Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect/no sound malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 augdog74

augdog74

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 October 2011 - 02:05 PM

I have Windows XP and use Firefox as my browser. I use spyzooka as a malware remover. I have noticed that my Google searches redirect when I click on the link. I also have no sound. I have tried to run Malwarebytes and Spyzooka scans but am not allowed to do so. I now have constant Malwarebytes messages in the botton right corner of my screen, showing ip address and warning that these are malicious. I am also getting popups about winning something, with the current days date. What can I do to get rid of this?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:57 PM

Posted 10 October 2011 - 08:42 PM

Hello and welcome,let's see if we can do these and review the logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Edited by boopme, 10 October 2011 - 08:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 October 2011 - 10:08 PM

I'm trying to reply but it won't let me.

#4 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 October 2011 - 10:12 PM

21:47:25.0765 2756 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
21:47:26.0296 2756 ============================================================
21:47:26.0296 2756 Current date / time: 2011/10/10 21:47:26.0296
21:47:26.0296 2756 SystemInfo:
21:47:26.0296 2756
21:47:26.0296 2756 OS Version: 5.1.2600 ServicePack: 3.0
21:47:26.0296 2756 Product type: Workstation
21:47:26.0296 2756 ComputerName: AUGDOG
21:47:26.0296 2756 UserName: Bryan
21:47:26.0296 2756 Windows directory: C:\WINDOWS
21:47:26.0296 2756 System windows directory: C:\WINDOWS
21:47:26.0296 2756 Processor architecture: Intel x86
21:47:26.0296 2756 Number of processors: 2
21:47:26.0296 2756 Page size: 0x1000
21:47:26.0296 2756 Boot type: Normal boot
21:47:26.0296 2756 ============================================================
21:47:26.0640 2756 Initialize success
21:47:29.0031 0656 ============================================================
21:47:29.0031 0656 Scan started
21:47:29.0031 0656 Mode: Manual;
21:47:29.0031 0656 ============================================================
21:47:29.0890 0656 Abiosdsk - ok
21:47:29.0906 0656 abp480n5 - ok
21:47:30.0015 0656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:47:30.0015 0656 ACPI - ok
21:47:30.0062 0656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:47:30.0062 0656 ACPIEC - ok
21:47:30.0062 0656 adpu160m - ok
21:47:30.0109 0656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:47:30.0125 0656 aec - ok
21:47:30.0187 0656 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
21:47:30.0187 0656 AFD - ok
21:47:30.0187 0656 Aha154x - ok
21:47:30.0203 0656 aic78u2 - ok
21:47:30.0203 0656 aic78xx - ok
21:47:30.0218 0656 AliIde - ok
21:47:30.0234 0656 amsint - ok
21:47:30.0234 0656 asc - ok
21:47:30.0312 0656 asc3350p - ok
21:47:30.0359 0656 asc3550 - ok
21:47:30.0421 0656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:47:30.0421 0656 AsyncMac - ok
21:47:30.0453 0656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:47:30.0453 0656 atapi - ok
21:47:30.0484 0656 Atdisk - ok
21:47:30.0500 0656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:47:30.0515 0656 Atmarpc - ok
21:47:30.0593 0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:47:30.0593 0656 audstub - ok
21:47:30.0640 0656 b57w2k (8c0403aa21029804f31d869e6b0adedf) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:47:30.0656 0656 b57w2k - ok
21:47:30.0687 0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:47:30.0687 0656 Beep - ok
21:47:30.0734 0656 c07f5f53 (7781b2cdc88c19bedaa8bf7a8690a4a7) C:\WINDOWS\1398767552:1065394348.exe
21:47:30.0734 0656 Suspicious file (Hidden): C:\WINDOWS\1398767552:1065394348.exe. md5: 7781b2cdc88c19bedaa8bf7a8690a4a7
21:47:30.0734 0656 c07f5f53 ( HiddenFile.Multi.Generic ) - warning
21:47:30.0734 0656 c07f5f53 - detected HiddenFile.Multi.Generic (1)
21:47:30.0796 0656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:47:30.0796 0656 cbidf2k - ok
21:47:30.0828 0656 cd20xrnt - ok
21:47:30.0843 0656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:47:30.0843 0656 Cdaudio - ok
21:47:30.0906 0656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:47:30.0906 0656 Cdfs - ok
21:47:30.0953 0656 Cdrom (26d17acd128b2a60551146fb5a715ca4) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:47:30.0953 0656 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 26d17acd128b2a60551146fb5a715ca4, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
21:47:30.0953 0656 Cdrom ( ForgedFile.Multi.Generic ) - warning
21:47:30.0953 0656 Cdrom - detected ForgedFile.Multi.Generic (1)
21:47:31.0000 0656 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:47:31.0000 0656 cercsr6 - ok
21:47:31.0031 0656 Changer - ok
21:47:31.0046 0656 CmdIde - ok
21:47:31.0109 0656 Cpqarray - ok
21:47:31.0125 0656 dac2w2k - ok
21:47:31.0125 0656 dac960nt - ok
21:47:31.0203 0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:47:31.0203 0656 Disk - ok
21:47:31.0265 0656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:47:31.0312 0656 dmboot - ok
21:47:31.0359 0656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:47:31.0359 0656 dmio - ok
21:47:31.0406 0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:47:31.0406 0656 dmload - ok
21:47:31.0484 0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:47:31.0484 0656 DMusic - ok
21:47:31.0515 0656 dpti2o - ok
21:47:31.0546 0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:47:31.0546 0656 drmkaud - ok
21:47:31.0609 0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:47:31.0625 0656 Fastfat - ok
21:47:31.0656 0656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:47:31.0656 0656 Fdc - ok
21:47:31.0671 0656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:47:31.0671 0656 Fips - ok
21:47:31.0703 0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:47:31.0703 0656 Flpydisk - ok
21:47:31.0796 0656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:47:31.0796 0656 FltMgr - ok
21:47:31.0843 0656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:47:31.0843 0656 Fs_Rec - ok
21:47:31.0890 0656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:47:31.0890 0656 Ftdisk - ok
21:47:31.0921 0656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:47:31.0921 0656 Gpc - ok
21:47:31.0953 0656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:47:31.0953 0656 HDAudBus - ok
21:47:31.0984 0656 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:47:31.0984 0656 hidusb - ok
21:47:32.0015 0656 hpn - ok
21:47:32.0093 0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:47:32.0109 0656 HTTP - ok
21:47:32.0125 0656 i2omgmt - ok
21:47:32.0171 0656 i2omp - ok
21:47:32.0234 0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:47:32.0234 0656 i8042prt - ok
21:47:32.0281 0656 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:47:32.0296 0656 iastor - ok
21:47:32.0312 0656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:47:32.0312 0656 Imapi - ok
21:47:32.0359 0656 ini910u - ok
21:47:32.0406 0656 IntelIde - ok
21:47:32.0421 0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:47:32.0421 0656 intelppm - ok
21:47:32.0453 0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:47:32.0453 0656 Ip6Fw - ok
21:47:32.0515 0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:47:32.0515 0656 IpFilterDriver - ok
21:47:32.0562 0656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:47:32.0562 0656 IpInIp - ok
21:47:32.0609 0656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:47:32.0625 0656 IpNat - ok
21:47:32.0625 0656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:47:32.0625 0656 IPSec - ok
21:47:32.0656 0656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:47:32.0656 0656 IRENUM - ok
21:47:32.0687 0656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:47:32.0687 0656 isapnp - ok
21:47:32.0703 0656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:47:32.0703 0656 Kbdclass - ok
21:47:32.0734 0656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:47:32.0734 0656 kbdhid - ok
21:47:32.0781 0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:47:32.0781 0656 kmixer - ok
21:47:32.0828 0656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:47:32.0828 0656 KSecDD - ok
21:47:32.0859 0656 lbrtfdc - ok
21:47:32.0890 0656 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:47:32.0890 0656 MBAMProtector - ok
21:47:32.0968 0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:47:32.0968 0656 mnmdd - ok
21:47:33.0015 0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:47:33.0015 0656 Modem - ok
21:47:33.0062 0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:47:33.0062 0656 Mouclass - ok
21:47:33.0109 0656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:47:33.0109 0656 mouhid - ok
21:47:33.0125 0656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:47:33.0140 0656 MountMgr - ok
21:47:33.0156 0656 mraid35x - ok
21:47:33.0187 0656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:47:33.0203 0656 MRxDAV - ok
21:47:33.0281 0656 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:47:33.0296 0656 MRxSmb - ok
21:47:33.0343 0656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:47:33.0343 0656 Msfs - ok
21:47:33.0406 0656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:47:33.0406 0656 MSKSSRV - ok
21:47:33.0468 0656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:47:33.0468 0656 MSPCLOCK - ok
21:47:33.0515 0656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:47:33.0515 0656 MSPQM - ok
21:47:33.0593 0656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:47:33.0593 0656 mssmbios - ok
21:47:33.0609 0656 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:47:33.0625 0656 Mup - ok
21:47:33.0640 0656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:47:33.0640 0656 NDIS - ok
21:47:33.0687 0656 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:47:33.0687 0656 NdisTapi - ok
21:47:33.0703 0656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:47:33.0703 0656 Ndisuio - ok
21:47:33.0703 0656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:47:33.0703 0656 NdisWan - ok
21:47:33.0781 0656 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:47:33.0781 0656 NDProxy - ok
21:47:33.0812 0656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:47:33.0812 0656 NetBIOS - ok
21:47:33.0843 0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:47:33.0843 0656 NetBT - ok
21:47:33.0906 0656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:47:33.0906 0656 Npfs - ok
21:47:33.0984 0656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:47:33.0984 0656 Ntfs - ok
21:47:34.0046 0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:47:34.0046 0656 Null - ok
21:47:34.0171 0656 nv (a93a67f645ea424f0752f8887860fb5f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:47:34.0250 0656 nv - ok
21:47:34.0281 0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:47:34.0281 0656 NwlnkFlt - ok
21:47:34.0296 0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:47:34.0296 0656 NwlnkFwd - ok
21:47:34.0312 0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:47:34.0328 0656 Parport - ok
21:47:34.0343 0656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:47:34.0343 0656 PartMgr - ok
21:47:34.0390 0656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:47:34.0390 0656 ParVdm - ok
21:47:34.0390 0656 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:47:34.0390 0656 PCI - ok
21:47:34.0406 0656 PCIDump - ok
21:47:34.0437 0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:47:34.0437 0656 PCIIde - ok
21:47:34.0484 0656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:47:34.0484 0656 Pcmcia - ok
21:47:34.0531 0656 PDCOMP - ok
21:47:34.0578 0656 PDFRAME - ok
21:47:34.0578 0656 PDRELI - ok
21:47:34.0593 0656 PDRFRAME - ok
21:47:34.0671 0656 perc2 - ok
21:47:34.0671 0656 perc2hib - ok
21:47:34.0781 0656 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
21:47:34.0781 0656 pnarp - ok
21:47:34.0796 0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:47:34.0796 0656 PptpMiniport - ok
21:47:34.0812 0656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:47:34.0812 0656 PSched - ok
21:47:34.0859 0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:47:34.0859 0656 Ptilink - ok
21:47:34.0890 0656 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
21:47:34.0890 0656 purendis - ok
21:47:34.0921 0656 ql1080 - ok
21:47:34.0968 0656 Ql10wnt - ok
21:47:34.0984 0656 ql12160 - ok
21:47:34.0984 0656 ql1240 - ok
21:47:35.0000 0656 ql1280 - ok
21:47:35.0046 0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:47:35.0046 0656 RasAcd - ok
21:47:35.0109 0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:47:35.0125 0656 Rasl2tp - ok
21:47:35.0140 0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:47:35.0140 0656 RasPppoe - ok
21:47:35.0187 0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:47:35.0187 0656 Raspti - ok
21:47:35.0250 0656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:47:35.0250 0656 Rdbss - ok
21:47:35.0250 0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:47:35.0250 0656 RDPCDD - ok
21:47:35.0281 0656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:47:35.0281 0656 rdpdr - ok
21:47:35.0343 0656 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:47:35.0343 0656 RDPWD - ok
21:47:35.0359 0656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:47:35.0359 0656 redbook - ok
21:47:35.0406 0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:47:35.0406 0656 Secdrv - ok
21:47:35.0453 0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:47:35.0453 0656 serenum - ok
21:47:35.0484 0656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:47:35.0484 0656 Serial - ok
21:47:35.0515 0656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:47:35.0515 0656 Sfloppy - ok
21:47:35.0546 0656 Simbad - ok
21:47:35.0593 0656 Sparrow - ok
21:47:35.0656 0656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:47:35.0656 0656 splitter - ok
21:47:35.0671 0656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:47:35.0671 0656 sr - ok
21:47:35.0734 0656 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:47:35.0734 0656 Srv - ok
21:47:35.0859 0656 STHDA (9db5dbed65f2d74acd1d20a53898af79) C:\WINDOWS\system32\drivers\sthda.sys
21:47:35.0859 0656 STHDA - ok
21:47:35.0921 0656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:47:35.0921 0656 swenum - ok
21:47:35.0953 0656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:47:35.0953 0656 swmidi - ok
21:47:35.0968 0656 symc810 - ok
21:47:35.0968 0656 symc8xx - ok
21:47:36.0031 0656 sym_hi - ok
21:47:36.0031 0656 sym_u3 - ok
21:47:36.0109 0656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:47:36.0109 0656 sysaudio - ok
21:47:36.0171 0656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:47:36.0187 0656 Tcpip - ok
21:47:36.0218 0656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:47:36.0218 0656 TDPIPE - ok
21:47:36.0234 0656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:47:36.0234 0656 TDTCP - ok
21:47:36.0265 0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:47:36.0265 0656 TermDD - ok
21:47:36.0296 0656 TosIde - ok
21:47:36.0375 0656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:47:36.0375 0656 Udfs - ok
21:47:36.0375 0656 ultra - ok
21:47:36.0437 0656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:47:36.0453 0656 Update - ok
21:47:36.0500 0656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:47:36.0500 0656 usbccgp - ok
21:47:36.0531 0656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:47:36.0531 0656 usbehci - ok
21:47:36.0562 0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:47:36.0562 0656 usbhub - ok
21:47:36.0593 0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:47:36.0593 0656 usbprint - ok
21:47:36.0671 0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:47:36.0687 0656 usbscan - ok
21:47:36.0718 0656 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:47:36.0718 0656 usbstor - ok
21:47:36.0750 0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:47:36.0750 0656 usbuhci - ok
21:47:36.0781 0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:47:36.0781 0656 VgaSave - ok
21:47:36.0796 0656 ViaIde - ok
21:47:36.0859 0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:47:36.0859 0656 VolSnap - ok
21:47:36.0875 0656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:47:36.0875 0656 Wanarp - ok
21:47:36.0875 0656 WDICA - ok
21:47:36.0906 0656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:47:36.0906 0656 wdmaud - ok
21:47:36.0953 0656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:47:36.0953 0656 WudfPf - ok
21:47:36.0984 0656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:47:36.0984 0656 WudfRd - ok
21:47:37.0000 0656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:47:37.0125 0656 \Device\Harddisk0\DR0 - ok
21:47:37.0125 0656 Boot (0x1200) (8a43b3834510966826af3402c24ec962) \Device\Harddisk0\DR0\Partition0
21:47:37.0125 0656 \Device\Harddisk0\DR0\Partition0 - ok
21:47:37.0125 0656 ============================================================
21:47:37.0125 0656 Scan finished
21:47:37.0125 0656 ============================================================
21:47:37.0125 1944 Detected object count: 2
21:47:37.0125 1944 Actual detected object count: 2
21:48:00.0234 1944 C:\WINDOWS\1398767552:1065394348.exe - copied to quarantine
21:48:00.0234 1944 c07f5f53 ( HiddenFile.Multi.Generic ) - User select action: Quarantine
21:48:00.0296 1944 C:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine
21:48:00.0296 1944 Cdrom ( ForgedFile.Multi.Generic ) - User select action: Quarantine

#5 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 October 2011 - 10:13 PM

I'm having trouble posting the Minitoolbox log. Error message comes up. When I ran TDSSKILLER, there was no cure option. I could skip or quarantine.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:57 PM

Posted 10 October 2011 - 10:19 PM

You cannot copy/paste it?
Are you getting a board error?


Quarantine was OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 October 2011 - 10:31 PM

If I paste it and hit reply, firefox is giving me a network error, as if I'm not connected.

it actually says, "connection was reset"

Edited by augdog74, 10 October 2011 - 10:32 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:57 PM

Posted 10 October 2011 - 10:38 PM

For the connection try ...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.


Man I hope this works as I have to go now,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 October 2011 - 10:43 PM

I'll try from a different pc tomorrow..thanks!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:57 PM

Posted 10 October 2011 - 10:45 PM

Or you can try a System Retore to a date before all this started and then run the tools.
Windows XP System Restore Guide
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 October 2011 - 11:02 PM

I tried Malwarebytes and still couldn't get that to work. It started to scan and then exited. If I tried using it again, it says Windows can't access the file.

#12 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 October 2011 - 11:03 PM

Or you can try a System Retore to a date before all this started and then run the tools.
Windows XP System Restore Guide

I tried system restore already and didn't have any luck.

#13 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 11 October 2011 - 07:56 AM

I was able to send this from a different pc. I still can't get malwarebytes to run though.


MiniToolBox by Farbar
Ran by Bryan (administrator) on 10-10-2011 at 21:45:07
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : augdog

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : windstream.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : windstream.net

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-19-B9-22-24-B8

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 69.66.0.20

69.66.1.20

Lease Obtained. . . . . . . . . . : Saturday, October 08, 2011 5:07:43 PM

Lease Expires . . . . . . . . . . : Sunday, October 09, 2011 5:07:43 PM



Pinging google.com [74.125.73.106] with 32 bytes of data:



Reply from 74.125.73.106: bytes=32 time=81ms TTL=49

Reply from 74.125.73.106: bytes=32 time=81ms TTL=49



Ping statistics for 74.125.73.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 81ms, Maximum = 81ms, Average = 81ms



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=129ms TTL=42

Reply from 72.30.2.43: bytes=32 time=127ms TTL=42



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 127ms, Maximum = 129ms, Average = 128ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 b9 22 24 b8 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/08/2011 05:08:13 PM) (Source: Application Error) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.1.9051.0, fault address 0x001d3ff0.
Error in creating result PEAP-TLV in response to received PEAP-TLV (nmsrvc.exe!ld!)

Error: (10/08/2011 05:07:59 PM) (Source: Application Error) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.1.9051.0, fault address 0x001d3ff0.
Processing media-specific event for [nmsrvc.exe!ws!]

Error: (10/08/2011 04:16:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This network connection does not exist.

Error: (10/08/2011 04:16:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: The connection with the server was terminated abnormally

Error: (10/08/2011 04:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This network connection does not exist.

Error: (10/08/2011 04:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This network connection does not exist.

Error: (10/08/2011 04:16:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This network connection does not exist.

Error: (10/08/2011 04:16:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: The connection with the server was terminated abnormally

Error: (10/08/2011 00:19:51 PM) (Source: Application Error) (User: )
Description: Faulting application e_s4i2k1.exe, version 3.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0090213b.
Processing media-specific event for [e_s4i2k1.exe!ws!]

Error: (10/08/2011 00:19:39 PM) (Source: Application Error) (User: )
Description: Faulting application updater.exe, version 1.0.0.17640, faulting module unknown, version 0.0.0.0, fault address 0x0133213b.
Processing media-specific event for [updater.exe!ws!]


System errors:
=============
Error: (10/08/2011 05:34:39 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:34:15 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:29:37 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:28:45 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:24:33 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:23:15 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:19:31 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:18:15 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:16:47 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (10/08/2011 05:16:00 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6425.1000)
ABBYY FineReader 5.0 Sprint Plus (Version: 5.0.0.3501)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Reader 9.4.5 (Version: 9.4.5)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
ArcSoft Software Suite
ARO 2011 (Version: 7.0)
Ask Toolbar (Version: 1.12.5.0)
Broadcom Advanced Control Suite (Version: 8.68.05)
Broadcom Gigabit Integrated Controller (Version: 8.22.17)
Dell Resource CD (Version: 1.00.0000)
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.0
EPSON Printer Software
EPSON RX500 Reference Guide
EPSON Scan
EPSON Smart Panel
FormatFactory 2.60 (Version: 2.60)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.69)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 3 (Version: 1.6.0.30)
Linksys EasyLink Advisor
Linksys EasyLink Advisor (Version: 3.11.9075.88)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MapSource - MetroGuide USA
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox (3.6.23) (Version: 3.6.23 (en-US))
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pure Networks Platform (Version: 11.1.9051.0)
Quick JPEG Image Resize and Crop (Version: 1.0.0)
QuickTime (Version: 7.69.80.9)
ScanToWeb
SeaTools for Windows (Version: 1.2.0.5)
SigmaTel Audio (Version: 5.10.4803.0)
SpyZooka (Version: 2.5)
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 2045.58 MB
Available physical RAM: 1418.82 MB
Total Pagefile: 3937.8 MB
Available Pagefile: 3463.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 2004.57 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.77 GB) (Free:212 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Bryan Diane
Guest HelpAssistant Hunter
Lexy SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Edited by augdog74, 11 October 2011 - 07:57 AM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:57 PM

Posted 11 October 2011 - 12:31 PM

Ok, looks like there is a ZeroAccess rootkit in there.
You are running a custom Hosts file??

Java and Adobe Reader are outdated and are dangerous exploit points.


EDIT: Try ths first to run MBAM....

Download This File
Save it next to mbam.exe (this file is located in the Malwarebytes Anti-malware home folder). Once done, drag and drop mbam.exe into Inherit.exe. Click OK and attempt to run Malwarebytes Anti-malware once again.





We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

Edited by boopme, 11 October 2011 - 12:41 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 augdog74

augdog74
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 11 October 2011 - 01:07 PM

Thank you. I will do this tonight when I get home.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users