6 replies to this topic

[Frozenflames]

I ran combofix a couple days ago because my computer was running a little slow. I got a message saying that "Rootkit.zeroaccess had inserted into the tcp/ip stack" and how it was a difficult infection to get rid of. From that moment on im unable to connect to the internet via wifi or wired. I'd appreciate it if someone could look at my logs. Thanks!

OTL logfile created on: 1/26/2012 1:08:27 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bibek1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.57% Memory free
3.80 Gb Paging File | 2.79 Gb Available in Paging File | 73.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 92.73 Gb Free Space | 62.23% Space Free | Partition Type: NTFS

Computer Name: BIBEK | User Name: Bibek1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bibek1\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - c:\app\Bibek1\product\11.1.0\db_1\BIN\oracle.exe (Oracle Corporation)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\840554c52517e063b0d0b9addfaea39e\Microsoft.ReportingServices.Diagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReportingServicesNa#\67f185d787aa341f391558252b3f7ee8\ReportingServicesNativeClient.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\4547a9ca3f5a7e36d0b123d484a78edd\Microsoft.ReportingServices.Interfaces.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MsDtsSrvr\b880632224f3eb34d7e1ef84acdb2649\MsDtsSrvr.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b540f54be6e0123eb6085e0abc5061a1\Microsoft.SqlServer.DtsServer.Interop.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (OracleOraDb11g_home1ConfigurationManager) -- c:\app\Bibek1\product\11.1.0\db_1\ccr\bin\nmz.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (OracleServiceORCL3) -- c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleServiceORCL1) -- c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleServiceORCL) -- c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleJobSchedulerORCL3) -- c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ()
SRV - (OracleJobSchedulerORCL1) -- c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ()
SRV - (OracleJobSchedulerORCL) -- c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ()
SRV - (OracleDBConsoleorcl3) -- C:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe (Oracle Corporation)
SRV - (OracleOraDb11g_home1TNSListener) -- C:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR.exe ()
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys ()
DRV - (RsFx0150) -- C:\WINDOWS\system32\drivers\RsFx0150.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (BCMWLNPF) -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS (CACE Technologies)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009
FF - prefs.js..keyword.URL: "http://isearch.avg.c...:53:57&sap=ku="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/15 21:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/23 00:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/23 00:07:45 | 000,000,000 | ---D | M]

[2010/11/24 02:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Extensions
[2012/01/24 21:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions
[2011/02/01 00:40:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/07 10:29:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/17 12:52:54 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\toolbar@ask.com
[2012/01/24 21:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/08 00:49:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/30 19:15:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/30 19:14:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/30 19:14:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/12/25 20:53:53 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/01/25 23:29:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6 Freeware\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 23:37:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/25 23:06:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/25 22:28:28 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2012/01/17 00:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/01/17 00:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\AskToolbar
[2012/01/17 00:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\ManyCam
[2012/01/17 00:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\ManyCam
[2012/01/17 00:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
[2012/01/08 20:42:58 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2012/01/26 01:11:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/25 23:41:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/25 23:29:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/25 23:17:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/25 23:14:56 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_23_14_55.dmp
[2012/01/25 23:13:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/25 22:50:20 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_22_50_19.dmp
[2012/01/25 22:32:10 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_22_32_9.dmp
[2012/01/25 21:50:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/25 21:50:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/25 21:47:20 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_21_47_19.dmp
[2012/01/25 08:29:30 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_8_29_29.dmp
[2012/01/24 20:47:20 | 000,752,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/24 20:47:20 | 000,191,000 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/24 14:20:56 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_24_14_20_56.dmp
[2012/01/24 14:04:06 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_24_14_4_4.dmp
[2012/01/23 14:36:25 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_14_36_24.dmp
[2012/01/23 12:28:21 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_12_28_20.dmp
[2012/01/23 00:31:49 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_0_31_46.dmp
[2012/01/22 23:57:09 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_23_57_8.dmp
[2012/01/22 22:44:16 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_22_44_10.dmp
[2012/01/22 16:05:46 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_16_5_46.dmp
[2012/01/22 15:37:23 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_37_21.dmp
[2012/01/22 15:20:20 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_20_20.dmp
[2012/01/22 15:15:16 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\Bibek1\Desktop\ComboFix.exe
[2012/01/22 15:07:07 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_7_7.dmp
[2012/01/22 14:48:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/22 13:20:42 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_13_20_42.dmp
[2012/01/21 22:52:03 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_21_22_52_3.dmp
[2012/01/19 23:33:17 | 000,134,290 | ---- | M] () -- C:\Documents and Settings\Bibek1\Desktop\Apt_pupil_4.jpg
[2012/01/19 22:55:20 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_19_22_55_19.dmp
[2012/01/16 19:13:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
[2012/01/11 17:58:55 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_11_17_58_54.dmp
[2012/01/10 23:39:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/10 13:18:14 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_10_13_18_13.dmp
[2012/01/08 20:42:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/08 14:14:11 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_8_14_14_9.dmp
[2012/01/05 14:03:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/04 15:07:53 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_4_15_7_53.dmp
[2011/12/30 12:32:30 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_30_12_32_28.dmp
[2011/12/27 21:09:41 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_21_9_40.dmp
[2011/12/27 20:44:40 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_20_44_39.dmp
[2011/12/27 18:57:26 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_18_57_22.dmp
[2011/12/27 15:18:40 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_15_18_37.dmp
[2011/12/27 14:23:39 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_14_23_38.dmp

========== Files Created - No Company Name ==========

[2012/01/25 23:14:55 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_23_14_55.dmp
[2012/01/25 22:50:19 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_22_50_19.dmp
[2012/01/25 22:32:10 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_22_32_9.dmp
[2012/01/25 21:47:19 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_21_47_19.dmp
[2012/01/25 08:29:29 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_8_29_29.dmp
[2012/01/24 14:20:56 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_24_14_20_56.dmp
[2012/01/24 14:04:04 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_24_14_4_4.dmp
[2012/01/23 14:36:24 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_14_36_24.dmp
[2012/01/23 12:28:20 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_12_28_20.dmp
[2012/01/23 00:31:46 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_0_31_46.dmp
[2012/01/22 23:57:08 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_23_57_8.dmp
[2012/01/22 22:44:10 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_22_44_10.dmp
[2012/01/22 16:05:46 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_16_5_46.dmp
[2012/01/22 15:37:22 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_37_21.dmp
[2012/01/22 15:20:20 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_20_20.dmp
[2012/01/22 15:07:07 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_7_7.dmp
[2012/01/22 13:20:42 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_13_20_42.dmp
[2012/01/21 22:52:03 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_21_22_52_3.dmp
[2012/01/19 23:33:16 | 000,134,290 | ---- | C] () -- C:\Documents and Settings\Bibek1\Desktop\Apt_pupil_4.jpg
[2012/01/19 22:55:19 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_19_22_55_19.dmp
[2012/01/17 00:06:30 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/11 17:58:54 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_11_17_58_54.dmp
[2012/01/10 13:18:13 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_10_13_18_13.dmp
[2012/01/08 14:14:09 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_8_14_14_9.dmp
[2012/01/04 15:07:53 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_4_15_7_53.dmp
[2011/12/30 12:32:28 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_30_12_32_28.dmp
[2011/12/27 21:09:40 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_21_9_40.dmp
[2011/12/27 20:44:39 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_20_44_39.dmp
[2011/12/27 18:57:22 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_18_57_22.dmp
[2011/12/27 15:18:37 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_15_18_37.dmp
[2011/12/27 14:23:38 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_14_23_38.dmp
[2011/12/26 19:50:57 | 000,001,186 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\23jy7364j01tgdd21ehpv45u53x26s5y
[2011/12/24 01:11:14 | 000,010,682 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\vnvbpu6x1jag7vch0tmi7v176t6q
[2011/12/24 01:11:14 | 000,010,682 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vnvbpu6x1jag7vch0tmi7v176t6q
[2011/12/20 22:36:29 | 000,012,536 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\123170w3x155m388y748j7dbs8c0
[2011/12/20 22:36:29 | 000,012,536 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\123170w3x155m388y748j7dbs8c0
[2011/12/16 23:48:57 | 000,011,794 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\s4tx87v5rt4vto
[2011/12/16 23:48:57 | 000,011,794 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\s4tx87v5rt4vto
[2011/12/15 20:14:44 | 000,011,896 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\wrtxqe4s5omf0cvp3ugj1w488u8g
[2011/12/15 20:14:44 | 000,011,896 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\wrtxqe4s5omf0cvp3ugj1w488u8g
[2011/11/19 15:41:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/19 15:41:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/18 19:00:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/18 19:00:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/18 19:00:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/18 19:00:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/18 19:00:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/16 17:16:37 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/14 21:12:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/08 00:50:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/05 03:57:05 | 000,056,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/28 01:48:07 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/28 01:48:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/24 02:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/25 19:18:30 | 000,148,159 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/08/25 19:18:30 | 000,000,504 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/05/27 19:55:23 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 18:30:51 | 000,000,294 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/27 18:17:03 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/05/27 18:17:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/05/27 18:17:03 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/05/27 18:09:09 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/27 17:35:29 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/05/27 17:35:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/05/27 17:35:02 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/05/27 17:35:02 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/05/27 17:35:00 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/05/26 18:50:02 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/05/26 18:50:02 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/05/26 18:41:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 18:35:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/26 14:24:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/26 14:23:42 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/23 12:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 12:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/13 18:00:00 | 000,752,540 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 18:00:00 | 000,191,000 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 18:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2008/04/13 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 18:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/09 16:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/04/14 22:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 22:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/05/26 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2011/03/24 23:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\cDmDmIaCjKm05200
[2011/03/14 15:29:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/01/25 23:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2010/06/20 13:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PreEmptive Solutions
[2011/06/07 10:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Soulseek
[2010/09/21 22:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/31 00:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\AVG9
[2010/12/22 14:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\Azureus
[2010/08/23 23:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\Deusty
[2010/06/20 16:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\IsolatedStorage
[2012/01/17 00:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\ManyCam
[2010/11/25 14:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\Quest Software
[2010/07/18 12:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\StreamTorrent
[2010/09/26 12:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\vShare
[2012/01/25 23:41:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/26 01:11:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/03/29 22:18:05 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ü) -- C:\WINDOWS\System32\纠Ü
[2011/03/29 22:18:05 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ü) -- C:\WINDOWS\System32\纠Ü
< End of report >

[CeciliaB]

Hi Frozenflames,

Please, post the existing logs of ComboFix and TDSSKiller.
C:\ComboFix.txt
C:\TDSSKiller followed by version and time.

Please, continue with this topic until we are finished with the computer. Last time you left before the computer was cleaned and updated, and then your computer is easier to infect again.

[Frozenflames]

Hi thanks for your reply. I ran combofix again and got that same message about rootkit.zeroaccess. The TDSS version is 2.16.19.0 Nov 16 2011 12:18:50. Below are the logs.

ComboFix 12-01-21.02 - Bibek1 01/27/2012 11:58:55.13.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1268 [GMT -5:00]
Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-26 04:37 . 2012-01-26 04:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-26 03:28 . 2009-12-14 17:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-01-17 05:05 . 2012-01-17 05:06 -------- d-----w- c:\program files\Ask.com
2012-01-17 05:05 . 2012-01-24 18:59 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\AskToolbar
2012-01-17 05:05 . 2012-01-17 05:07 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\ManyCam
2012-01-17 05:05 . 2012-01-17 05:07 -------- d-----w- c:\documents and settings\Bibek1\Application Data\ManyCam
2012-01-17 05:05 . 2012-01-17 05:06 -------- d-----w- c:\program files\ManyCam
2012-01-09 01:42 . 2012-01-09 01:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2008-04-13 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-13 23:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 20:40 . 2011-11-16 22:16 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 14:21 . 2008-04-13 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-13 23:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 17:06 . 2011-11-16 20:37 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-03 15:28 . 2008-04-13 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-13 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-13 23:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-26_04.29.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-27 16:54 . 2012-01-27 16:54 16384 c:\windows\temp\Perflib_Perfdata_67c.dat
- 2010-05-27 23:17 . 2010-01-29 18:02 25088 c:\windows\system32\WLTRYSVC.EXE
+ 2010-05-27 23:17 . 2010-01-29 19:02 25088 c:\windows\system32\WLTRYSVC.EXE
+ 2010-05-27 23:17 . 2010-01-29 19:02 65536 c:\windows\system32\wltrynt.dll
- 2010-05-27 23:17 . 2010-01-29 18:02 65536 c:\windows\system32\wltrynt.dll
- 2010-05-27 23:17 . 2010-01-29 18:02 33664 c:\windows\system32\drivers\BCMWLNPF.SYS
+ 2010-05-27 23:17 . 2010-01-29 19:02 33664 c:\windows\system32\drivers\BCMWLNPF.SYS
+ 2012-01-26 04:42 . 2012-01-27 16:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-26 23:43 . 2012-01-27 16:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-26 23:43 . 2012-01-26 04:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-26 04:42 . 2012-01-27 16:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-01-23 05:34 . 2012-01-26 04:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-27 23:17 . 2010-01-29 19:02 69632 c:\windows\system32\bcmwlpkt.dll
- 2010-05-27 23:17 . 2010-01-29 18:02 69632 c:\windows\system32\bcmwlpkt.dll
- 2010-05-27 23:17 . 2010-01-29 18:02 143360 c:\windows\system32\preflib.dll
+ 2010-05-27 23:17 . 2010-01-29 19:02 143360 c:\windows\system32\preflib.dll
+ 2008-04-13 23:00 . 2012-01-27 00:59 752540 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2012-01-25 01:47 752540 c:\windows\system32\perfh009.dat
+ 2008-04-13 23:00 . 2012-01-27 00:59 191000 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2012-01-25 01:47 191000 c:\windows\system32\perfc009.dat
+ 2010-05-27 22:35 . 2012-01-27 16:57 235038 c:\windows\system32\inetsrv\MetaBase.bin
+ 2010-05-27 23:17 . 2010-01-29 19:02 303104 c:\windows\system32\bcmwlu00.exe
- 2010-05-27 23:17 . 2010-01-29 18:02 303104 c:\windows\system32\bcmwlu00.exe
- 2010-05-27 23:17 . 2010-01-29 18:02 155648 c:\windows\system32\bcmwlapi.dll
+ 2010-05-27 23:17 . 2010-01-29 19:02 155648 c:\windows\system32\bcmwlapi.dll
+ 2010-05-27 23:17 . 2010-01-29 19:02 831488 c:\windows\system32\BCMLogon.dll
- 2010-05-27 23:17 . 2010-01-29 18:02 831488 c:\windows\system32\BCMLogon.dll
- 2010-05-27 23:17 . 2010-01-29 18:02 757760 c:\windows\system32\bcm1xsup.dll
+ 2010-05-27 23:17 . 2010-01-29 19:02 757760 c:\windows\system32\bcm1xsup.dll
- 2010-05-27 23:17 . 2010-01-29 18:02 2498560 c:\windows\system32\WLTRAY.EXE
+ 2010-05-27 23:17 . 2010-01-29 19:02 2498560 c:\windows\system32\WLTRAY.EXE
- 2010-05-27 23:17 . 2010-01-29 18:02 2670592 c:\windows\system32\WLBCGCBPRO731.DLL
+ 2010-05-27 23:17 . 2010-01-29 19:02 2670592 c:\windows\system32\WLBCGCBPRO731.DLL
- 2010-05-27 23:17 . 2010-01-29 18:02 2682880 c:\windows\system32\vcredist_x86.exe
+ 2010-05-27 23:17 . 2010-01-29 19:02 2682880 c:\windows\system32\vcredist_x86.exe
+ 2012-01-27 00:57 . 2010-01-29 18:02 2649216 c:\windows\system32\ReinstallBackups\0029\DriverFiles\BCMWL5.SYS
+ 2010-05-27 23:17 . 2010-01-29 19:02 2649216 c:\windows\system32\drivers\BCMWL5.SYS
- 2010-05-27 23:17 . 2010-01-29 18:02 2649216 c:\windows\system32\drivers\BCMWL5.SYS
+ 2010-05-27 23:17 . 2010-01-29 19:02 2232320 c:\windows\system32\BCMWLTRY.EXE
- 2010-05-27 23:17 . 2010-01-29 18:02 2232320 c:\windows\system32\BCMWLTRY.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 53760]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?]
R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?]
R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [9/29/2011 2:04 AM 21632]
S0 cerc6;cerc6; [x]
S2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800]
S2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448]
S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056]
S2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?]
S2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?]
S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?]
S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2012-01-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc59f329e-6f27-464b-9ff1-8b6b2c8c8ca1%7D&mid=61acb52b8c0960544b2ddf51bb5c9673-75089b781bf2bb9d605566475057e134b747558b&ds=AVG&v=9.0.0.23&lang=en&pr=pr&d=2011-12-25%2020%3A53%3A57&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 12:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR "
.
Completion time: 2012-01-27 12:12:49
ComboFix-quarantined-files.txt 2012-01-27 17:12
ComboFix2.txt 2012-01-26 04:32
ComboFix3.txt 2012-01-23 05:16
ComboFix4.txt 2012-01-23 03:50
ComboFix5.txt 2012-01-27 16:47
.
Pre-Run: 99,418,656,768 bytes free
Post-Run: 99,426,127,872 bytes free
.
- - End Of File - - 9544FD313F4523FA7A05FE76796FE555

12:15:12.0031 3144 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
12:15:12.0078 3144 ============================================================
12:15:12.0078 3144 Current date / time: 2012/01/27 12:15:12.0078
12:15:12.0078 3144 SystemInfo:
12:15:12.0078 3144
12:15:12.0078 3144 OS Version: 5.1.2600 ServicePack: 3.0
12:15:12.0078 3144 Product type: Workstation
12:15:12.0078 3144 ComputerName: BIBEK
12:15:12.0078 3144 UserName: Bibek1
12:15:12.0078 3144 Windows directory: C:\WINDOWS
12:15:12.0078 3144 System windows directory: C:\WINDOWS
12:15:12.0078 3144 Processor architecture: Intel x86
12:15:12.0078 3144 Number of processors: 2
12:15:12.0078 3144 Page size: 0x1000
12:15:12.0078 3144 Boot type: Normal boot
12:15:12.0078 3144 ============================================================
12:15:12.0265 3144 Initialize success
12:15:19.0687 1060 ============================================================
12:15:19.0687 1060 Scan started
12:15:19.0687 1060 Mode: Manual;
12:15:19.0687 1060 ============================================================
12:15:20.0156 1060 Abiosdsk - ok
12:15:20.0156 1060 abp480n5 - ok
12:15:20.0234 1060 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:15:20.0234 1060 ACPI - ok
12:15:20.0406 1060 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:15:20.0406 1060 ACPIEC - ok
12:15:20.0421 1060 adpu160m - ok
12:15:20.0468 1060 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:15:20.0468 1060 aec - ok
12:15:20.0750 1060 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
12:15:20.0750 1060 AESTAud - ok
12:15:20.0968 1060 AFD (3026669a090dbbcd8214388ee1a3b70d) C:\WINDOWS\System32\drivers\afd.sys
12:15:20.0968 1060 AFD - ok
12:15:21.0140 1060 Aha154x - ok
12:15:21.0156 1060 aic78u2 - ok
12:15:21.0171 1060 aic78xx - ok
12:15:21.0187 1060 AliIde - ok
12:15:21.0203 1060 amsint - ok
12:15:21.0265 1060 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:15:21.0265 1060 Arp1394 - ok
12:15:21.0437 1060 asc - ok
12:15:21.0453 1060 asc3350p - ok
12:15:21.0468 1060 asc3550 - ok
12:15:21.0531 1060 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:15:21.0531 1060 AsyncMac - ok
12:15:21.0734 1060 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
12:15:21.0734 1060 atapi - ok
12:15:21.0890 1060 Atdisk - ok
12:15:21.0937 1060 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:15:21.0937 1060 Atmarpc - ok
12:15:22.0031 1060 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:15:22.0031 1060 audstub - ok
12:15:22.0250 1060 b57w2k (559ddda2c88459478056174247706deb) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:15:22.0250 1060 b57w2k - ok
12:15:22.0390 1060 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
12:15:22.0390 1060 BASFND - ok
12:15:22.0625 1060 BCM43XX (7b933c0b1eeee03b4f6239490dbcb5f2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:15:22.0656 1060 BCM43XX - ok
12:15:22.0859 1060 BCMWLNPF (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys
12:15:22.0859 1060 BCMWLNPF - ok
12:15:23.0046 1060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:15:23.0046 1060 Beep - ok
12:15:23.0109 1060 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
12:15:23.0125 1060 Blfp - ok
12:15:23.0281 1060 catchme - ok
12:15:23.0468 1060 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:15:23.0468 1060 cbidf2k - ok
12:15:23.0656 1060 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:15:23.0656 1060 CCDECODE - ok
12:15:23.0812 1060 cd20xrnt - ok
12:15:23.0859 1060 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:15:23.0859 1060 Cdaudio - ok
12:15:24.0078 1060 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:15:24.0078 1060 Cdfs - ok
12:15:24.0156 1060 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:15:24.0171 1060 Cdrom - ok
12:15:24.0250 1060 cerc6 - ok
12:15:24.0281 1060 Changer - ok
12:15:24.0343 1060 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:15:24.0343 1060 CmBatt - ok
12:15:24.0421 1060 CmdIde - ok
12:15:24.0500 1060 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:15:24.0500 1060 Compbatt - ok
12:15:24.0593 1060 Cpqarray - ok
12:15:24.0656 1060 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
12:15:24.0656 1060 CVirtA - ok
12:15:24.0859 1060 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
12:15:24.0859 1060 CVPNDRVA - ok
12:15:25.0031 1060 dac2w2k - ok
12:15:25.0046 1060 dac960nt - ok
12:15:25.0109 1060 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:15:25.0109 1060 Disk - ok
12:15:25.0359 1060 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:15:25.0375 1060 dmboot - ok
12:15:25.0609 1060 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:15:25.0609 1060 dmio - ok
12:15:25.0656 1060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:15:25.0656 1060 dmload - ok
12:15:25.0718 1060 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:15:25.0718 1060 DMusic - ok
12:15:25.0921 1060 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
12:15:25.0921 1060 DNE - ok
12:15:25.0937 1060 dpti2o - ok
12:15:25.0953 1060 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:15:25.0953 1060 drmkaud - ok
12:15:26.0046 1060 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:15:26.0046 1060 Fastfat - ok
12:15:26.0265 1060 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:15:26.0265 1060 Fdc - ok
12:15:26.0312 1060 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:15:26.0312 1060 Fips - ok
12:15:26.0531 1060 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:15:26.0531 1060 Flpydisk - ok
12:15:26.0734 1060 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:15:26.0734 1060 FltMgr - ok
12:15:26.0812 1060 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:15:26.0812 1060 Fs_Rec - ok
12:15:26.0968 1060 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:15:26.0984 1060 Ftdisk - ok
12:15:27.0031 1060 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:15:27.0031 1060 GEARAspiWDM - ok
12:15:27.0250 1060 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:15:27.0250 1060 Gpc - ok
12:15:27.0328 1060 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:15:27.0328 1060 HDAudBus - ok
12:15:27.0500 1060 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:15:27.0500 1060 HidUsb - ok
12:15:27.0531 1060 hpn - ok
12:15:27.0687 1060 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:15:27.0687 1060 HPZid412 - ok
12:15:27.0875 1060 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:15:27.0875 1060 HPZipr12 - ok
12:15:27.0906 1060 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:15:27.0906 1060 HPZius12 - ok
12:15:28.0109 1060 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:15:28.0125 1060 HTTP - ok
12:15:28.0140 1060 i2omgmt - ok
12:15:28.0140 1060 i2omp - ok
12:15:28.0203 1060 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:15:28.0218 1060 i8042prt - ok
12:15:28.0734 1060 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:15:28.0812 1060 ialm - ok
12:15:29.0031 1060 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys
12:15:29.0031 1060 iastor - ok
12:15:29.0093 1060 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:15:29.0093 1060 Imapi - ok
12:15:29.0265 1060 ini910u - ok
12:15:29.0328 1060 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
12:15:29.0328 1060 IntcHdmiAddService - ok
12:15:29.0500 1060 IntelIde - ok
12:15:29.0546 1060 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:15:29.0546 1060 intelppm - ok
12:15:29.0750 1060 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:15:29.0750 1060 Ip6Fw - ok
12:15:29.0937 1060 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:15:29.0937 1060 IpFilterDriver - ok
12:15:29.0984 1060 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:15:29.0984 1060 IpInIp - ok
12:15:30.0187 1060 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:15:30.0187 1060 IpNat - ok
12:15:30.0265 1060 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:15:30.0265 1060 IPSec - ok
12:15:30.0515 1060 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:15:30.0515 1060 IRENUM - ok
12:15:30.0703 1060 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:15:30.0703 1060 isapnp - ok
12:15:30.0750 1060 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:15:30.0750 1060 Kbdclass - ok
12:15:30.0984 1060 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:15:30.0984 1060 kbdhid - ok
12:15:31.0203 1060 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:15:31.0203 1060 kmixer - ok
12:15:31.0265 1060 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:15:31.0265 1060 KSecDD - ok
12:15:31.0343 1060 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
12:15:31.0343 1060 Lbd - ok
12:15:31.0500 1060 lbrtfdc - ok
12:15:31.0562 1060 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
12:15:31.0562 1060 ManyCam - ok
12:15:31.0734 1060 MBAMSwissArmy - ok
12:15:31.0796 1060 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:15:31.0796 1060 mnmdd - ok
12:15:31.0984 1060 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:15:31.0984 1060 Modem - ok
12:15:32.0031 1060 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:15:32.0031 1060 Mouclass - ok
12:15:32.0234 1060 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:15:32.0234 1060 mouhid - ok
12:15:32.0312 1060 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:15:32.0312 1060 MountMgr - ok
12:15:32.0484 1060 mraid35x - ok
12:15:32.0500 1060 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:15:32.0500 1060 MRxDAV - ok
12:15:32.0578 1060 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:15:32.0593 1060 MRxSmb - ok
12:15:32.0812 1060 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:15:32.0812 1060 Msfs - ok
12:15:33.0031 1060 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:15:33.0031 1060 MSKSSRV - ok
12:15:33.0062 1060 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:15:33.0078 1060 MSPCLOCK - ok
12:15:33.0218 1060 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:15:33.0218 1060 MSPQM - ok
12:15:33.0281 1060 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:15:33.0281 1060 mssmbios - ok
12:15:33.0500 1060 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:15:33.0500 1060 MSTEE - ok
12:15:33.0578 1060 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:15:33.0578 1060 Mup - ok
12:15:33.0781 1060 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:15:33.0781 1060 NABTSFEC - ok
12:15:33.0859 1060 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:15:33.0859 1060 NDIS - ok
12:15:33.0906 1060 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:15:33.0906 1060 NdisIP - ok
12:15:34.0171 1060 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:15:34.0171 1060 NdisTapi - ok
12:15:34.0265 1060 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:15:34.0265 1060 Ndisuio - ok
12:15:34.0484 1060 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:15:34.0484 1060 NdisWan - ok
12:15:34.0687 1060 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:15:34.0703 1060 NDProxy - ok
12:15:34.0734 1060 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:15:34.0734 1060 NetBIOS - ok
12:15:34.0812 1060 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:15:34.0812 1060 NetBT - ok
12:15:34.0875 1060 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:15:34.0875 1060 NIC1394 - ok
12:15:35.0078 1060 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
12:15:35.0078 1060 nm - ok
12:15:35.0140 1060 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:15:35.0140 1060 Npfs - ok
12:15:35.0296 1060 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:15:35.0296 1060 Ntfs - ok
12:15:35.0515 1060 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:15:35.0515 1060 Null - ok
12:15:35.0546 1060 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:15:35.0546 1060 NwlnkFlt - ok
12:15:35.0578 1060 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:15:35.0578 1060 NwlnkFwd - ok
12:15:35.0781 1060 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:15:35.0781 1060 NwlnkIpx - ok
12:15:35.0812 1060 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:15:35.0828 1060 NwlnkNb - ok
12:15:36.0015 1060 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:15:36.0015 1060 NwlnkSpx - ok
12:15:36.0093 1060 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
12:15:36.0093 1060 NWRDR - ok
12:15:36.0281 1060 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:15:36.0281 1060 ohci1394 - ok
12:15:36.0281 1060 OMCI - ok
12:15:36.0390 1060 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:15:36.0390 1060 Parport - ok
12:15:36.0578 1060 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:15:36.0578 1060 PartMgr - ok
12:15:36.0625 1060 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:15:36.0625 1060 ParVdm - ok
12:15:36.0875 1060 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:15:36.0875 1060 PCI - ok
12:15:36.0968 1060 PCIDump - ok
12:15:37.0093 1060 PCIIde - ok
12:15:37.0171 1060 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:15:37.0171 1060 Pcmcia - ok
12:15:37.0187 1060 PDCOMP - ok
12:15:37.0203 1060 PDFRAME - ok
12:15:37.0218 1060 PDRELI - ok
12:15:37.0234 1060 PDRFRAME - ok
12:15:37.0250 1060 perc2 - ok
12:15:37.0250 1060 perc2hib - ok
12:15:37.0406 1060 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
12:15:37.0453 1060 PID_PEPI - ok
12:15:37.0671 1060 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:15:37.0671 1060 PptpMiniport - ok
12:15:37.0687 1060 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:15:37.0687 1060 PSched - ok
12:15:37.0906 1060 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:15:37.0906 1060 Ptilink - ok
12:15:37.0984 1060 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:15:37.0984 1060 PxHelp20 - ok
12:15:38.0078 1060 ql1080 - ok
12:15:38.0109 1060 Ql10wnt - ok
12:15:38.0218 1060 ql12160 - ok
12:15:38.0250 1060 ql1240 - ok
12:15:38.0265 1060 ql1280 - ok
12:15:38.0312 1060 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:15:38.0312 1060 RasAcd - ok
12:15:38.0453 1060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:15:38.0453 1060 Rasl2tp - ok
12:15:38.0593 1060 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:15:38.0593 1060 RasPppoe - ok
12:15:38.0656 1060 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:15:38.0656 1060 Raspti - ok
12:15:38.0734 1060 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:15:38.0734 1060 Rdbss - ok
12:15:38.0953 1060 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:15:38.0953 1060 RDPCDD - ok
12:15:39.0031 1060 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:15:39.0031 1060 rdpdr - ok
12:15:39.0250 1060 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:15:39.0250 1060 RDPWD - ok
12:15:39.0453 1060 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:15:39.0453 1060 redbook - ok
12:15:39.0531 1060 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:15:39.0531 1060 rimmptsk - ok
12:15:39.0750 1060 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
12:15:39.0750 1060 RsFx0150 - ok
12:15:39.0812 1060 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:15:39.0812 1060 sdbus - ok
12:15:40.0000 1060 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:15:40.0000 1060 Secdrv - ok
12:15:40.0062 1060 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:15:40.0062 1060 serenum - ok
12:15:40.0156 1060 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:15:40.0156 1060 Serial - ok
12:15:40.0375 1060 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:15:40.0375 1060 Sfloppy - ok
12:15:40.0390 1060 Simbad - ok
12:15:40.0453 1060 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:15:40.0453 1060 SLIP - ok
12:15:40.0468 1060 Sparrow - ok
12:15:40.0515 1060 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:15:40.0515 1060 splitter - ok
12:15:40.0734 1060 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:15:40.0734 1060 sr - ok
12:15:40.0828 1060 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:15:40.0828 1060 Srv - ok
12:15:41.0125 1060 STHDA (c111965a8dbd00768787d807ec3113ff) C:\WINDOWS\system32\drivers\sthda.sys
12:15:41.0156 1060 STHDA - ok
12:15:41.0343 1060 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:15:41.0343 1060 streamip - ok
12:15:41.0406 1060 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:15:41.0406 1060 swenum - ok
12:15:41.0609 1060 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:15:41.0625 1060 swmidi - ok
12:15:41.0625 1060 symc810 - ok
12:15:41.0640 1060 symc8xx - ok
12:15:41.0656 1060 sym_hi - ok
12:15:41.0671 1060 sym_u3 - ok
12:15:41.0750 1060 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:15:41.0750 1060 sysaudio - ok
12:15:41.0984 1060 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:15:41.0984 1060 Tcpip - ok
12:15:42.0187 1060 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
12:15:42.0187 1060 Tcpip6 - ok
12:15:42.0375 1060 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:15:42.0375 1060 TDPIPE - ok
12:15:42.0390 1060 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:15:42.0390 1060 TDTCP - ok
12:15:42.0593 1060 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:15:42.0593 1060 TermDD - ok
12:15:42.0625 1060 TosIde - ok
12:15:42.0671 1060 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
12:15:42.0671 1060 tunmp - ok
12:15:42.0859 1060 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:15:42.0859 1060 Udfs - ok
12:15:43.0015 1060 ultra - ok
12:15:43.0156 1060 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:15:43.0156 1060 Update - ok
12:15:43.0203 1060 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:15:43.0203 1060 USBAAPL - ok
12:15:43.0390 1060 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:15:43.0390 1060 usbaudio - ok
12:15:43.0593 1060 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:15:43.0593 1060 usbccgp - ok
12:15:43.0781 1060 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:15:43.0781 1060 usbehci - ok
12:15:43.0796 1060 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:15:43.0796 1060 usbhub - ok
12:15:44.0000 1060 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:15:44.0000 1060 usbprint - ok
12:15:44.0171 1060 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:15:44.0171 1060 usbscan - ok
12:15:44.0203 1060 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:15:44.0203 1060 USBSTOR - ok
12:15:44.0390 1060 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:15:44.0406 1060 usbuhci - ok
12:15:44.0609 1060 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:15:44.0609 1060 VgaSave - ok
12:15:44.0625 1060 ViaIde - ok
12:15:44.0656 1060 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:15:44.0656 1060 VolSnap - ok
12:15:44.0875 1060 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:15:44.0875 1060 Wanarp - ok
12:15:44.0890 1060 WDICA - ok
12:15:44.0968 1060 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:15:44.0984 1060 wdmaud - ok
12:15:45.0046 1060 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:15:45.0046 1060 WmiAcpi - ok
12:15:45.0281 1060 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:15:45.0281 1060 WS2IFSL - ok
12:15:45.0328 1060 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:15:45.0328 1060 WSTCODEC - ok
12:15:45.0390 1060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:15:45.0593 1060 \Device\Harddisk0\DR0 - ok
12:15:45.0593 1060 Boot (0x1200) (3b766caae4df9f19e5ddbb92496611d9) \Device\Harddisk0\DR0\Partition0
12:15:45.0593 1060 \Device\Harddisk0\DR0\Partition0 - ok
12:15:45.0593 1060 ============================================================
12:15:45.0593 1060 Scan finished
12:15:45.0593 1060 ============================================================
12:15:45.0609 2984 Detected object count: 0
12:15:45.0609 2984 Actual detected object count: 0

[CeciliaB]

1.
Please, delete your TDSSKiller since it is an old version.
Save TDSSKiller on the Desktop:
http://support.kaspe.../tdsskiller.zip

Right-click and select Extract all. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on Start Scan.

If any threats are found select Cure and click Continue. If Cure isn't available select Skip. Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

2.
Please, let aswMBR scan the computer, see http://public.avast....erek/aswMBR.htm

Follow only the first section, "How to scan", and don't try to fix anything. Post its log.

[Frozenflames]

I ran TDSS and it found and cured the rootkit.zeroaccess. I had to reboot the computer so after it booted i went into the TDSS folder in C:\ but could not find the log. there are folders in there like susp0000, susp0001, and so on but not the log. After I booted the computer i can now access the web. Below is the log for aswMBR.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-27 13:50:56
-----------------------------
13:50:56.281 OS Version: Windows 5.1.2600 Service Pack 3
13:50:56.281 Number of processors: 2 586 0xF0D
13:50:56.281 ComputerName: BIBEK UserName:
13:50:57.500 Initialize success
13:51:16.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:51:16.390 Disk 0 Vendor: TOSHIBA_ FG01 Size: 152627MB BusType: 3
13:51:16.406 Disk 0 MBR read successfully
13:51:16.406 Disk 0 MBR scan
13:51:16.406 Disk 0 Windows XP default MBR code
13:51:16.406 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:51:16.421 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 81920
13:51:16.421 Disk 0 scanning sectors +312579760
13:51:16.500 Disk 0 scanning C:\WINDOWS\system32\drivers
13:51:25.953 Service scanning
13:51:28.640 Modules scanning
13:51:40.906 Disk 0 trace - called modules:
13:51:40.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
13:51:40.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a789488]
13:51:40.953 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a1ee028]
13:51:40.953 Scan finished successfully
13:51:52.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bibek1\Desktop\MBR.dat"
13:51:52.140 The log file has been saved successfully to "C:\Documents and Settings\Bibek1\Desktop\aswMBR.txt"

[CeciliaB]

TDSSKiller's log is placed in C:\ and not in the TDSS folder.

Please, run ComboFix and OTL again, post their logs too. Tell me if ComboFix gives you any messages.

[CeciliaB]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !