Jump to content

Recommended Posts

The other night I got a virus. I can't run Malwarebytes or Microsoft Security Essentials. My searches on Google are being redirected. I downloaded and ran the TDSS Rootkit Removing tool. It picked up two things :

Hidden file

Service: 3c610721

Suspicious file, medium risk

Rootkit.Win32.ZAccess.g

Service: NetBT

Malware object, high risk

For the hidden file I was only able to "copy to quarantine" but for the Rootkit I was able to select "cure". I posted the log below from this scan. I still cant run Malwarebytes. Can someone point me in the direction of what I should do next? Thank you.

23:45:13.0266 4572 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24

23:45:13.0657 4572 ============================================================

23:45:13.0657 4572 Current date / time: 2011/10/14 23:45:13.0657

23:45:13.0657 4572 SystemInfo:

23:45:13.0657 4572

23:45:13.0657 4572 OS Version: 5.1.2600 ServicePack: 3.0

23:45:13.0657 4572 Product type: Workstation

23:45:13.0657 4572 ComputerName: YOUR-27E1513D96

23:45:13.0657 4572 UserName: HP_Owner

23:45:13.0657 4572 Windows directory: C:\WINDOWS

23:45:13.0657 4572 System windows directory: C:\WINDOWS

23:45:13.0657 4572 Processor architecture: Intel x86

23:45:13.0657 4572 Number of processors: 1

23:45:13.0657 4572 Page size: 0x1000

23:45:13.0657 4572 Boot type: Normal boot

23:45:13.0657 4572 ============================================================

23:45:18.0032 4572 Initialize success

23:45:26.0391 4776 ============================================================

23:45:26.0391 4776 Scan started

23:45:26.0391 4776 Mode: Manual;

23:45:26.0391 4776 ============================================================

23:45:27.0360 4776 3c610721 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\554131772:3281975518.exe

23:45:28.0985 4776 Suspicious file (Hidden): C:\WINDOWS\554131772:3281975518.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

23:45:28.0985 4776 3c610721 ( HiddenFile.Multi.Generic ) - warning

23:45:28.0985 4776 3c610721 - detected HiddenFile.Multi.Generic (1)

23:45:29.0094 4776 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

23:45:29.0094 4776 61883 - ok

23:45:29.0110 4776 Abiosdsk - ok

23:45:29.0157 4776 abp480n5 - ok

23:45:29.0204 4776 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

23:45:29.0204 4776 ACPI - ok

23:45:29.0251 4776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

23:45:29.0251 4776 ACPIEC - ok

23:45:29.0282 4776 adpu160m - ok

23:45:29.0313 4776 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

23:45:29.0313 4776 aec - ok

23:45:29.0360 4776 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

23:45:29.0360 4776 AFD - ok

23:45:29.0376 4776 Aha154x - ok

23:45:29.0391 4776 aic78u2 - ok

23:45:29.0407 4776 aic78xx - ok

23:45:29.0438 4776 AliIde - ok

23:45:29.0469 4776 amsint - ok

23:45:29.0516 4776 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

23:45:29.0516 4776 Arp1394 - ok

23:45:29.0563 4776 asc - ok

23:45:29.0579 4776 asc3350p - ok

23:45:29.0610 4776 asc3550 - ok

23:45:29.0672 4776 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

23:45:29.0672 4776 AsyncMac - ok

23:45:29.0719 4776 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

23:45:29.0719 4776 atapi - ok

23:45:29.0751 4776 Atdisk - ok

23:45:29.0797 4776 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

23:45:29.0797 4776 Atmarpc - ok

23:45:29.0844 4776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

23:45:29.0844 4776 audstub - ok

23:45:29.0907 4776 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

23:45:29.0907 4776 Avc - ok

23:45:29.0969 4776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

23:45:29.0969 4776 Beep - ok

23:45:30.0016 4776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

23:45:30.0016 4776 cbidf2k - ok

23:45:30.0063 4776 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

23:45:30.0063 4776 CCDECODE - ok

23:45:30.0110 4776 cd20xrnt - ok

23:45:30.0126 4776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

23:45:30.0126 4776 Cdaudio - ok

23:45:30.0157 4776 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

23:45:30.0157 4776 Cdfs - ok

23:45:30.0188 4776 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

23:45:30.0204 4776 Cdrom - ok

23:45:30.0219 4776 Changer - ok

23:45:30.0251 4776 CmdIde - ok

23:45:30.0297 4776 Cpqarray - ok

23:45:30.0360 4776 CSS DVP (d7cde6905f84b438ed3de5997c9b2cfa) C:\WINDOWS\system32\DRIVERS\css-dvp.sys

23:45:30.0391 4776 CSS DVP - ok

23:45:30.0422 4776 dac2w2k - ok

23:45:30.0454 4776 dac960nt - ok

23:45:30.0485 4776 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

23:45:30.0485 4776 Disk - ok

23:45:30.0579 4776 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

23:45:30.0610 4776 dmboot - ok

23:45:30.0672 4776 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

23:45:30.0688 4776 dmio - ok

23:45:30.0751 4776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

23:45:30.0751 4776 dmload - ok

23:45:30.0797 4776 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

23:45:30.0813 4776 DMusic - ok

23:45:30.0844 4776 dpti2o - ok

23:45:30.0876 4776 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

23:45:30.0876 4776 drmkaud - ok

23:45:30.0985 4776 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

23:45:31.0001 4776 eeCtrl - ok

23:45:31.0032 4776 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

23:45:31.0032 4776 Fastfat - ok

23:45:31.0063 4776 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

23:45:31.0063 4776 Fdc - ok

23:45:31.0094 4776 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

23:45:31.0094 4776 Fips - ok

23:45:31.0110 4776 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

23:45:31.0110 4776 Flpydisk - ok

23:45:31.0141 4776 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

23:45:31.0141 4776 FltMgr - ok

23:45:31.0188 4776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

23:45:31.0188 4776 Fs_Rec - ok

23:45:31.0219 4776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

23:45:31.0219 4776 Ftdisk - ok

23:45:31.0235 4776 ftsata2 - ok

23:45:31.0251 4776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

23:45:31.0251 4776 GEARAspiWDM - ok

23:45:31.0297 4776 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

23:45:31.0297 4776 Gpc - ok

23:45:31.0344 4776 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys

23:45:31.0344 4776 hamachi_oem - ok

23:45:31.0391 4776 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

23:45:31.0407 4776 HdAudAddService - ok

23:45:31.0422 4776 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

23:45:31.0438 4776 HDAudBus - ok

23:45:31.0469 4776 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

23:45:31.0469 4776 HidUsb - ok

23:45:31.0485 4776 hpn - ok

23:45:31.0547 4776 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

23:45:31.0547 4776 HPZid412 - ok

23:45:31.0610 4776 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

23:45:31.0610 4776 HPZipr12 - ok

23:45:31.0657 4776 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

23:45:31.0657 4776 HPZius12 - ok

23:45:31.0704 4776 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

23:45:31.0719 4776 HSFHWBS2 - ok

23:45:31.0766 4776 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

23:45:31.0813 4776 HSF_DP - ok

23:45:31.0860 4776 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

23:45:31.0860 4776 HTTP - ok

23:45:31.0876 4776 i2omgmt - ok

23:45:31.0891 4776 i2omp - ok

23:45:31.0938 4776 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

23:45:31.0938 4776 i8042prt - ok

23:45:31.0985 4776 ialm (4007984827e19e6a5b6faf8532eaefba) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

23:45:32.0001 4776 ialm - ok

23:45:32.0047 4776 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys

23:45:32.0079 4776 iaStor - ok

23:45:32.0110 4776 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

23:45:32.0110 4776 Imapi - ok

23:45:32.0141 4776 ini910u - ok

23:45:32.0266 4776 IntcAzAudAddService (d87ffa95d630ec8d1482ca25c454846a) C:\WINDOWS\system32\drivers\RtkHDAud.sys

23:45:32.0344 4776 IntcAzAudAddService - ok

23:45:32.0391 4776 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

23:45:32.0391 4776 IntelIde - ok

23:45:32.0422 4776 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

23:45:32.0422 4776 intelppm - ok

23:45:32.0469 4776 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

23:45:32.0469 4776 Ip6Fw - ok

23:45:32.0547 4776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

23:45:32.0547 4776 IpFilterDriver - ok

23:45:32.0626 4776 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

23:45:32.0641 4776 IpInIp - ok

23:45:32.0672 4776 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

23:45:32.0672 4776 IpNat - ok

23:45:32.0704 4776 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

23:45:32.0704 4776 IPSec - ok

23:45:32.0751 4776 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

23:45:32.0751 4776 IRENUM - ok

23:45:32.0766 4776 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

23:45:32.0766 4776 isapnp - ok

23:45:32.0797 4776 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

23:45:32.0797 4776 Kbdclass - ok

23:45:32.0829 4776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

23:45:32.0829 4776 kmixer - ok

23:45:32.0860 4776 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

23:45:32.0876 4776 KSecDD - ok

23:45:32.0891 4776 lbrtfdc - ok

23:45:32.0954 4776 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

23:45:32.0954 4776 mdmxsdk - ok

23:45:32.0985 4776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

23:45:32.0985 4776 mnmdd - ok

23:45:33.0001 4776 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

23:45:33.0001 4776 Modem - ok

23:45:33.0016 4776 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

23:45:33.0016 4776 Mouclass - ok

23:45:33.0047 4776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

23:45:33.0047 4776 mouhid - ok

23:45:33.0079 4776 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

23:45:33.0079 4776 MountMgr - ok

23:45:33.0126 4776 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

23:45:33.0126 4776 MpFilter - ok

23:45:33.0172 4776 MpKsl46afa75a - ok

23:45:33.0172 4776 mraid35x - ok

23:45:33.0282 4776 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

23:45:33.0282 4776 MREMPR5 - ok

23:45:33.0329 4776 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

23:45:33.0329 4776 MRENDIS5 - ok

23:45:33.0376 4776 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

23:45:33.0391 4776 MRxDAV - ok

23:45:33.0422 4776 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

23:45:33.0438 4776 MRxSmb - ok

23:45:33.0485 4776 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

23:45:33.0485 4776 MSDV - ok

23:45:33.0501 4776 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

23:45:33.0501 4776 Msfs - ok

23:45:33.0516 4776 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

23:45:33.0516 4776 MSKSSRV - ok

23:45:33.0547 4776 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

23:45:33.0563 4776 MSPCLOCK - ok

23:45:33.0594 4776 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

23:45:33.0594 4776 MSPQM - ok

23:45:33.0657 4776 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

23:45:33.0657 4776 mssmbios - ok

23:45:33.0672 4776 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

23:45:33.0672 4776 MSTEE - ok

23:45:33.0719 4776 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

23:45:33.0719 4776 Mup - ok

23:45:33.0766 4776 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

23:45:33.0766 4776 NABTSFEC - ok

23:45:33.0813 4776 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

23:45:33.0829 4776 NDIS - ok

23:45:33.0844 4776 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

23:45:33.0844 4776 NdisIP - ok

23:45:33.0876 4776 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

23:45:33.0876 4776 NdisTapi - ok

23:45:33.0891 4776 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

23:45:33.0891 4776 Ndisuio - ok

23:45:33.0922 4776 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

23:45:33.0922 4776 NdisWan - ok

23:45:33.0954 4776 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

23:45:33.0954 4776 NDProxy - ok

23:45:33.0969 4776 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

23:45:33.0969 4776 NetBIOS - ok

23:45:33.0985 4776 NetBT (8d630190c8044cf009a7ebcc14eb1f61) C:\WINDOWS\system32\DRIVERS\netbt.sys

23:45:34.0001 4776 NetBT ( Rootkit.Win32.ZAccess.g ) - infected

23:45:34.0001 4776 NetBT - detected Rootkit.Win32.ZAccess.g (0)

23:45:34.0032 4776 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

23:45:34.0032 4776 NIC1394 - ok

23:45:34.0063 4776 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

23:45:34.0063 4776 Npfs - ok

23:45:34.0094 4776 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

23:45:34.0110 4776 Ntfs - ok

23:45:34.0141 4776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

23:45:34.0157 4776 Null - ok

23:45:34.0204 4776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

23:45:34.0204 4776 NwlnkFlt - ok

23:45:34.0235 4776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

23:45:34.0235 4776 NwlnkFwd - ok

23:45:34.0266 4776 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

23:45:34.0266 4776 ohci1394 - ok

23:45:34.0297 4776 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

23:45:34.0297 4776 Parport - ok

23:45:34.0344 4776 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

23:45:34.0344 4776 PartMgr - ok

23:45:34.0391 4776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

23:45:34.0391 4776 ParVdm - ok

23:45:34.0422 4776 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

23:45:34.0422 4776 PCI - ok

23:45:34.0438 4776 PCIDump - ok

23:45:34.0485 4776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

23:45:34.0485 4776 PCIIde - ok

23:45:34.0532 4776 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

23:45:34.0532 4776 Pcmcia - ok

23:45:34.0563 4776 PDCOMP - ok

23:45:34.0594 4776 PDFRAME - ok

23:45:34.0641 4776 PDRELI - ok

23:45:34.0657 4776 PDRFRAME - ok

23:45:34.0704 4776 perc2 - ok

23:45:34.0735 4776 perc2hib - ok

23:45:34.0813 4776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

23:45:34.0813 4776 PptpMiniport - ok

23:45:34.0860 4776 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

23:45:34.0860 4776 Ps2 - ok

23:45:34.0907 4776 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

23:45:34.0907 4776 PSched - ok

23:45:34.0938 4776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

23:45:34.0938 4776 Ptilink - ok

23:45:34.0985 4776 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys

23:45:34.0985 4776 PxHelp20 - ok

23:45:35.0001 4776 ql1080 - ok

23:45:35.0032 4776 Ql10wnt - ok

23:45:35.0063 4776 ql12160 - ok

23:45:35.0079 4776 ql1240 - ok

23:45:35.0376 4776 ql1280 - ok

23:45:35.0438 4776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

23:45:35.0438 4776 RasAcd - ok

23:45:35.0485 4776 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

23:45:35.0485 4776 Rasl2tp - ok

23:45:35.0547 4776 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

23:45:35.0547 4776 RasPppoe - ok

23:45:35.0579 4776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

23:45:35.0579 4776 Raspti - ok

23:45:35.0641 4776 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

23:45:35.0641 4776 Rdbss - ok

23:45:35.0688 4776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

23:45:35.0688 4776 RDPCDD - ok

23:45:35.0751 4776 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

23:45:35.0751 4776 RDPWD - ok

23:45:35.0782 4776 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

23:45:35.0797 4776 redbook - ok

23:45:35.0844 4776 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

23:45:35.0844 4776 RTL8023xp - ok

23:45:35.0907 4776 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

23:45:35.0907 4776 rtl8139 - ok

23:45:35.0969 4776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

23:45:35.0969 4776 Secdrv - ok

23:45:36.0016 4776 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

23:45:36.0016 4776 Serial - ok

23:45:36.0063 4776 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

23:45:36.0063 4776 Sfloppy - ok

23:45:36.0110 4776 Simbad - ok

23:45:36.0157 4776 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

23:45:36.0157 4776 SLIP - ok

23:45:36.0204 4776 Sparrow - ok

23:45:36.0251 4776 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

23:45:36.0251 4776 splitter - ok

23:45:36.0297 4776 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

23:45:36.0297 4776 sr - ok

23:45:36.0360 4776 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

23:45:36.0360 4776 Srv - ok

23:45:36.0422 4776 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

23:45:36.0422 4776 streamip - ok

23:45:36.0454 4776 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

23:45:36.0469 4776 swenum - ok

23:45:36.0501 4776 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

23:45:36.0516 4776 swmidi - ok

23:45:36.0563 4776 symc810 - ok

23:45:36.0594 4776 symc8xx - ok

23:45:36.0626 4776 SymIM - ok

23:45:36.0672 4776 SymIMMP - ok

23:45:36.0719 4776 sym_hi - ok

23:45:36.0751 4776 sym_u3 - ok

23:45:36.0782 4776 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

23:45:36.0782 4776 sysaudio - ok

23:45:36.0860 4776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

23:45:36.0891 4776 Tcpip - ok

23:45:36.0985 4776 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

23:45:36.0985 4776 TDPIPE - ok

23:45:37.0032 4776 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

23:45:37.0032 4776 TDTCP - ok

23:45:37.0063 4776 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

23:45:37.0063 4776 TermDD - ok

23:45:37.0094 4776 TosIde - ok

23:45:37.0126 4776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

23:45:37.0126 4776 Udfs - ok

23:45:37.0141 4776 ultra - ok

23:45:37.0204 4776 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

23:45:37.0219 4776 Update - ok

23:45:37.0266 4776 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

23:45:37.0282 4776 USBAAPL - ok

23:45:37.0313 4776 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

23:45:37.0313 4776 usbccgp - ok

23:45:37.0329 4776 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

23:45:37.0329 4776 usbehci - ok

23:45:37.0360 4776 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

23:45:37.0360 4776 usbhub - ok

23:45:37.0391 4776 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

23:45:37.0391 4776 usbprint - ok

23:45:37.0454 4776 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

23:45:37.0454 4776 usbscan - ok

23:45:37.0501 4776 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

23:45:37.0501 4776 usbstor - ok

23:45:37.0594 4776 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

23:45:37.0594 4776 usbuhci - ok

23:45:37.0626 4776 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

23:45:37.0626 4776 VgaSave - ok

23:45:37.0672 4776 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

23:45:37.0672 4776 ViaIde - ok

23:45:37.0719 4776 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

23:45:37.0719 4776 VolSnap - ok

23:45:37.0766 4776 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

23:45:37.0766 4776 Wanarp - ok

23:45:37.0797 4776 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

23:45:37.0797 4776 wanatw - ok

23:45:37.0813 4776 WDICA - ok

23:45:37.0844 4776 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

23:45:37.0844 4776 wdmaud - ok

23:45:37.0891 4776 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

23:45:37.0938 4776 winachsf - ok

23:45:38.0016 4776 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

23:45:38.0016 4776 WSTCODEC - ok

23:45:38.0063 4776 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

23:45:38.0063 4776 WudfPf - ok

23:45:38.0094 4776 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

23:45:38.0094 4776 WudfRd - ok

23:45:38.0141 4776 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0

23:45:38.0157 4776 \Device\Harddisk0\DR0 - ok

23:45:38.0485 4776 MBR (0x1B8) (3a240dfec0d985310e922faec1099ba6) \Device\Harddisk5\DR11

23:45:46.0610 4776 \Device\Harddisk5\DR11 - ok

23:45:46.0610 4776 Boot (0x1200) (5c9805b0c384765da957ecbb2d72d60c) \Device\Harddisk0\DR0\Partition0

23:45:46.0610 4776 \Device\Harddisk0\DR0\Partition0 - ok

23:45:46.0626 4776 Boot (0x1200) (05c0b67c6fd0bb31475e78576d6348d2) \Device\Harddisk0\DR0\Partition1

23:45:46.0626 4776 \Device\Harddisk0\DR0\Partition1 - ok

23:45:46.0626 4776 Boot (0x1200) (293ffe673f3064ad23225ac5f4ab23f0) \Device\Harddisk5\DR11\Partition0

23:45:46.0641 4776 \Device\Harddisk5\DR11\Partition0 - ok

23:45:46.0641 4776 ============================================================

23:45:46.0641 4776 Scan finished

23:45:46.0641 4776 ============================================================

23:45:46.0641 5932 Detected object count: 2

23:45:46.0641 5932 Actual detected object count: 2

23:48:41.0110 5932 C:\WINDOWS\554131772:3281975518.exe - copied to quarantine

23:48:41.0110 5932 3c610721 ( HiddenFile.Multi.Generic ) - User select action: Quarantine

23:48:41.0204 5932 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813

23:48:45.0626 5932 Backup copy found, using it..

23:48:45.0641 5932 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot

23:48:45.0641 5932 NetBT ( Rootkit.Win32.ZAccess.g ) - User select action: Cure

23:50:58.0001 5632 Deinitialize success

I just downloaded and ran ComboFix. After running ComboFix, Google is no longer redirecting my search results and I am able to run Malwarebytes. I posted a log of ComboFix and Malwarebytes below. Can someone help me interpret these logs and let me know if my computer is now completely safe? Thank you.

ComboFix log:

ComboFix 11-10-15.02 - HP_Owner 10/15/2011 3:26.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.687 [GMT -4:00]

Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Owner\WINDOWS

c:\documents and settings\postgres\WINDOWS

c:\windows\$NtUninstallKB50367$

c:\windows\$NtUninstallKB50367$\1012991777\@

c:\windows\$NtUninstallKB50367$\1012991777\click.tlb

c:\windows\$NtUninstallKB50367$\1012991777\L\wenmukca

c:\windows\$NtUninstallKB50367$\1012991777\loader.tlb

c:\windows\$NtUninstallKB50367$\1012991777\U\@00000001

c:\windows\$NtUninstallKB50367$\1012991777\U\@000000c0

c:\windows\$NtUninstallKB50367$\1012991777\U\@000000cb

c:\windows\$NtUninstallKB50367$\1012991777\U\@000000cf

c:\windows\$NtUninstallKB50367$\1012991777\U\@80000000

c:\windows\$NtUninstallKB50367$\1012991777\U\@800000c0

c:\windows\$NtUninstallKB50367$\1012991777\U\@800000cb

c:\windows\$NtUninstallKB50367$\1012991777\U\@800000cf

c:\windows\$NtUninstallKB50367$\335944986

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe

c:\windows\system32\

c:\windows\system32\c_95944.nls

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ps2.bat

D:\Autorun.inf

.

Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected

Restored copy from - The cat found it :)

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158745.exe

.

Infected copy of c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158746.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158747.exe

.

Infected copy of c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158749.exe

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158750.exe

.

Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1347\A0159276.exe

.

Infected copy of c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158751.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158756.exe

.

Infected copy of c:\program files\Common Files\LightScribe\LSSrvc.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158752.exe

.

Infected copy of c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158753.exe

.

Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158754.EXE

.

Infected copy of c:\program files\Viewpoint\Common\ViewpointService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158755.exe

.

Infected copy of c:\program files\Common Files\LightScribe\LSSrvc.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158752.exe

Infected copy of c:\program files\Viewpoint\Common\ViewpointService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1344\A0158755.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_3c610721

.

.

((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))

.

.

2011-10-15 07:23 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-10-15 07:23 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys

2011-10-15 03:52 . 2011-10-15 07:12 48016 --sha-w- c:\windows\system32\c_95944.nl_

2011-10-15 03:48 . 2011-10-15 03:48 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-14 00:52 . 2011-10-14 00:52 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\PCHealth

2011-10-12 06:09 . 2011-10-12 06:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-10-12 06:07 . 2011-10-12 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-10-12 06:00 . 2011-10-12 06:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-12 06:00 . 2011-10-12 06:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-12 06:00 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-12 05:52 . 2011-10-12 05:52 -------- d-----w- c:\documents and settings\Administrator

2011-10-12 03:26 . 2011-10-12 03:26 -------- d-sh--w- c:\documents and settings\HP_Owner\Local Settings\Application Data\3c610721

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-15 03:51 . 2004-08-04 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-10-12 05:07 . 2011-07-11 10:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-17 21:32 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2011-08-17 21:32 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-08-17 21:32 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-08-17 21:32 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll

2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-17 12:22 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec

2011-08-12 17:51 . 2005-10-07 01:30 26488 ----a-w- c:\windows\system32\spupdsvc.exe

2011-07-20 00:41 . 2011-07-20 00:41 49152 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

2011-07-20 00:40 . 2011-07-20 00:40 335872 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe

2011-07-20 00:40 . 2011-07-20 00:40 57344 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2004-04-28 12:57 . 2007-07-25 22:38 61440 ----a-w- c:\program files\msado20.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\Launch\aollaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1136692386\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\1136692386\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1136692386\\EE\\aim6.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=

"c:\\Documents and Settings\\HP_Owner\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Documents and Settings\\HP_Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\system32\\dwwin.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Documents and Settings\\HP_Owner\\My Documents\\Downloads\\tdsskiller.exe"=

.

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 4:03 AM 65536]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2007 10:56 PM 24652]

S1 MpKsl46afa75a;MpKsl46afa75a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD3128E1-1073-4D74-96F9-B085688A14B9}\MpKsl46afa75a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD3128E1-1073-4D74-96F9-B085688A14B9}\MpKsl46afa75a.sys [?]

S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [1/15/2007 4:11 PM 73728]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]

S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/4/2004 8:00 AM 5120]

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275057195-2213017311-3621834386-1009Core.job

- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-16 05:24]

.

2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275057195-2213017311-3621834386-1009UA.job

- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-16 05:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cardplayer.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\t3jx1ch4.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.cardplayer.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-VerizonServicepoint.exe - c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe

SafeBoot-02407337.sys

AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-15 03:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2848)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2011-10-15 03:51:17 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-15 07:51

.

Pre-Run: 113,843,249,152 bytes free

Post-Run: 117,695,168,512 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - C44B8CC03602298D386C27B4A3538BBF

Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7950

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

10/15/2011 4:15:36 AM

mbam-log-2011-10-15 (04-15-36).txt

Scan type: Quick scan

Objects scanned: 202487

Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.