Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In need of help


  • Please log in to reply
3 replies to this topic

#1 Elod

Elod

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 11 April 2012 - 10:01 AM

I had awoke to find that my computer had blacked out, I rebooted it and it seemed to work fine after that. Then, while using google search I noticed that I kept being redirected to a particular website regardless of which of the links I happened to click, this website was abnow.com (I wouldn't recommended putting this on your website bar). I used Malwarebytes and Spybot to remove the problem. I don't know if it managed to do it, but they both seemed to have found something and did state having removed the issue.

I had then noticed that my anti virus hadn't been running, which is an unusual thing for me, since the thing normally always runs by default. So yeah, I tried starting my anti virus, noticed it wasn't running correctly mentioning some stuff about a cleanup and needing to reboot. Wanting to know what this cleanup was about I hit my anti virus' history page and noticed this.

http://i39.tinypic.com/iy0s4n.jpg

It seems I've been infected with A LOT OF THINGS, and it's still ongoing. It had started today and got to this point in the span of a few hours. I don't know what to do.

I'm considering formatting, but I'd prefer not to since I don't have anything backed up.

Edited by Elod, 11 April 2012 - 10:08 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 AM

Posted 11 April 2012 - 10:14 AM

Hello and welcome. Lets do a few things and seee if we can get it.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.





Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Elod

Elod
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 11 April 2012 - 06:43 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Keele (administrator) on 12-04-2012 at 00:23:58
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15042 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Disconnected)
Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Media disconnected)
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/09/2012 06:17:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4297

Error: (04/09/2012 06:17:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4297

Error: (04/09/2012 06:17:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2012 06:17:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2016

Error: (04/09/2012 06:17:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2016

Error: (04/09/2012 06:17:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2012 01:11:01 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070490, P2 packagesnotapplicable, P3 unspecified, P4 11.1.3927.0, P5 mpsigstub.exe, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/31/2012 03:23:40 PM) (Source: MBAMService) (User: )
Description: MBAMService2012/03/31 15:23:40 +0200 HAEYDL Keele MESSAGE Stopping IP protection

Error: (03/19/2012 05:36:19 PM) (Source: Application Error) (User: )
Description: Faulting application trillian.exe, version 5.1.0.15, faulting module talk.dll, version 5.1.0.15, fault address 0x001a1522.
Processing media-specific event for [trillian.exe!ws!]

Error: (03/18/2012 10:05:56 PM) (Source: Application Error) (User: )
Description: Faulting application maplestory.exe, version 1.0.0.17, faulting module oleaut32.dll, version 5.1.2600.6058, fault address 0x00004945.
Processing media-specific event for [maplestory.exe!ws!]


System errors:
=============
Error: (04/11/2012 08:11:53 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/11/2012 06:07:22 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/11/2012 05:22:56 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/11/2012 06:56:14 AM) (Source: Service Control Manager) (User: )
Description: The Hpdj service terminated with the following error:
%%5

Error: (04/11/2012 06:55:14 AM) (Source: Service Control Manager) (User: )
Description: The WLAN_USB service terminated with the following error:
%%5

Error: (04/11/2012 06:54:14 AM) (Source: Service Control Manager) (User: )
Description: The ESDCR service terminated with the following error:
%%5

Error: (04/11/2012 06:53:14 AM) (Source: Service Control Manager) (User: )
Description: The Atierecord service terminated with the following error:
%%5

Error: (04/11/2012 06:52:14 AM) (Source: Service Control Manager) (User: )
Description: The DivisCTP service terminated with the following error:
%%5

Error: (04/11/2012 06:51:14 AM) (Source: Service Control Manager) (User: )
Description: The Nsm1bus service terminated with the following error:
%%5

Error: (04/11/2012 06:50:14 AM) (Source: Service Control Manager) (User: )
Description: The Wwsecsvc service terminated with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (04/09/2012 06:17:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4297

Error: (04/09/2012 06:17:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4297

Error: (04/09/2012 06:17:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2012 06:17:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2016

Error: (04/09/2012 06:17:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2016

Error: (04/09/2012 06:17:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2012 01:11:01 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070490packagesnotapplicableunspecified11.1.3927.0mpsigstub.exeunspecifiedunspecifiedNILNILNIL

Error: (03/31/2012 03:23:40 PM) (Source: MBAMService)(User: )
Description: MBAMService2012/03/31 15:23:40 +0200 HAEYDL Keele MESSAGE Stopping IP protection

Error: (03/19/2012 05:36:19 PM) (Source: Application Error)(User: )
Description: trillian.exe5.1.0.15talk.dll5.1.0.15001a1522

Error: (03/18/2012 10:05:56 PM) (Source: Application Error)(User: )
Description: maplestory.exe1.0.0.17oleaut32.dll5.1.2600.605800004945


=========================== Installed Programs ============================


========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 2806.59 MB
Available physical RAM: 1888.65 MB
Total Pagefile: 5453.16 MB
Available Pagefile: 3747.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.45 MB

========================= Partitions: =====================================

1 Drive c: (BOOTCAMP) (Fixed) (Total:116.56 GB) (Free:3.66 GB) NTFS
5 Drive g: (Macintosh HD) (Fixed) (Total:116 GB) (Free:98.02 GB) HFS

========================= Users: ========================================

**** End of log ****

00:36:11.0545 13756 Scan started
00:36:11.0545 13756 Mode: Manual;
00:36:11.0545 13756 ============================================================
00:36:11.0576 13756 1394hub - ok
00:36:11.0592 13756 Abiosdsk - ok
00:36:11.0592 13756 abp480n5 - ok
00:36:11.0607 13756 ACPI - ok
00:36:11.0623 13756 ACPIEC - ok
00:36:11.0623 13756 adpu160m - ok
00:36:11.0639 13756 AdvancedSystemCareService5 - ok
00:36:11.0654 13756 aec - ok
00:36:11.0654 13756 AFD - ok
00:36:11.0670 13756 Aha154x - ok
00:36:11.0686 13756 aic78u2 - ok
00:36:11.0701 13756 aic78xx - ok
00:36:11.0701 13756 Alerter - ok
00:36:11.0717 13756 ALG - ok
00:36:11.0732 13756 AliIde - ok
00:36:11.0732 13756 alphnsgs - ok
00:36:11.0748 13756 amsint - ok
00:36:11.0748 13756 AOL ACS - ok
00:36:11.0764 13756 AppleBtBc - ok
00:36:11.0779 13756 AppleHFS - ok
00:36:11.0795 13756 AppleMNT - ok
00:36:11.0811 13756 applemtm - ok
00:36:11.0826 13756 applemtp - ok
00:36:11.0826 13756 AppleOSSMgr - ok
00:36:11.0842 13756 AppleTimeSrv - ok
00:36:11.0857 13756 AppMgmt - ok
00:36:11.0873 13756 Arp1394 - ok
00:36:11.0889 13756 asc - ok
00:36:11.0889 13756 asc3350p - ok
00:36:11.0904 13756 asc3550 - ok
00:36:11.0936 13756 aspnet_state - ok
00:36:11.0951 13756 AsyncMac - ok
00:36:11.0967 13756 atapi - ok
00:36:11.0967 13756 Atdisk - ok
00:36:11.0982 13756 Atmarpc - ok
00:36:11.0998 13756 AudioSrv - ok
00:36:11.0998 13756 audstub - ok
00:36:12.0014 13756 b57w2k - ok
00:36:12.0029 13756 BCM43XX - ok
00:36:12.0029 13756 Beep - ok
00:36:12.0045 13756 BITS - ok
00:36:12.0061 13756 Bonjour Service - ok
00:36:12.0061 13756 Browser - ok
00:36:12.0076 13756 Browser Defender Update Service - ok
00:36:12.0076 13756 BthEnum - ok
00:36:12.0092 13756 BthPan - ok
00:36:12.0107 13756 BTHPORT - ok
00:36:12.0123 13756 BthServ - ok
00:36:12.0139 13756 BTHUSB - ok
00:36:12.0139 13756 BVRPMPR5 - ok
00:36:12.0154 13756 cbidf2k - ok
00:36:12.0170 13756 CCDECODE - ok
00:36:12.0170 13756 cd20xrnt - ok
00:36:12.0186 13756 Cdaudio - ok
00:36:12.0201 13756 Cdfs - ok
00:36:12.0201 13756 Cdrom - ok
00:36:12.0217 13756 Changer - ok
00:36:12.0217 13756 CiSvc - ok
00:36:12.0232 13756 ClipSrv - ok
00:36:12.0232 13756 clr_optimization_v2.0.50727_32 - ok
00:36:12.0248 13756 clr_optimization_v4.0.30319_32 - ok
00:36:12.0248 13756 CmBatt - ok
00:36:12.0264 13756 cmdAgent - ok
00:36:12.0264 13756 cmdGuard - ok
00:36:12.0279 13756 cmdHlp - ok
00:36:12.0279 13756 CmdIde - ok
00:36:12.0295 13756 Compbatt - ok
00:36:12.0295 13756 COMSysApp - ok
00:36:12.0311 13756 Cpqarray - ok
00:36:12.0326 13756 cpuz134 - ok
00:36:12.0326 13756 CryptSvc - ok
00:36:12.0326 13756 dac2w2k - ok
00:36:12.0342 13756 dac960nt - ok
00:36:12.0342 13756 DcomLaunch - ok
00:36:12.0357 13756 Dhcp - ok
00:36:12.0357 13756 Disk - ok
00:36:12.0373 13756 dmadmin - ok
00:36:12.0373 13756 dmboot - ok
00:36:12.0389 13756 dmio - ok
00:36:12.0389 13756 dmload - ok
00:36:12.0404 13756 dmserver - ok
00:36:12.0404 13756 DMusic - ok
00:36:12.0420 13756 Dnscache - ok
00:36:12.0436 13756 Dot3svc - ok
00:36:12.0436 13756 dpti2o - ok
00:36:12.0451 13756 drmkaud - ok
00:36:12.0451 13756 DrvAgent32 - ok
00:36:12.0467 13756 dtsoftbus01 - ok
00:36:12.0467 13756 EagleNT - ok
00:36:12.0482 13756 EagleXNt - ok
00:36:12.0482 13756 EapHost - ok
00:36:12.0498 13756 ERSvc - ok
00:36:12.0498 13756 etarmidl - ok
00:36:12.0514 13756 Eventlog - ok
00:36:12.0514 13756 EventSystem - ok
00:36:12.0514 13756 Fastfat - ok
00:36:12.0529 13756 FastUserSwitchingCompatibility - ok
00:36:12.0529 13756 Fdc - ok
00:36:12.0545 13756 Fips - ok
00:36:12.0545 13756 Flpydisk - ok
00:36:12.0561 13756 FltMgr - ok
00:36:12.0561 13756 FontCache3.0.0.0 - ok
00:36:12.0576 13756 Fs_Rec - ok
00:36:12.0576 13756 Ftdisk - ok
00:36:12.0576 13756 giveio - ok
00:36:12.0592 13756 Gpc - ok
00:36:12.0592 13756 HdAudAddService - ok
00:36:12.0607 13756 HDAudBus - ok
00:36:12.0607 13756 helpsvc - ok
00:36:12.0623 13756 heycpl - ok
00:36:12.0623 13756 HidBth - ok
00:36:12.0639 13756 HidServ - ok
00:36:12.0639 13756 hidusb - ok
00:36:12.0654 13756 hkmsvc - ok
00:36:12.0654 13756 hpn - ok
00:36:12.0670 13756 HTTP - ok
00:36:12.0670 13756 HTTPFilter - ok
00:36:12.0670 13756 i2omgmt - ok
00:36:12.0686 13756 i2omp - ok
00:36:12.0717 13756 IDriverT - ok
00:36:12.0717 13756 idsvc - ok
00:36:12.0779 13756 Imapi - ok
00:36:12.0811 13756 ImapiService - ok
00:36:12.0826 13756 ini910u - ok
00:36:12.0842 13756 Inspect - ok
00:36:12.0857 13756 IntelIde - ok
00:36:12.0873 13756 intelppm - ok
00:36:12.0889 13756 Ip6Fw - ok
00:36:12.0889 13756 IpFilterDriver - ok
00:36:12.0904 13756 IpInIp - ok
00:36:12.0920 13756 IpNat - ok
00:36:12.0936 13756 IPSec - ok
00:36:12.0936 13756 IRENUM - ok
00:36:12.0951 13756 IRRemoteFlt - ok
00:36:12.0951 13756 isapnp - ok
00:36:12.0967 13756 JavaQuickStarterService - ok
00:36:12.0967 13756 Kbdclass - ok
00:36:12.0982 13756 kbdhid - ok
00:36:12.0982 13756 KeyAgent - ok
00:36:12.0998 13756 KeyMagic - ok
00:36:12.0998 13756 kmixer - ok
00:36:12.0998 13756 kqrbllfk - ok
00:36:13.0014 13756 KSecDD - ok
00:36:13.0029 13756 LanmanServer - ok
00:36:13.0029 13756 lanmanworkstation - ok
00:36:13.0045 13756 lbrtfdc - ok
00:36:13.0061 13756 LmHosts - ok
00:36:13.0061 13756 MacHALDriver - ok
00:36:13.0076 13756 MBAMProtector - ok
00:36:13.0076 13756 MBAMService - ok
00:36:13.0092 13756 Messenger - ok
00:36:13.0092 13756 mnmdd - ok
00:36:13.0107 13756 mnmsrvc - ok
00:36:13.0107 13756 Modem - ok
00:36:13.0123 13756 Mouclass - ok
00:36:13.0139 13756 mouhid - ok
00:36:13.0139 13756 MountMgr - ok
00:36:13.0154 13756 MpFilter - ok
00:36:13.0154 13756 MpKsl0c70bea0 - ok
00:36:13.0170 13756 mraid35x - ok
00:36:13.0170 13756 MRxDAV - ok
00:36:13.0170 13756 MRxSmb - ok
00:36:13.0186 13756 MSDTC - ok
00:36:13.0201 13756 Msfs - ok
00:36:13.0201 13756 MSIServer - ok
00:36:13.0217 13756 MSKSSRV - ok
00:36:13.0217 13756 MsMpSvc - ok
00:36:13.0232 13756 MSPCLOCK - ok
00:36:13.0232 13756 MSPQM - ok
00:36:13.0248 13756 mssmbios - ok
00:36:13.0248 13756 MSTEE - ok
00:36:13.0264 13756 Mup - ok
00:36:13.0264 13756 NABTSFEC - ok
00:36:13.0279 13756 napagent - ok
00:36:13.0279 13756 NAUpdate - ok
00:36:13.0295 13756 NDIS - ok
00:36:13.0295 13756 NdisIP - ok
00:36:13.0311 13756 NdisTapi - ok
00:36:13.0311 13756 Ndisuio - ok
00:36:13.0311 13756 NdisWan - ok
00:36:13.0326 13756 NDProxy - ok
00:36:13.0342 13756 NetBIOS - ok
00:36:13.0342 13756 NetBT - ok
00:36:13.0342 13756 NetDDE - ok
00:36:13.0357 13756 NetDDEdsdm - ok
00:36:13.0357 13756 Netlogon - ok
00:36:13.0373 13756 Netman - ok
00:36:13.0389 13756 NetTcpPortSharing - ok
00:36:13.0389 13756 NIC1394 - ok
00:36:13.0404 13756 Nla - ok
00:36:13.0404 13756 Npfs - ok
00:36:13.0420 13756 npggsvc - ok
00:36:13.0436 13756 Ntfs - ok
00:36:13.0436 13756 NtLmSsp - ok
00:36:13.0451 13756 NtmsSvc - ok
00:36:13.0467 13756 Null - ok
00:36:13.0467 13756 nv - ok
00:36:13.0467 13756 NVHDA - ok
00:36:13.0482 13756 nvsmu - ok
00:36:13.0482 13756 nvsvc - ok
00:36:13.0498 13756 NwlnkFlt - ok
00:36:13.0514 13756 NwlnkFwd - ok
00:36:13.0514 13756 ohci1394 - ok
00:36:13.0529 13756 Parport - ok
00:36:13.0529 13756 PartMgr - ok
00:36:13.0545 13756 ParVdm - ok
00:36:13.0545 13756 PCI - ok
00:36:13.0561 13756 PCIDump - ok
00:36:13.0561 13756 PCIIde - ok
00:36:13.0576 13756 Pcmcia - ok
00:36:13.0576 13756 PCTCore - ok
00:36:13.0592 13756 pctDS - ok
00:36:13.0607 13756 pctEFA - ok
00:36:13.0607 13756 PDCOMP - ok
00:36:13.0623 13756 PDFRAME - ok
00:36:13.0623 13756 PDRELI - ok
00:36:13.0639 13756 PDRFRAME - ok
00:36:13.0639 13756 perc2 - ok
00:36:13.0654 13756 perc2hib - ok
00:36:13.0670 13756 PlugPlay - ok
00:36:13.0686 13756 PolicyAgent - ok
00:36:13.0686 13756 PptpMiniport - ok
00:36:13.0701 13756 ProtectedStorage - ok
00:36:13.0701 13756 PSched - ok
00:36:13.0717 13756 Ptilink - ok
00:36:13.0717 13756 ql1080 - ok
00:36:13.0732 13756 Ql10wnt - ok
00:36:13.0732 13756 ql12160 - ok
00:36:13.0748 13756 ql1240 - ok
00:36:13.0748 13756 ql1280 - ok
00:36:13.0764 13756 RasAcd - ok
00:36:13.0764 13756 RasAuto - ok
00:36:13.0779 13756 Rasl2tp - ok
00:36:13.0779 13756 RasMan - ok
00:36:13.0795 13756 RasPppoe - ok
00:36:13.0811 13756 Raspti - ok
00:36:13.0811 13756 Rdbss - ok
00:36:13.0826 13756 RDPCDD - ok
00:36:13.0842 13756 rdpdr - ok
00:36:13.0842 13756 RDPWD - ok
00:36:13.0857 13756 RDSessMgr - ok
00:36:13.0857 13756 redbook - ok
00:36:13.0873 13756 RemoteAccess - ok
00:36:13.0889 13756 RemoteRegistry - ok
00:36:13.0889 13756 RFCOMM - ok
00:36:13.0904 13756 RpcLocator - ok
00:36:13.0904 13756 RPCQT - ok
00:36:13.0920 13756 RpcSs - ok
00:36:13.0936 13756 RSVP - ok
00:36:13.0951 13756 SamSs - ok
00:36:13.0951 13756 SCardSvr - ok
00:36:13.0967 13756 Schedule - ok
00:36:13.0967 13756 Secdrv - ok
00:36:13.0982 13756 seclogon - ok
00:36:13.0998 13756 SENS - ok
00:36:13.0998 13756 Serial - ok
00:36:14.0045 13756 Sfloppy - ok
00:36:14.0045 13756 SharedAccess - ok
00:36:14.0061 13756 ShellHWDetection - ok
00:36:14.0061 13756 Simbad - ok
00:36:14.0076 13756 SLIP - ok
00:36:14.0092 13756 Sparrow - ok
00:36:14.0107 13756 speedfan - ok
00:36:14.0107 13756 splitter - ok
00:36:14.0123 13756 Spooler - ok
00:36:14.0123 13756 sr - ok
00:36:14.0139 13756 srservice - ok
00:36:14.0154 13756 Srv - ok
00:36:14.0154 13756 SSDPSRV - ok
00:36:14.0170 13756 Steam Client Service - ok
00:36:14.0170 13756 stisvc - ok
00:36:14.0186 13756 streamip - ok
00:36:14.0186 13756 swenum - ok
00:36:14.0201 13756 swmidi - ok
00:36:14.0201 13756 SwPrv - ok
00:36:14.0217 13756 syglihlj - ok
00:36:14.0217 13756 symc810 - ok
00:36:14.0232 13756 symc8xx - ok
00:36:14.0248 13756 sym_hi - ok
00:36:14.0248 13756 sym_u3 - ok
00:36:14.0264 13756 sysaudio - ok
00:36:14.0264 13756 SysmonLog - ok
00:36:14.0279 13756 tap0901 - ok
00:36:14.0279 13756 taphss - ok
00:36:14.0295 13756 TapiSrv - ok
00:36:14.0311 13756 Tcpip - ok
00:36:14.0326 13756 TDPIPE - ok
00:36:14.0326 13756 TDTCP - ok
00:36:14.0342 13756 TermDD - ok
00:36:14.0342 13756 TermService - ok
00:36:14.0357 13756 Themes - ok
00:36:14.0373 13756 TlntSvr - ok
00:36:14.0373 13756 TosIde - ok
00:36:14.0389 13756 TrkWks - ok
00:36:14.0404 13756 twxoaeci - ok
00:36:14.0420 13756 Udfs - ok
00:36:14.0436 13756 ultra - ok
00:36:14.0436 13756 UnlockerDriver5 - ok
00:36:14.0451 13756 Update - ok
00:36:14.0467 13756 UPHClean - ok
00:36:14.0482 13756 upnphost - ok
00:36:14.0482 13756 UPS - ok
00:36:14.0498 13756 usbccgp - ok
00:36:14.0514 13756 usbehci - ok
00:36:14.0529 13756 usbhub - ok
00:36:14.0529 13756 usbohci - ok
00:36:14.0545 13756 usbstor - ok
00:36:14.0561 13756 usbvideo - ok
00:36:14.0561 13756 VgaSave - ok
00:36:14.0576 13756 ViaIde - ok
00:36:14.0576 13756 VolSnap - ok
00:36:14.0592 13756 VSS - ok
00:36:14.0607 13756 W32Time - ok
00:36:14.0623 13756 Wanarp - ok
00:36:14.0639 13756 wanatw - ok
00:36:14.0639 13756 Wdf01000 - ok
00:36:14.0654 13756 WDICA - ok
00:36:14.0654 13756 wdmaud - ok
00:36:14.0670 13756 WebClient - ok
00:36:14.0686 13756 winmgmt - ok
00:36:14.0686 13756 WinRM - ok
00:36:14.0717 13756 wlidsvc - ok
00:36:14.0732 13756 WmdmPmSN - ok
00:36:14.0732 13756 Wmi - ok
00:36:14.0748 13756 WmiApSrv - ok
00:36:14.0764 13756 WMPNetworkSvc - ok
00:36:14.0764 13756 WPFFontCache_v0400 - ok
00:36:14.0779 13756 WS2IFSL - ok
00:36:14.0779 13756 WSTCODEC - ok
00:36:14.0795 13756 wuauserv - ok
00:36:14.0811 13756 WudfPf - ok
00:36:14.0826 13756 WudfRd - ok
00:36:14.0842 13756 WudfSvc - ok
00:36:14.0842 13756 WZCSVC - ok
00:36:14.0857 13756 XDva346 - ok
00:36:14.0873 13756 xmlprov - ok
00:36:14.0889 13756 ymyymhtj - ok
00:36:14.0967 13756 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:36:15.0201 13756 \Device\Harddisk0\DR0 - ok
00:36:15.0217 13756 Boot (0x1200) (46efa39edb39406ce3bacdeba8b01e12) \Device\Harddisk0\DR0\Partition0
00:36:15.0217 13756 \Device\Harddisk0\DR0\Partition0 - ok
00:36:15.0248 13756 Boot (0x1200) (289fba84c37d067f1b2a75b63610b6c4) \Device\Harddisk0\DR0\Partition1
00:36:15.0248 13756 \Device\Harddisk0\DR0\Partition1 - ok
00:36:15.0248 13756 Boot (0x1200) (e5d235bf72b28c132f271e606d2b7af4) \Device\Harddisk0\DR0\Partition2
00:36:15.0248 13756 \Device\Harddisk0\DR0\Partition2 - ok
00:36:15.0248 13756 ============================================================
00:36:15.0248 13756 Scan finished
00:36:15.0248 13756 ============================================================
00:36:15.0279 12488 Detected object count: 0
00:36:15.0279 12488 Actual detected object count: 0

C:\Documents and Settings\Keele\Local Settings\Application Data\1c23b89a\X Win32/Sirefef.DD trojan cleaned by deleting - quarantined
C:\Documents and Settings\Keele\Local Settings\Application Data\1c23b89a\U\800000c0.$ Win32/Sirefef.EN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Keele\Local Settings\Temp\hj8ol0.exe a variant of Win32/TrojanDownloader.Drstwex.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\Keele\My Documents\HSS-1.57-install-anchorfree-247-conduit3.exe a variant of Win32/HotSpotShield application deleted - quarantined
C:\Documents and Settings\Keele\My Documents\PHI.3.1.2.8.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
C:\Documents and Settings\Keele\My Documents\Downloads\cnet_Opera-Next-12_00-1017_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Keele\My Documents\Downloads\VeohWebPlayerSetup_eng.exe multiple threats deleted - quarantined
C:\Documents and Settings\Keele\My Documents\Downloads\winzip160.exe.part Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Keele\My Documents\Downloads\Programs\SoftonicDownloader_for_s4-league.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\99Y5VMW7\0[1].rar Win32/Delf.QMR trojan cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K7X03IBA\0[2].rar Win32/Delf.QMR trojan cleaned by deleting - quarantined
C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\WINDOWS\system32\drivers\mrxsmb.sys Win32/Sirefef.DA trojan unable to clean

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 AM

Posted 11 April 2012 - 07:27 PM

Hi, we still may have a rootkit even though we removed the malwares from your image.

Did you skip the
=========================== Installed Programs ============================

Empty

>>>>
Do TDSS killer like this
list]
[*]Run TDSSKiller.exe.
[*] Click on Change Parameters
[*] Put a check in the box of Detect TDLFS file system
[*] Click Start scan.
[*]When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
[*]Let reboot if needed and tell me if the tool needed a reboot.
[*]Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.[/list]

>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users