udfs - ok

00:43:37.0531 3304 ultra - ok

00:43:37.0578 3304 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

00:43:37.0593 3304 Update - ok

00:43:37.0671 3304 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

00:43:37.0671 3304 USBAAPL - ok

00:43:37.0734 3304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

00:43:37.0750 3304 usbccgp - ok

00:43:37.0796 3304 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

00:43:37.0812 3304 usbehci - ok

00:43:37.0828 3304 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

00:43:37.0828 3304 usbhub - ok

00:43:37.0875 3304 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

00:43:37.0875 3304 usbscan - ok

00:43:37.0921 3304 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

00:43:37.0921 3304 USBSTOR - ok

00:43:38.0046 3304 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

00:43:38.0078 3304 usbuhci - ok

00:43:38.0218 3304 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

00:43:38.0218 3304 usbvideo - ok

00:43:38.0250 3304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

00:43:38.0250 3304 VgaSave - ok

00:43:38.0265 3304 ViaIde - ok

00:43:38.0328 3304 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys

00:43:38.0343 3304 VMC326 - ok

00:43:38.0359 3304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

00:43:38.0359 3304 VolSnap - ok

00:43:38.0421 3304 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

00:43:38.0421 3304 Wanarp - ok

00:43:38.0437 3304 WDICA - ok

00:43:38.0500 3304 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

00:43:38.0500 3304 wdmaud - ok

00:43:38.0593 3304 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

00:43:38.0593 3304 WSTCODEC - ok

00:43:38.0687 3304 yukonwxp (1661bf323aa86d1b6dd1fb6f2402d119) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

00:43:38.0687 3304 yukonwxp - ok

00:43:38.0718 3304 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0

00:43:39.0093 3304 \Device\Harddisk0\DR0 - ok

00:43:39.0093 3304 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR6

00:43:39.0109 3304 \Device\Harddisk1\DR6 - ok

00:43:39.0109 3304 Boot (0x1200) (cf0eb274a141103eec62d57191b6bf0c) \Device\Harddisk0\DR0\Partition0

00:43:39.0109 3304 \Device\Harddisk0\DR0\Partition0 - ok

00:43:39.0140 3304 Boot (0x1200) (e0ff8a99f8b9a6c0054d2f38e7798b86) \Device\Harddisk0\DR0\Partition1

00:43:39.0156 3304 \Device\Harddisk0\DR0\Partition1 - ok

00:43:39.0156 3304 Boot (0x1200) (ff56ed447829370854ab347605410382) \Device\Harddisk1\DR6\Partition0

00:43:39.0156 3304 \Device\Harddisk1\DR6\Partition0 - ok

00:43:39.0156 3304 ============================================================

00:43:39.0156 3304 Scan finished

00:43:39.0156 3304 ============================================================

00:43:39.0171 3616 Detected object count: 2

00:43:39.0171 3616 Actual detected object count: 2

00:44:54.0484 3616 ab391c51 ( HiddenFile.Multi.Generic ) - skipped by user

00:44:54.0500 3616 ab391c51 ( HiddenFile.Multi.Generic ) - User select action: Skip

00:44:54.0500 3616 i8042prt ( ForgedFile.Multi.Generic ) - skipped by user

00:44:54.0500 3616 i8042prt ( ForgedFile.Multi.Generic ) - User select action: Skip

00:45:32.0390 1420 ============================================================

00:45:32.0390 1420 Scan started

00:45:32.0390 1420 Mode: Manual;

00:45:32.0390 1420 ============================================================

00:45:32.0765 1420 ab391c51 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1360804267:1422320558.exe

00:45:32.0765 1420 Suspicious file (Hidden): C:\WINDOWS\1360804267:1422320558.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

00:45:32.0765 1420 ab391c51 ( HiddenFile.Multi.Generic ) - warning

00:45:32.0765 1420 ab391c51 - detected HiddenFile.Multi.Generic (1)

00:45:32.0812 1420 Abiosdsk - ok

00:45:32.0828 1420 abp480n5 - ok

00:45:32.0890 1420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

00:45:32.0890 1420 ACPI - ok

00:45:32.0921 1420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

00:45:32.0921 1420 ACPIEC - ok

00:45:32.0937 1420 adpu160m - ok

00:45:32.0968 1420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

00:45:32.0968 1420 aec - ok

00:45:33.0015 1420 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

00:45:33.0031 1420 AFD - ok

00:45:33.0031 1420 Aha154x - ok

00:45:33.0062 1420 aic78u2 - ok

00:45:33.0078 1420 aic78xx - ok

00:45:33.0109 1420 AliIde - ok

00:45:33.0125 1420 amsint - ok

00:45:33.0234 1420 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys

00:45:33.0265 1420 AR5416 - ok

00:45:33.0281 1420 asc - ok

00:45:33.0296 1420 asc3350p - ok

00:45:33.0312 1420 asc3550 - ok

00:45:33.0375 1420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

00:45:33.0375 1420 AsyncMac - ok

00:45:33.0421 1420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

00:45:33.0421 1420 atapi - ok

00:45:33.0437 1420 Atdisk - ok

00:45:33.0468 1420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

00:45:33.0468 1420 Atmarpc - ok

00:45:33.0515 1420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

00:45:33.0515 1420 audstub - ok

00:45:33.0546 1420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

00:45:33.0546 1420 Beep - ok

00:45:33.0625 1420 BTKRNL (48aad36baefb7820bfeb986763226905) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

00:45:33.0656 1420 BTKRNL - ok

00:45:33.0703 1420 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys

00:45:33.0703 1420 BTWUSB - ok

00:45:33.0750 1420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

00:45:33.0750 1420 cbidf2k - ok

00:45:33.0781 1420 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

00:45:33.0796 1420 CCDECODE - ok

00:45:33.0796 1420 cd20xrnt - ok

00:45:33.0843 1420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

00:45:33.0843 1420 Cdaudio - ok

00:45:33.0875 1420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

00:45:33.0890 1420 Cdfs - ok

00:45:33.0906 1420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

00:45:33.0906 1420 Cdrom - ok

00:45:33.0921 1420 Changer - ok

00:45:33.0953 1420 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

00:45:33.0953 1420 CmBatt - ok

00:45:33.0968 1420 CmdIde - ok

00:45:34.0000 1420 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

00:45:34.0000 1420 Compbatt - ok

00:45:34.0031 1420 Cpqarray - ok

00:45:34.0046 1420 dac2w2k - ok

00:45:34.0062 1420 dac960nt - ok

00:45:34.0078 1420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

00:45:34.0078 1420 Disk - ok

00:45:34.0156 1420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

00:45:34.0171 1420 dmboot - ok

00:45:34.0218 1420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

00:45:34.0218 1420 dmio - ok

00:45:34.0250 1420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

00:45:34.0250 1420 dmload - ok

00:45:34.0296 1420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

00:45:34.0296 1420 DMusic - ok

00:45:34.0343 1420 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys

00:45:34.0343 1420 DNSeFilter - ok

00:45:34.0390 1420 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS

00:45:34.0390 1420 DOSMEMIO - ok

00:45:34.0406 1420 dpti2o - ok

00:45:34.0421 1420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

00:45:34.0421 1420 drmkaud - ok

00:45:34.0484 1420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

00:45:34.0484 1420 Fastfat - ok

00:45:34.0500 1420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

00:45:34.0500 1420 Fdc - ok

00:45:34.0531 1420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

00:45:34.0531 1420 Fips - ok

00:45:34.0562 1420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

00:45:34.0562 1420 Flpydisk - ok

00:45:34.0593 1420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

00:45:34.0593 1420 FltMgr - ok

00:45:34.0625 1420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

00:45:34.0625 1420 Fs_Rec - ok

00:45:34.0656 1420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

00:45:34.0656 1420 Ftdisk - ok

00:45:34.0703 1420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

00:45:34.0703 1420 GEARAspiWDM - ok

00:45:34.0734 1420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

00:45:34.0734 1420 Gpc - ok

00:45:34.0796 1420 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

00:45:34.0812 1420 HDAudBus - ok

00:45:34.0875 1420 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

00:45:34.0875 1420 HidUsb - ok

00:45:34.0890 1420 hpn - ok

00:45:34.0953 1420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

00:45:34.0953 1420 HTTP - ok

00:45:34.0984 1420 i2omgmt - ok

00:45:35.0000 1420 i2omp - ok

00:45:35.0031 1420 i8042prt (991da51d7726402ed767bd11a03a2941) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

00:45:35.0046 1420 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 991da51d7726402ed767bd11a03a2941, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30

00:45:35.0046 1420 i8042prt ( ForgedFile.Multi.Generic ) - warning

00:45:35.0046 1420 i8042prt - detected ForgedFile.Multi.Generic (1)

00:45:35.0281 1420 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

00:45:35.0375 1420 ialm - ok

00:45:35.0484 1420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

00:45:35.0484 1420 Imapi - ok

00:45:35.0500 1420 ini910u - ok

00:45:35.0687 1420 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys

00:45:35.0734 1420 IntcAzAudAddService - ok

00:45:35.0796 1420 IntelIde - ok

00:45:35.0843 1420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

00:45:35.0843 1420 intelppm - ok

00:45:35.0875 1420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

00:45:35.0875 1420 Ip6Fw - ok

00:45:35.0890 1420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

00:45:35.0890 1420 IpFilterDriver - ok

00:45:35.0906 1420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

00:45:35.0906 1420 IpInIp - ok

00:45:35.0921 1420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

00:45:35.0937 1420 IpNat - ok

00:45:35.0968 1420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

00:45:35.0968 1420 IPSec - ok

00:45:36.0015 1420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

00:45:36.0015 1420 IRENUM - ok

00:45:36.0062 1420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

00:45:36.0062 1420 isapnp - ok

00:45:36.0093 1420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

00:45:36.0093 1420 Kbdclass - ok

00:45:36.0140 1420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

00:45:36.0140 1420 kmixer - ok

00:45:36.0171 1420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

00:45:36.0171 1420 KSecDD - ok

00:45:36.0187 1420 lbrtfdc - ok

00:45:36.0296 1420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

00:45:36.0296 1420 mnmdd - ok

00:45:36.0343 1420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

00:45:36.0343 1420 Modem - ok

00:45:36.0390 1420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

00:45:36.0390 1420 Mouclass - ok

00:45:36.0453 1420 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

00:45:36.0453 1420 mouhid - ok

00:45:36.0515 1420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

00:45:36.0515 1420 MountMgr - ok

00:45:36.0546 1420 mraid35x - ok

00:45:36.0578 1420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

00:45:36.0593 1420 MRxDAV - ok

00:45:36.0640 1420 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

00:45:36.0656 1420 MRxSmb - ok

00:45:36.0718 1420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

00:45:36.0718 1420 Msfs - ok

00:45:36.0765 1420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

00:45:36.0765 1420 MSKSSRV - ok

00:45:36.0796 1420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

00:45:36.0796 1420 MSPCLOCK - ok

00:45:36.0812 1420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

00:45:36.0812 1420 MSPQM - ok

00:45:36.0828 1420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

00:45:36.0828 1420 mssmbios - ok

00:45:36.0859 1420 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

00:45:36.0859 1420 MSTEE - ok

00:45:36.0875 1420 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

00:45:36.0890 1420 Mup - ok

00:45:36.0890 1420 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

00:45:36.0906 1420 NABTSFEC - ok

00:45:36.0937 1420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

00:45:36.0937 1420 NDIS - ok

00:45:36.0968 1420 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

00:45:36.0968 1420 NdisIP - ok

00:45:37.0015 1420 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

00:45:37.0015 1420 NdisTapi - ok

00:45:37.0062 1420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

00:45:37.0062 1420 Ndisuio - ok

00:45:37.0078 1420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

00:45:37.0078 1420 NdisWan - ok

00:45:37.0093 1420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

00:45:37.0093 1420 NDProxy - ok

00:45:37.0109 1420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

00:45:37.0109 1420 NetBIOS - ok

00:45:37.0140 1420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

00:45:37.0140 1420 NetBT - ok

00:45:37.0171 1420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

00:45:37.0171 1420 Npfs - ok

00:45:37.0218 1420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

00:45:37.0234 1420 Ntfs - ok

00:45:37.0265 1420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

00:45:37.0265 1420 Null - ok

00:45:37.0328 1420 NWADI (c83766c4a147159254ff16f1a6c9dc6e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

00:45:37.0328 1420 NWADI - ok

00:45:37.0359 1420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

00:45:37.0359 1420 NwlnkFlt - ok

00:45:37.0390 1420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

00:45:37.0390 1420 NwlnkFwd - ok

00:45:37.0437 1420 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys

00:45:37.0437 1420 NWUSBCDFIL - ok

00:45:37.0468 1420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

00:45:37.0468 1420 Parport - ok

00:45:37.0484 1420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

00:45:37.0484 1420 PartMgr - ok

00:45:37.0531 1420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

00:45:37.0531 1420 ParVdm - ok

00:45:37.0562 1420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

00:45:37.0562 1420 PCI - ok

00:45:37.0578 1420 PCIDump - ok

00:45:37.0593 1420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

00:45:37.0593 1420 PCIIde - ok

00:45:37.0625 1420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

00:45:37.0625 1420 Pcmcia - ok

00:45:37.0640 1420 PDCOMP - ok

00:45:37.0656 1420 PDFRAME - ok

00:45:37.0703 1420 PDRELI - ok

00:45:37.0718 1420 PDRFRAME - ok

00:45:37.0734 1420 perc2 - ok

00:45:37.0734 1420 perc2hib - ok

00:45:37.0796 1420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

00:45:37.0796 1420 PptpMiniport - ok

00:45:37.0812 1420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

00:45:37.0812 1420 PSched - ok

00:45:37.0828 1420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

00:45:37.0828 1420 Ptilink - ok

00:45:37.0859 1420 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

00:45:37.0859 1420 PxHelp20 - ok

00:45:37.0875 1420 ql1080 - ok

00:45:37.0875 1420 Ql10wnt - ok

00:45:37.0890 1420 ql12160 - ok

00:45:37.0906 1420 ql1240 - ok

00:45:37.0921 1420 ql1280 - ok

00:45:37.0953 1420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

00:45:37.0953 1420 RasAcd - ok

00:45:37.0984 1420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

00:45:37.0984 1420 Rasl2tp - ok

00:45:38.0000 1420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

00:45:38.0000 1420 RasPppoe - ok

00:45:38.0015 1420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

00:45:38.0015 1420 Raspti - ok

00:45:38.0046 1420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

00:45:38.0046 1420 Rdbss - ok

00:45:38.0078 1420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

00:45:38.0078 1420 RDPCDD - ok

00:45:38.0125 1420 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

00:45:38.0125 1420 RDPWD - ok

00:45:38.0171 1420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

00:45:38.0171 1420 redbook - ok

00:45:38.0218 1420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

00:45:38.0218 1420 Secdrv - ok

00:45:38.0250 1420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

00:45:38.0265 1420 Serial - ok

00:45:38.0281 1420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

00:45:38.0281 1420 Sfloppy - ok

00:45:38.0296 1420 Simbad - ok

00:45:38.0343 1420 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

00:45:38.0343 1420 SLIP - ok

00:45:38.0390 1420 SMNDIS5 - ok

00:45:38.0406 1420 Sparrow - ok

00:45:38.0453 1420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

00:45:38.0453 1420 splitter - ok

00:45:38.0515 1420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

00:45:38.0515 1420 sr - ok

00:45:38.0578 1420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

00:45:38.0609 1420 Srv - ok

00:45:38.0687 1420 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

00:45:38.0687 1420 streamip - ok

00:45:38.0750 1420 SUEPD (c0137b5947ae3d3fc1c17ba6fdfb3dad) C:\WINDOWS\system32\DRIVERS\SUE_PD.sys

00:45:38.0750 1420 SUEPD - ok

00:45:38.0796 1420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

00:45:38.0796 1420 swenum - ok

00:45:38.0812 1420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

00:45:38.0812 1420 swmidi - ok

00:45:38.0843 1420 symc810 - ok

00:45:38.0859 1420 symc8xx - ok

00:45:38.0890 1420 sym_hi - ok

00:45:38.0906 1420 sym_u3 - ok

00:45:38.0968 1420 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys

00:45:38.0968 1420 SynTP - ok

00:45:39.0000 1420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

00:45:39.0000 1420 sysaudio - ok

00:45:39.0078 1420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

00:45:39.0078 1420 Tcpip - ok

00:45:39.0109 1420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

00:45:39.0109 1420 TDPIPE - ok

00:45:39.0140 1420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

00:45:39.0140 1420 TDTCP - ok

00:45:39.0171 1420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

00:45:39.0171 1420 TermDD - ok

00:45:39.0203 1420 TosIde - ok

00:45:39.0265 1420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

00:45:39.0265 1420 Udfs - ok

00:45:39.0281 1420 ultra - ok

00:45:39.0328 1420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

00:45:39.0343 1420 Update - ok

00:45:39.0390 1420 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

00:45:39.0390 1420 USBAAPL - ok

00:45:39.0421 1420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

00:45:39.0421 1420 usbccgp - ok

00:45:39.0484 1420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

00:45:39.0484 1420 usbehci - ok

00:45:39.0500 1420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

00:45:39.0500 1420 usbhub - ok

00:45:39.0546 1420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

00:45:39.0546 1420 usbscan - ok

00:45:39.0593 1420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

00:45:39.0593 1420 USBSTOR - ok

00:45:39.0625 1420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

00:45:39.0640 1420 usbuhci - ok

00:45:39.0656 1420 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

00:45:39.0656 1420 usbvideo - ok

00:45:39.0671 1420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

00:45:39.0687 1420 VgaSave - ok

00:45:39.0687 1420 ViaIde - ok

00:45:39.0765 1420 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys

00:45:39.0765 1420 VMC326 - ok

00:45:39.0796 1420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

00:45:39.0796 1420 VolSnap - ok

00:45:39.0859 1420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

00:45:39.0859 1420 Wanarp - ok

00:45:39.0875 1420 WDICA - ok

00:45:39.0953 1420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

00:45:39.0953 1420 wdmaud - ok

00:45:40.0031 1420 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

00:45:40.0031 1420 WSTCODEC - ok

00:45:40.0109 1420 yukonwxp (1661bf323aa86d1b6dd1fb6f2402d119) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

00:45:40.0125 1420 yukonwxp - ok

00:45:40.0171 1420 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0

00:45:40.0625 1420 \Device\Harddisk0\DR0 - ok

00:45:40.0625 1420 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR6

00:45:40.0640 1420 \Device\Harddisk1\DR6 - ok

00:45:40.0656 1420 Boot (0x1200) (cf0eb274a141103eec62d57191b6bf0c) \Device\Harddisk0\DR0\Partition0

00:45:40.0656 1420 \Device\Harddisk0\DR0\Partition0 - ok

00:45:40.0687 1420 Boot (0x1200) (e0ff8a99f8b9a6c0054d2f38e7798b86) \Device\Harddisk0\DR0\Partition1

00:45:40.0687 1420 \Device\Harddisk0\DR0\Partition1 - ok

00:45:40.0687 1420 Boot (0x1200) (ff56ed447829370854ab347605410382) \Device\Harddisk1\DR6\Partition0

00:45:40.0687 1420 \Device\Harddisk1\DR6\Partition0 - ok

00:45:40.0687 1420 ============================================================

00:45:40.0687 1420 Scan finished

00:45:40.0687 1420 ============================================================

00:45:40.0703 1972 Detected object count: 2

00:45:40.0703 1972 Actual detected object count: 2

00:46:40.0718 1972 C:\WINDOWS\1360804267:1422320558.exe - copied to quarantine

00:46:40.0718 1972 ab391c51 ( HiddenFile.Multi.Generic ) - User select action: Quarantine

00:46:40.0843 1972 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine

00:46:40.0843 1972 i8042prt ( ForgedFile.Multi.Generic ) - User select action: Quarantine

00:46:45.0750 4044 Deinitialize success

DDS results:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21

Run by Karla Reece at 0:51:01 on 2011-09-28

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.623 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\1360804267:1422320558.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Garmin\MyGarminAgent.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe

C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet

uRun: [Aim6]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe

uRun: [AppleUpdate] c:\documents and settings\karla reece\application data\apple computer\appleupdate\Appleupdt32.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [<NO NAME>]

mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe

mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe

mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe

mRun: [MyGarminAgent] c:\program files\garmin\MyGarminAgent.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{7CB9A567-16B6-46DE-B9F7-FA376B1D7104} : DhcpNameServer = 10.0.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\karla reece\application data\mozilla\firefox\profiles\llqfnhrf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-13 94880]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-10 214904]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]

R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]

S2 0159851316703667mcinstcleanup;McAfee Application Installer Cleanup (0159851316703667);c:\windows\temp\015985~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\015985~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-10 214904]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-10 214904]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840]

.

=============== Created Last 30 ================

.

2011-09-28 04:46:40 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-28 04:24:17 -------- d-----w- c:\documents and settings\karla reece\application data\Malwarebytes

2011-09-28 04:24:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-28 04:24:03 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-28 04:24:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-24 06:02:32 0 ----a-w- C:\LOGC.tmp

2011-09-17 22:12:16 -------- d-----w- c:\program files\Verizon Wireless

2011-09-05 14:34:38 0 ---ha-w- c:\documents and settings\karla reece\hpdndvtuiv.tmp

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-08 00:44:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 0:51:50.48 ===============

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[karr]

Didn't see this until just now. Will do as you requested tomorrow...

Thanks.

~K

[karr]

I manually updated MBAM but it still wont run. I get an error message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access."

I have not yet run ComboFix. Should I even though I cannot update MBAM?

Thanks!

[karr]

Well this is fun. After a reboot, the keyboard doesn't work. I can't sign into my account. I tried in safemode as well.

Is my netbook now just a paperweight?

[screen317]

Hi,

Try another reboot and see if it still doesn't work.

Is it still under warranty? Where did you get it from?

[karr]

Samsung NC10 - from Amazon, 3 years old.

Still no go. The mouse pad doesn't work either. Good news is that the USB mouse does. I'll borrow a USB keyboard from work and give that a go. Will report back this evening.

Thanks.

[karr]

No warranty....

[screen317]

But does the USB keyboard work??

[karr]

The USB keyboard does work, as well as the USB mouse.

I ran Combofix but got a message saying it has expired.

What shall I do next?

Thank you so much for the help!!

[screen317]

Delete your copy of ComboFix, download a fresh copy, run it, and post its log.

[karr]

Downloaded fresh copy of Combofix. Got a message that says, "This Computer does not have the Microsoft Recovery Console.."

I do not have internet access of the computer in question. It is a netbook without a cd drive.

Is this hopeless?

[screen317]

You don't need a CD drive for it.

Please download this file and save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

[karr]

A file called "catcheme" was created in Notepad. It's contents are below.

File "C:\ComboFix\MT_AppleMobileDeviceService.exe.tmp" added successfully

File "C:\ComboFix\MT_McSvHost.exe.tmp" added successfully

File "C:\ComboFix\MT_SLUBackgroundService.exe.tmp" added successfully

File "C:\ComboFix\MT_ViewpointService.exe.tmp" added successfully

[screen317]

Something's not right here.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

[karr]

The log contained:

ComboFix 11-10-21.06 - Karla Reece 10/22/2011 22:56:04.3.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.722 [GMT -4:00]

Running from: c:\documents and settings\Karla Reece\Desktop\sega.com.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-- Previous Run --

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037647.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037647.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037654.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037647.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037654.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037650.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037647.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037654.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037650.exe

.

Infected copy of c:\program files\McAfee\SiteAdvisor\McSACore.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037651.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037647.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037654.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037650.exe

.

Infected copy of c:\program files\McAfee\SiteAdvisor\McSACore.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037651.exe

.

Infected copy of c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037657.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037647.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037654.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037650.exe

.

Infected copy of c:\program files\McAfee\SiteAdvisor\McSACore.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037651.exe

.

Infected copy of c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037657.exe

.

Infected copy of c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037724.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037647.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037654.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037650.exe

.

Infected copy of c:\program files\McAfee\SiteAdvisor\McSACore.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037651.exe

.

Infected copy of c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037657.exe

.

Infected copy of c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037724.exe

.

Infected copy of c:\program files\Viewpoint\Common\ViewpointService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037652.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP240\A0045495.exe

.

Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037647.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037654.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037650.exe

.

Infected copy of c:\program files\McAfee\SiteAdvisor\McSACore.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037651.exe

.

Infected copy of c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037657.exe

.

Infected copy of c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037724.exe

.

Infected copy of c:\program files\Viewpoint\Common\ViewpointService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037652.exe

.

Infected copy of c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037653.exe

.

--------

.

.

((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))

.

.

2011-10-20 03:19 . 2011-10-20 03:20 -------- d-----w- C:\AppleMobileDeviceService

2011-10-11 21:34 . 2008-04-14 04:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-10-11 21:34 . 2008-04-14 04:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-09-28 04:46 . 2011-09-28 04:46 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-28 04:24 . 2011-09-28 04:24 -------- d-----w- c:\documents and settings\Karla Reece\Application Data\Malwarebytes

2011-09-28 04:24 . 2011-09-28 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-09-28 04:24 . 2011-10-02 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-28 04:24 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2009-02-12 18:05 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-16 01:17 . 2011-05-20 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2011-01-11 01:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]

"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]

"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]

"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]

"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-05-07 335872]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

S2 0159851316703667mcinstcleanup;McAfee Application Installer Cleanup (0159851316703667);c:\windows\TEMP\015985~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\015985~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2/12/2009 3:29 PM 4300]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 8:47 AM 133104]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 7:07 PM 94880]

S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/26/2009 9:46 PM 24652]

S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]

S3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 11:01 PM 30208]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 8:47 AM 133104]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 7:57 PM 19840]

S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2/12/2009 3:33 PM 238464]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PXHELP20

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47]

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\Karla Reece\Application Data\Mozilla\Firefox\Profiles\llqfnhrf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Aim6 - (no file)

HKCU-Run-AppleUpdate - c:\documents and settings\Karla Reece\Application Data\Apple Computer\AppleUpdate\Appleupdt32.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-22 23:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ----),% -(, $ ) ( - ) !d PLKrAB(APd#(00 ! 7d,R#a@2 %A10PE@ "dLD

" @d@,!D ( ` 1

"" 3:0 0 A f hP

Pu pabp A$- HLa*T8 #1

" @P!TD2 ,3(00" @S B a 0)RDb 04(1 $0 `1 Q 2`e*- fD C «` !

! C#&AC 2 B! ! A1

[screen317]

That's better.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[karr]

The computer in question doesn't have internet access so I am unable to run the ESET Online Scanner.

I tried using a wired internet connection but the computer doesn't recognize it. Also, the wifi modem seems to be disabled.

I looked at the device driver and see yellow exclamation pints for the "Atheros AR5007EG Wireless Network Adapter - Mcafee Core NDIS Intermediate Filter Miniport". Clicking on properties gives me an error: "Widnows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged [code 19]

I get a similar error for the "Marvell Yukon 88e8040 PCI-E Fast Ethernet Controller - McAfee Core NDIS Intermediate Filter Miniport", and same error for "Wan Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport"

I've tried to reinstall the drivers in the Device Manager and get error messages - For the Marvell Yukon it says, "A service installation section in thei INF is invalid".

I went to Samsung and downloaded drivers for these issues, but have been unsuccessful in updating drivers. When I tried to uninstall the driver for the Atheros AR5007EG Wireless Network Adapter I got a "Failed to uninstall the device. The Device may be required to boot up the computer.

How can I fix these issues so that I can go online to run the scan and subsequent steps you requested above?

Thanks!

[karr]

OH, and I was able to reinstall the keyboard and mouse-pad drivers so I can once again use those devices.

[karr]

WAIT! I was able to reinstall the Wifi driver and now have internet connection. Running the scan now.

[karr]

Results of ESET:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=9affdcdc87bbae4e874c9a531a8abd9d

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2011-10-28 08:46:00

# local_time=2011-10-28 04:46:00 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5121 16777190 0 3 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=55756

# found=163

# cleaned=163

# scan_time=2722

C:\Documents and Settings\Karla Reece\Application Data\Sun\Java\Deployment\cache\6.0\35\27b84623-16ebad4f a variant of Java/Exploit.CVE-2010-4452.A trojan (cleaned by deleting - quarantined) 6F2DE4DDE46207478FA584BE15520462 C

C:\Documents and Settings\Karla Reece\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\pjjocllknogjehlegmaifpaffaihokio\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 0F2686D0CDE955C57AD42F280AD7BC71 C

C:\Documents and Settings\Karla Reece\Local Settings\temp\mcupdate_1319829340.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C

C:\Program Files\Common Files\McAfee\VSCore\mfehidin.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\Qoobox\Quarantine\C\Documents and Settings\Gabbi\Application Data\Mozilla\Firefox\Profiles\ufi9swwp.default\extensions\{f89940d2-53d3-4f2f-89de-283d09985141}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 87140DDDAE1EC77B149C5E9FA04278C8 C

C:\Qoobox\Quarantine\C\Documents and Settings\Karla Reece\Application Data\Mozilla\Firefox\Profiles\llqfnhrf.default\extensions\{f89940d2-53d3-4f2f-89de-283d09985141}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 87140DDDAE1EC77B149C5E9FA04278C8 C

C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 5B272AD9C26CC47D529BADFFCFEA651B C

C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 7252C75EFADBFCCE31EA32CAB432F789 C

C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\Qoobox\Quarantine\C\Program Files\McAfee\SiteAdvisor\McSACore.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\Qoobox\Quarantine\C\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Common\ViewpointService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 9AF7598A2BBBC6007BAE5FD1CBB1E0D6 C

C:\Qoobox\Quarantine\C\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 7335E788DD73FEC1E1B24A59563B2BB2 C

C:\Qoobox\Quarantine\C\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) A824F6F46F0794E1C352E5037CA6BF0F C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037418.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037659.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037660.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037679.exe Win32/Patched.HN trojan (cleaned - quarantined) 4C9C9A0922EC037F2C84F822A8C9F314 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037765.exe Win32/Patched.HN trojan (cleaned - quarantined) 1903A056D15C48153A0A7D32E91C6FF5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037767.exe Win32/Patched.HN trojan (cleaned - quarantined) 9ADDB29C6AE20E7E13198034ACBC456C C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037772.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037773.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037802.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037807.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037833.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037834.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037835.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037836.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037837.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0038129.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0038130.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038151.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038156.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038182.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038183.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038184.exe Win32/Patched.HN trojan (cleaned - quarantined) 7252C75EFADBFCCE31EA32CAB432F789 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038185.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038186.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038187.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038479.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038480.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038509.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038514.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038540.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038541.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038542.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038543.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038544.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038836.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038837.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038862.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038867.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038893.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038894.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038895.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038896.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038897.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0039189.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0039190.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039227.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039232.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039258.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039259.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039260.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039261.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039262.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039554.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039555.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0040554.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0040555.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040583.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040588.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040614.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040615.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040616.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040617.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040618.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040910.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040911.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040927.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040928.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040939.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040940.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0041939.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0041940.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP234\A0041953.rbf Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042107.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042112.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042137.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042138.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042139.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042140.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042141.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042939.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042940.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042975.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042976.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0042987.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043038.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043043.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043068.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043069.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043070.exe Win32/Patched.HN trojan (cleaned - quarantined) 7252C75EFADBFCCE31EA32CAB432F789 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043071.exe Win32/Patched.HN trojan (cleaned - quarantined) A824F6F46F0794E1C352E5037CA6BF0F C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043072.exe Win32/Patched.HN trojan (cleaned - quarantined) 9AF7598A2BBBC6007BAE5FD1CBB1E0D6 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043073.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043074.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043075.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043076.exe Win32/Patched.HN trojan (cleaned - quarantined) 5B272AD9C26CC47D529BADFFCFEA651B C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043077.exe Win32/Patched.HN trojan (cleaned - quarantined) 7335E788DD73FEC1E1B24A59563B2BB2 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043361.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043362.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043377.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043378.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043403.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043404.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043418.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043419.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043424.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043425.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043462.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043505.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043510.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043534.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043535.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043536.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043537.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043538.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043820.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043821.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043834.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043835.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043852.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043853.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0043938.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0043981.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0043986.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044010.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044011.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044012.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044013.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044014.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044295.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044296.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045626.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045627.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 87140DDDAE1EC77B149C5E9FA04278C8 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045628.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 87140DDDAE1EC77B149C5E9FA04278C8 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045630.exe Win32/Patched.HN trojan (cleaned - quarantined) 5B272AD9C26CC47D529BADFFCFEA651B C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045631.exe Win32/Patched.HN trojan (cleaned - quarantined) 7335E788DD73FEC1E1B24A59563B2BB2 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045632.exe Win32/Patched.HN trojan (cleaned - quarantined) 7252C75EFADBFCCE31EA32CAB432F789 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045633.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045634.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045635.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045636.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045637.exe Win32/Patched.HN trojan (cleaned - quarantined) 9AF7598A2BBBC6007BAE5FD1CBB1E0D6 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045638.exe Win32/Patched.HN trojan (cleaned - quarantined) A824F6F46F0794E1C352E5037CA6BF0F C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046126.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046145.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046324.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046397.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046877.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C

C:\TDSSKiller_Quarantine\28.09.2011_00.43.24\susp0000\svc0000\tsk0000.dta Win32/Sirefef.CT trojan (cleaned by deleting - quarantined) 8F2BB1827CAC01AEE6A16E30A1260199 C

C:\TDSSKiller_Quarantine\28.09.2011_00.43.24\susp0001\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

[karr]

Results of Security Check:

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 21

Out of date Java installed!

Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

ESET ESET Online Scanner OnlineCmdLineScanner.exe

``````````End of Log````````````

[karr]

The only thing I can find that is not working is this:

In device manager, Mcafee Core NDIS Intermediate Filter Miniport #2 is missing a driver.

I deleted McAfee when this all started and have just replaced it with AGV until this is all worked out.

Thanks!