Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacked browser pages


  • Please log in to reply
12 replies to this topic

#1 aools

aools

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 24 August 2012 - 05:43 PM

A few weeks ago i got a nasty virus the metro police one asking for cash to unlock my pc i restored it back to factory settings and thought all was well but this last 4 days im waking every morning with a different troj,virus problem on my pc.I have updated my malwarebytes ran it in safe mode it found a few things cleaned and on reboot same problem was still occuring when i open my browser (ie)and try to do searches it finds what im looking for but 95 percent of the time takes me somewere else when i click on it,the odd time it lets me threw but no matter how many different scans i have tried they all fix and on reboot the problem is still there.I have used malewarebytes,spybot s&d,housecall,a couple of different ones from the microsoft site im having no luck at all.I cant even figure out how im getting these as i go to bed after fixin it clear but when i wake its back i could just wipe it again but id rather learn how to fix it ty for any help i can get

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 AM

Posted 24 August 2012 - 06:42 PM

Hello and welcome,let;s do these also....


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

>>>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 aools

aools
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 24 August 2012 - 07:46 PM

this is results for tds and it did require a reboot also the scan log for aswmd eset still running so heres these two to start with
01:10:16.0125 2312 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
01:10:16.0359 2312 ============================================================
01:10:16.0359 2312 Current date / time: 2012/08/25 01:10:16.0359
01:10:16.0359 2312 SystemInfo:
01:10:16.0359 2312
01:10:16.0359 2312 OS Version: 5.1.2600 ServicePack: 3.0
01:10:16.0359 2312 Product type: Workstation
01:10:16.0359 2312 ComputerName: YOUR-C94F920E24
01:10:16.0359 2312 UserName: Compaq_Owner
01:10:16.0359 2312 Windows directory: C:\WINDOWS
01:10:16.0359 2312 System windows directory: C:\WINDOWS
01:10:16.0359 2312 Processor architecture: Intel x86
01:10:16.0359 2312 Number of processors: 1
01:10:16.0359 2312 Page size: 0x1000
01:10:16.0359 2312 Boot type: Normal boot
01:10:16.0359 2312 ============================================================
01:10:17.0562 2312 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
01:10:17.0640 2312 ============================================================
01:10:17.0640 2312 \Device\Harddisk0\DR0:
01:10:17.0656 2312 MBR partitions:
01:10:17.0656 2312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8BB9B61
01:10:17.0656 2312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x8BBD6B0, BlocksNum 0x950A60
01:10:17.0656 2312 ============================================================
01:10:17.0718 2312 C: <-> \Device\Harddisk0\DR0\Partition1
01:10:17.0734 2312 D: <-> \Device\Harddisk0\DR0\Partition2
01:10:17.0734 2312 ============================================================
01:10:17.0734 2312 Initialize success
01:10:17.0734 2312 ============================================================
01:10:38.0187 1876 ============================================================
01:10:38.0187 1876 Scan started
01:10:38.0187 1876 Mode: Manual;
01:10:38.0187 1876 ============================================================
01:10:39.0015 1876 ================ Scan system memory ========================
01:10:39.0015 1876 System memory - ok
01:10:39.0015 1876 ================ Scan services =============================
01:10:39.0171 1876 Abiosdsk - ok
01:10:39.0187 1876 abp480n5 - ok
01:10:39.0234 1876 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:10:39.0250 1876 ACPI - ok
01:10:39.0281 1876 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
01:10:39.0281 1876 ACPIEC - ok
01:10:39.0359 1876 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:10:39.0375 1876 AdobeFlashPlayerUpdateSvc - ok
01:10:39.0390 1876 adpu160m - ok
01:10:39.0437 1876 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
01:10:39.0453 1876 aec - ok
01:10:39.0500 1876 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:10:39.0515 1876 AFD - ok
01:10:39.0531 1876 Aha154x - ok
01:10:39.0546 1876 aic78u2 - ok
01:10:39.0562 1876 aic78xx - ok
01:10:39.0625 1876 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:10:39.0625 1876 Alerter - ok
01:10:39.0671 1876 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
01:10:39.0687 1876 ALG - ok
01:10:39.0718 1876 AliIde - ok
01:10:39.0750 1876 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
01:10:39.0750 1876 AmdK8 - ok
01:10:39.0765 1876 amsint - ok
01:10:39.0781 1876 AppMgmt - ok
01:10:39.0796 1876 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:10:39.0812 1876 Arp1394 - ok
01:10:39.0828 1876 asc - ok
01:10:39.0843 1876 asc3350p - ok
01:10:39.0859 1876 asc3550 - ok
01:10:39.0953 1876 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
01:10:39.0968 1876 aspnet_state - ok
01:10:40.0000 1876 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:10:40.0000 1876 AsyncMac - ok
01:10:40.0031 1876 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:10:40.0031 1876 atapi - ok
01:10:40.0046 1876 Atdisk - ok
01:10:40.0062 1876 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:10:40.0062 1876 Atmarpc - ok
01:10:40.0109 1876 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:10:40.0109 1876 AudioSrv - ok
01:10:40.0140 1876 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:10:40.0156 1876 audstub - ok
01:10:40.0171 1876 [ 7270D070173B20AC9487EA16BB08B45F ] bb-run C:\WINDOWS\system32\DRIVERS\bb-run.sys
01:10:40.0171 1876 bb-run - ok
01:10:40.0203 1876 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:10:40.0203 1876 Beep - ok
01:10:40.0250 1876 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
01:10:40.0265 1876 Browser - ok
01:10:40.0359 1876 catchme - ok
01:10:40.0375 1876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:10:40.0375 1876 cbidf2k - ok
01:10:40.0390 1876 cd20xrnt - ok
01:10:40.0406 1876 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:10:40.0406 1876 Cdaudio - ok
01:10:40.0453 1876 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:10:40.0453 1876 Cdfs - ok
01:10:40.0468 1876 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:10:40.0468 1876 Cdrom - ok
01:10:40.0484 1876 Changer - ok
01:10:40.0500 1876 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
01:10:40.0500 1876 CiSvc - ok
01:10:40.0625 1876 [ 15BBBEDD7B17BF2B6B5CE84213992969 ] CLCapSvc C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
01:10:40.0625 1876 CLCapSvc - ok
01:10:40.0656 1876 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:10:40.0671 1876 ClipSrv - ok
01:10:40.0703 1876 [ 07A0617AECF017457D7358EF178FCCBD ] CLSched C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
01:10:40.0703 1876 CLSched - ok
01:10:40.0718 1876 CmdIde - ok
01:10:40.0734 1876 COMSysApp - ok
01:10:40.0765 1876 Cpqarray - ok
01:10:40.0812 1876 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:10:40.0812 1876 CryptSvc - ok
01:10:40.0890 1876 [ 1CFDCB99812C62E19C47896A5857D342 ] CyberLink Media Library Service C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
01:10:40.0890 1876 CyberLink Media Library Service - ok
01:10:40.0921 1876 dac2w2k - ok
01:10:40.0937 1876 dac960nt - ok
01:10:40.0968 1876 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:10:41.0031 1876 DcomLaunch - ok
01:10:41.0062 1876 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:10:41.0078 1876 Dhcp - ok
01:10:41.0125 1876 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:10:41.0125 1876 Disk - ok
01:10:41.0140 1876 dmadmin - ok
01:10:41.0187 1876 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:10:41.0218 1876 dmboot - ok
01:10:41.0250 1876 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:10:41.0265 1876 dmio - ok
01:10:41.0296 1876 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:10:41.0296 1876 dmload - ok
01:10:41.0328 1876 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
01:10:41.0328 1876 dmserver - ok
01:10:41.0359 1876 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:10:41.0359 1876 DMusic - ok
01:10:41.0390 1876 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:10:41.0390 1876 Dnscache - ok
01:10:41.0437 1876 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
01:10:41.0437 1876 Dot3svc - ok
01:10:41.0468 1876 dpti2o - ok
01:10:41.0484 1876 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:10:41.0484 1876 drmkaud - ok
01:10:41.0515 1876 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
01:10:41.0531 1876 EapHost - ok
01:10:41.0562 1876 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:10:41.0562 1876 ERSvc - ok
01:10:41.0609 1876 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
01:10:41.0609 1876 Eventlog - ok
01:10:41.0656 1876 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
01:10:41.0671 1876 EventSystem - ok
01:10:41.0703 1876 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:10:41.0703 1876 Fastfat - ok
01:10:41.0750 1876 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:10:41.0765 1876 FastUserSwitchingCompatibility - ok
01:10:41.0796 1876 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
01:10:41.0812 1876 Fax - ok
01:10:41.0828 1876 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
01:10:41.0843 1876 Fdc - ok
01:10:41.0875 1876 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:10:41.0875 1876 Fips - ok
01:10:41.0921 1876 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
01:10:41.0921 1876 Flpydisk - ok
01:10:41.0953 1876 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:10:41.0953 1876 FltMgr - ok
01:10:42.0000 1876 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:10:42.0000 1876 Fs_Rec - ok
01:10:42.0015 1876 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:10:42.0031 1876 Ftdisk - ok
01:10:42.0078 1876 [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2 C:\WINDOWS\system32\DRIVERS\ftsata2.sys
01:10:42.0078 1876 ftsata2 - ok
01:10:42.0109 1876 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:10:42.0125 1876 Gpc - ok
01:10:42.0156 1876 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:10:42.0171 1876 HDAudBus - ok
01:10:42.0265 1876 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:10:42.0265 1876 helpsvc - ok
01:10:42.0296 1876 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
01:10:42.0296 1876 HidServ - ok
01:10:42.0328 1876 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:10:42.0328 1876 HidUsb - ok
01:10:42.0375 1876 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
01:10:42.0375 1876 hkmsvc - ok
01:10:42.0390 1876 hpn - ok
01:10:42.0437 1876 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:10:42.0437 1876 HTTP - ok
01:10:42.0484 1876 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:10:42.0500 1876 HTTPFilter - ok
01:10:42.0515 1876 i2omgmt - ok
01:10:42.0531 1876 i2omp - ok
01:10:42.0562 1876 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:10:42.0578 1876 i8042prt - ok
01:10:42.0640 1876 [ 9A65E42664D1534B68512CAAD0EFE963 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
01:10:42.0703 1876 iaStor - ok
01:10:42.0781 1876 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:10:42.0781 1876 IDriverT - ok
01:10:42.0812 1876 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:10:42.0812 1876 Imapi - ok
01:10:42.0859 1876 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
01:10:42.0859 1876 ImapiService - ok
01:10:42.0890 1876 ini910u - ok
01:10:43.0062 1876 [ 64BE56B8858CA0153C725C720FFD194F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
01:10:43.0171 1876 IntcAzAudAddService - ok
01:10:43.0187 1876 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
01:10:43.0187 1876 IntelIde - ok
01:10:43.0234 1876 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:10:43.0250 1876 intelppm - ok
01:10:43.0265 1876 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
01:10:43.0265 1876 Ip6Fw - ok
01:10:43.0312 1876 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:10:43.0312 1876 IpFilterDriver - ok
01:10:43.0328 1876 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:10:43.0328 1876 IpInIp - ok
01:10:43.0375 1876 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:10:43.0375 1876 IpNat - ok
01:10:43.0390 1876 [ 25859FB8DE6672729272F6D80FC2867F ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:10:43.0390 1876 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 25859FB8DE6672729272F6D80FC2867F, Fake md5: 23C74D75E36E7158768DD63D92789A91
01:10:43.0390 1876 IPSec ( Virus.Win32.ZAccess.aml ) - infected
01:10:43.0390 1876 IPSec - detected Virus.Win32.ZAccess.aml (0)
01:10:43.0421 1876 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:10:43.0421 1876 IRENUM - ok
01:10:43.0437 1876 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:10:43.0453 1876 isapnp - ok
01:10:43.0500 1876 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
01:10:43.0500 1876 JavaQuickStarterService - ok
01:10:43.0531 1876 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:10:43.0531 1876 Kbdclass - ok
01:10:43.0546 1876 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:10:43.0562 1876 kbdhid - ok
01:10:43.0578 1876 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:10:43.0578 1876 kmixer - ok
01:10:43.0609 1876 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:10:43.0609 1876 KSecDD - ok
01:10:43.0656 1876 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
01:10:43.0656 1876 lanmanserver - ok
01:10:43.0687 1876 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:10:43.0703 1876 lanmanworkstation - ok
01:10:43.0703 1876 lbrtfdc - ok
01:10:43.0750 1876 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:10:43.0750 1876 LmHosts - ok
01:10:43.0781 1876 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:10:43.0781 1876 Messenger - ok
01:10:43.0812 1876 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:10:43.0812 1876 mnmdd - ok
01:10:43.0843 1876 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
01:10:43.0843 1876 mnmsrvc - ok
01:10:43.0875 1876 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:10:43.0875 1876 Modem - ok
01:10:43.0890 1876 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:10:43.0906 1876 Mouclass - ok
01:10:43.0937 1876 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:10:43.0937 1876 mouhid - ok
01:10:44.0000 1876 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:10:44.0000 1876 MountMgr - ok
01:10:44.0015 1876 mraid35x - ok
01:10:44.0015 1876 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:10:44.0031 1876 MRxDAV - ok
01:10:44.0062 1876 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:10:44.0093 1876 MRxSmb - ok
01:10:44.0125 1876 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
01:10:44.0125 1876 MSDTC - ok
01:10:44.0140 1876 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:10:44.0140 1876 Msfs - ok
01:10:44.0156 1876 MSIServer - ok
01:10:44.0187 1876 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:10:44.0187 1876 MSKSSRV - ok
01:10:44.0187 1876 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:10:44.0187 1876 MSPCLOCK - ok
01:10:44.0218 1876 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:10:44.0218 1876 MSPQM - ok
01:10:44.0234 1876 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:10:44.0234 1876 mssmbios - ok
01:10:44.0265 1876 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:10:44.0265 1876 Mup - ok
01:10:44.0312 1876 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
01:10:44.0343 1876 napagent - ok
01:10:44.0375 1876 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:10:44.0375 1876 NDIS - ok
01:10:44.0421 1876 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:10:44.0421 1876 NdisTapi - ok
01:10:44.0437 1876 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:10:44.0437 1876 Ndisuio - ok
01:10:44.0468 1876 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:10:44.0468 1876 NdisWan - ok
01:10:44.0515 1876 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:10:44.0515 1876 NDProxy - ok
01:10:44.0562 1876 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:10:44.0562 1876 NetBIOS - ok
01:10:44.0593 1876 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:10:44.0593 1876 NetBT - ok
01:10:44.0640 1876 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
01:10:44.0640 1876 NetDDE - ok
01:10:44.0671 1876 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:10:44.0671 1876 NetDDEdsdm - ok
01:10:44.0718 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:10:44.0718 1876 Netlogon - ok
01:10:44.0765 1876 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
01:10:44.0765 1876 Netman - ok
01:10:44.0796 1876 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:10:44.0796 1876 NIC1394 - ok
01:10:44.0828 1876 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
01:10:44.0828 1876 Nla - ok
01:10:44.0859 1876 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:10:44.0859 1876 Npfs - ok
01:10:44.0890 1876 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:10:44.0906 1876 Ntfs - ok
01:10:44.0937 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
01:10:44.0937 1876 NtLmSsp - ok
01:10:45.0000 1876 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:10:45.0031 1876 NtmsSvc - ok
01:10:45.0062 1876 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
01:10:45.0062 1876 Null - ok
01:10:45.0187 1876 [ CE58F42B11BE20A47C3D8D2F38DA254E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:10:45.0265 1876 nv - ok
01:10:45.0296 1876 [ 22EEDB34C4D7613A25B10C347C6C4C21 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
01:10:45.0312 1876 NVENETFD - ok
01:10:45.0343 1876 [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
01:10:45.0343 1876 nvnetbus - ok
01:10:45.0375 1876 [ 95CAEC95D6777CE7D6B7091BC4D91CEB ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
01:10:45.0390 1876 NVSvc - ok
01:10:45.0406 1876 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:10:45.0406 1876 NwlnkFlt - ok
01:10:45.0421 1876 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:10:45.0437 1876 NwlnkFwd - ok
01:10:45.0468 1876 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:10:45.0468 1876 ohci1394 - ok
01:10:45.0484 1876 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
01:10:45.0500 1876 Parport - ok
01:10:45.0515 1876 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:10:45.0515 1876 PartMgr - ok
01:10:45.0562 1876 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:10:45.0562 1876 ParVdm - ok
01:10:45.0593 1876 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:10:45.0593 1876 PCI - ok
01:10:45.0609 1876 PCIDump - ok
01:10:45.0625 1876 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
01:10:45.0625 1876 PCIIde - ok
01:10:45.0656 1876 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
01:10:45.0656 1876 Pcmcia - ok
01:10:45.0671 1876 PDCOMP - ok
01:10:45.0671 1876 PDFRAME - ok
01:10:45.0687 1876 PDRELI - ok
01:10:45.0703 1876 PDRFRAME - ok
01:10:45.0703 1876 perc2 - ok
01:10:45.0718 1876 perc2hib - ok
01:10:45.0812 1876 PEVSystemStart - ok
01:10:45.0828 1876 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
01:10:45.0828 1876 PlugPlay - ok
01:10:45.0843 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
01:10:45.0843 1876 PolicyAgent - ok
01:10:45.0875 1876 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:10:45.0875 1876 PptpMiniport - ok
01:10:45.0906 1876 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
01:10:45.0921 1876 Processor - ok
01:10:45.0937 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:10:45.0937 1876 ProtectedStorage - ok
01:10:45.0984 1876 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:10:45.0984 1876 PSched - ok
01:10:46.0000 1876 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:10:46.0000 1876 Ptilink - ok
01:10:46.0046 1876 [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:10:46.0046 1876 PxHelp20 - ok
01:10:46.0046 1876 ql1080 - ok
01:10:46.0062 1876 Ql10wnt - ok
01:10:46.0078 1876 ql12160 - ok
01:10:46.0078 1876 ql1240 - ok
01:10:46.0093 1876 ql1280 - ok
01:10:46.0109 1876 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:10:46.0109 1876 RasAcd - ok
01:10:46.0140 1876 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:10:46.0140 1876 RasAuto - ok
01:10:46.0171 1876 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:10:46.0171 1876 Rasl2tp - ok
01:10:46.0218 1876 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:10:46.0218 1876 RasMan - ok
01:10:46.0234 1876 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:10:46.0250 1876 RasPppoe - ok
01:10:46.0265 1876 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:10:46.0265 1876 Raspti - ok
01:10:46.0296 1876 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:10:46.0296 1876 Rdbss - ok
01:10:46.0328 1876 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:10:46.0343 1876 RDPCDD - ok
01:10:46.0375 1876 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:10:46.0390 1876 RDPWD - ok
01:10:46.0421 1876 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:10:46.0437 1876 RDSessMgr - ok
01:10:46.0484 1876 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:10:46.0484 1876 redbook - ok
01:10:46.0515 1876 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:10:46.0531 1876 RemoteAccess - ok
01:10:46.0546 1876 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
01:10:46.0546 1876 RpcLocator - ok
01:10:46.0578 1876 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
01:10:46.0593 1876 RpcSs - ok
01:10:46.0625 1876 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
01:10:46.0625 1876 RSVP - ok
01:10:46.0656 1876 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
01:10:46.0656 1876 rtl8139 - ok
01:10:46.0687 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
01:10:46.0687 1876 SamSs - ok
01:10:46.0703 1876 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:10:46.0703 1876 SCardSvr - ok
01:10:46.0750 1876 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:10:46.0750 1876 Schedule - ok
01:10:46.0796 1876 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:10:46.0796 1876 Secdrv - ok
01:10:46.0828 1876 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:10:46.0828 1876 seclogon - ok
01:10:46.0843 1876 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
01:10:46.0843 1876 SENS - ok
01:10:46.0859 1876 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
01:10:46.0859 1876 Serial - ok
01:10:46.0890 1876 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
01:10:46.0890 1876 Sfloppy - ok
01:10:46.0906 1876 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:10:46.0906 1876 ShellHWDetection - ok
01:10:46.0921 1876 Simbad - ok
01:10:46.0937 1876 Sparrow - ok
01:10:46.0968 1876 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:10:46.0968 1876 splitter - ok
01:10:47.0031 1876 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:10:47.0031 1876 Spooler - ok
01:10:47.0062 1876 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:10:47.0062 1876 sr - ok
01:10:47.0093 1876 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
01:10:47.0093 1876 srservice - ok
01:10:47.0140 1876 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:10:47.0156 1876 Srv - ok
01:10:47.0187 1876 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:10:47.0187 1876 SSDPSRV - ok
01:10:47.0234 1876 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:10:47.0265 1876 stisvc - ok
01:10:47.0296 1876 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:10:47.0296 1876 swenum - ok
01:10:47.0312 1876 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:10:47.0312 1876 swmidi - ok
01:10:47.0328 1876 SwPrv - ok
01:10:47.0343 1876 symc810 - ok
01:10:47.0343 1876 symc8xx - ok
01:10:47.0359 1876 sym_hi - ok
01:10:47.0375 1876 sym_u3 - ok
01:10:47.0390 1876 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:10:47.0390 1876 sysaudio - ok
01:10:47.0437 1876 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:10:47.0437 1876 SysmonLog - ok
01:10:47.0484 1876 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:10:47.0484 1876 TapiSrv - ok
01:10:47.0531 1876 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:10:47.0546 1876 Tcpip - ok
01:10:47.0562 1876 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:10:47.0562 1876 TDPIPE - ok
01:10:47.0593 1876 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:10:47.0593 1876 TDTCP - ok
01:10:47.0625 1876 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:10:47.0625 1876 TermDD - ok
01:10:47.0687 1876 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
01:10:47.0687 1876 TermService - ok
01:10:47.0703 1876 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
01:10:47.0718 1876 Themes - ok
01:10:47.0718 1876 TosIde - ok
01:10:47.0765 1876 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:10:47.0765 1876 TrkWks - ok
01:10:47.0812 1876 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:10:47.0812 1876 Udfs - ok
01:10:47.0812 1876 ultra - ok
01:10:47.0859 1876 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
01:10:47.0859 1876 UMWdf - ok
01:10:47.0859 1876 unqlq - ok
01:10:47.0906 1876 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:10:47.0921 1876 Update - ok
01:10:47.0953 1876 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:10:47.0968 1876 upnphost - ok
01:10:48.0000 1876 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
01:10:48.0000 1876 UPS - ok
01:10:48.0031 1876 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:10:48.0031 1876 usbccgp - ok
01:10:48.0078 1876 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:10:48.0078 1876 usbehci - ok
01:10:48.0109 1876 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:10:48.0109 1876 usbhub - ok
01:10:48.0125 1876 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
01:10:48.0125 1876 usbohci - ok
01:10:48.0156 1876 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:10:48.0156 1876 usbstor - ok
01:10:48.0171 1876 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:10:48.0187 1876 usbuhci - ok
01:10:48.0203 1876 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:10:48.0203 1876 VgaSave - ok
01:10:48.0218 1876 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
01:10:48.0218 1876 ViaIde - ok
01:10:48.0250 1876 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:10:48.0250 1876 VolSnap - ok
01:10:48.0281 1876 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
01:10:48.0281 1876 VSS - ok
01:10:48.0328 1876 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
01:10:48.0328 1876 W32Time - ok
01:10:48.0343 1876 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:10:48.0343 1876 Wanarp - ok
01:10:48.0390 1876 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
01:10:48.0421 1876 Wdf01000 - ok
01:10:48.0437 1876 WDICA - ok
01:10:48.0453 1876 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:10:48.0453 1876 wdmaud - ok
01:10:48.0500 1876 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:10:48.0500 1876 WebClient - ok
01:10:48.0562 1876 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:10:48.0562 1876 winmgmt - ok
01:10:48.0609 1876 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
01:10:48.0609 1876 WmdmPmSN - ok
01:10:48.0656 1876 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:10:48.0656 1876 WmiApSrv - ok
01:10:48.0687 1876 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:10:48.0687 1876 WS2IFSL - ok
01:10:48.0734 1876 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
01:10:48.0750 1876 wscsvc - ok
01:10:48.0812 1876 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:10:48.0828 1876 WZCSVC - ok
01:10:48.0875 1876 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:10:48.0906 1876 xmlprov - ok
01:10:48.0937 1876 ================ Scan global ===============================
01:10:48.0968 1876 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:10:49.0015 1876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:10:49.0046 1876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:10:49.0062 1876 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:10:49.0078 1876 [Global] - ok
01:10:49.0078 1876 ================ Scan MBR ==================================
01:10:49.0093 1876 [ 0AC6D996BCE152AED9600E6D6B797E2E ] \Device\Harddisk0\DR0
01:10:49.0281 1876 \Device\Harddisk0\DR0 - ok
01:10:49.0296 1876 ================ Scan VBR ==================================
01:10:49.0296 1876 [ FEEF6DDD17898F7BE291AC11B540965C ] \Device\Harddisk0\DR0\Partition1
01:10:49.0296 1876 \Device\Harddisk0\DR0\Partition1 - ok
01:10:49.0343 1876 [ EB45CA8E22C8C41C433A15131318DD92 ] \Device\Harddisk0\DR0\Partition2
01:10:49.0343 1876 \Device\Harddisk0\DR0\Partition2 - ok
01:10:49.0343 1876 ============================================================
01:10:49.0343 1876 Scan finished
01:10:49.0343 1876 ============================================================
01:10:49.0375 1748 Detected object count: 1
01:10:49.0375 1748 Actual detected object count: 1
01:11:06.0484 1748 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
01:11:07.0546 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\@ - copied to quarantine
01:11:07.0546 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\Desktop.ini - copied to quarantine
01:11:07.0593 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\L\00000004.@ - copied to quarantine
01:11:07.0609 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\L\201d3dde - copied to quarantine
01:11:07.0640 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\L\lypawmho - copied to quarantine
01:11:07.0656 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\00000004.@ - copied to quarantine
01:11:07.0687 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\00000008.@ - copied to quarantine
01:11:07.0703 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\000000cb.@ - copied to quarantine
01:11:07.0718 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\80000000.@ - copied to quarantine
01:11:07.0734 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\80000032.@ - copied to quarantine
01:11:09.0671 1748 Backup copy found, using it..
01:11:09.0687 1748 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
01:11:09.0765 1748 C:\WINDOWS\$NtUninstallKB58420$\1883147015 - will be deleted on reboot
01:11:09.0765 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\@ - will be deleted on reboot
01:11:09.0765 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\Desktop.ini - will be deleted on reboot
01:11:09.0828 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\00000004.@ - will be deleted on reboot
01:11:09.0828 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\00000008.@ - will be deleted on reboot
01:11:09.0828 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\000000cb.@ - will be deleted on reboot
01:11:09.0828 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\80000000.@ - will be deleted on reboot
01:11:09.0828 1748 C:\WINDOWS\$NtUninstallKB58420$\3232048273\U\80000032.@ - will be deleted on reboot
01:11:09.0828 1748 IPSec ( Virus.Win32.ZAccess.aml ) - User select action: Cure
01:11:41.0906 0484 Deinitialize success


heres the second log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 01:15:03
-----------------------------
01:15:03.109 OS Version: Windows 5.1.2600 Service Pack 3
01:15:03.109 Number of processors: 1 586 0x4F02
01:15:03.109 ComputerName: YOUR-C94F920E24 UserName: Compaq_Owner
01:15:03.625 Initialize success
01:17:43.296 AVAST engine defs: 12082402
01:19:03.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-16
01:19:03.093 Disk 0 Vendor: MAXTOR_STM380215A 3.AAD Size: 76319MB BusType: 3
01:19:03.093 Disk 0 MBR read successfully
01:19:03.093 Disk 0 MBR scan
01:19:03.125 Disk 0 unknown MBR code
01:19:03.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 71539 MB offset 63
01:19:03.171 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 4769 MB offset 146527920
01:19:03.203 Disk 0 scanning sectors +156295440
01:19:03.296 Disk 0 scanning C:\WINDOWS\system32\drivers
01:19:11.359 File: C:\WINDOWS\system32\drivers\ipsec.sys **SUSPICIOUS**
01:19:18.203 Disk 0 trace - called modules:
01:19:18.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8934f698]<<
01:19:18.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a32fab8]
01:19:18.734 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x896a97b8]
01:19:18.734 \Driver\00001617[0x899a5740] -> IRP_MJ_CREATE -> 0x8934f698
01:19:19.109 AVAST engine scan C:\WINDOWS
01:19:32.296 AVAST engine scan C:\WINDOWS\system32
01:21:37.093 AVAST engine scan C:\WINDOWS\system32\drivers
01:21:45.718 File: C:\WINDOWS\system32\drivers\ipsec.sys **SUSPICIOUS**
01:21:55.187 AVAST engine scan C:\Documents and Settings\Compaq_Owner
01:24:19.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
01:24:19.265 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"


eset keeps sittin at 12 percent will get it up asap forgot to add i only remembered to reboot after i ran the second one on your list so do you need me to rescan?

Edited by aools, 24 August 2012 - 07:53 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 AM

Posted 24 August 2012 - 08:13 PM

No, as long as you rebooted,that was important.
ESET may take a couple hours as you have serious infections.

Let it finish. Post that log. Reboot again.
(rebooting completes the removal process)

Tell me how it is and then run..
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 aools

aools
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 24 August 2012 - 09:12 PM

C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\44\154091ec-1bdcb298 Java/Exploit.Agent.NBS trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\bujzrwdc.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\ms.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP10\A0008229.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP10\A0008258.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP11\A0009425.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP11\A0009426.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP13\A0009534.exe a variant of Win32/Injector.VCU trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP13\A0009542.exe a variant of Win32/Kryptik.AKWF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP13\A0009550.exe a variant of Win32/Kryptik.AKWF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP13\A0009567.exe a variant of Win32/Kryptik.AKWF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP13\A0009574.exe a variant of Win32/Kryptik.AKWF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP13\A0010945.exe a variant of Win32/Kryptik.AKWF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP8\A0004738.dll a variant of Win32/Injector.PKW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_01.10.16\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_01.10.16\rtkt0000\zafs0000\tsk0005.dta Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_01.10.16\rtkt0000\zafs0000\tsk0007.dta Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_01.10.16\rtkt0000\zafs0000\tsk0008.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_01.10.16\rtkt0000\zafs0000\tsk0009.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

#6 aools

aools
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 24 August 2012 - 09:16 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Compaq_Owner (administrator) on 25-08-2012 at 03:15:25
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-c94f920e24

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-AB-74-59

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 25 August 2012 03:13:40

Lease Expires . . . . . . . . . . : 26 August 2012 03:13:40

Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.34.133, 173.194.34.136, 173.194.34.135, 173.194.34.131
173.194.34.137, 173.194.34.132, 173.194.34.142, 173.194.34.130, 173.194.34.128
173.194.34.134, 173.194.34.129



Pinging google.com [173.194.34.134] with 32 bytes of data:



Reply from 173.194.34.134: bytes=32 time=43ms TTL=52

Reply from 173.194.34.134: bytes=32 time=43ms TTL=52



Ping statistics for 173.194.34.134:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 43ms, Average = 43ms

Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=229ms TTL=45

Reply from 72.30.38.140: bytes=32 time=216ms TTL=45



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 216ms, Maximum = 229ms, Average = 222ms

Server: api.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 ab 74 59 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/23/2012 00:25:26 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/20/2012 05:05:33 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/16/2012 11:06:25 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (08/16/2012 10:40:54 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (08/16/2012 10:36:37 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (08/14/2012 11:33:32 AM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/14/2012 11:25:18 AM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/14/2012 11:00:53 AM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (08/25/2012 03:13:50 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/25/2012 01:38:30 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/25/2012 01:38:30 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStor
IntelIde
ViaIde

Error: (08/25/2012 01:38:25 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (08/25/2012 01:15:11 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/25/2012 01:05:27 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/25/2012 00:50:57 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/25/2012 00:31:19 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/25/2012 00:31:04 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/25/2012 00:16:02 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (08/23/2012 00:25:26 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/20/2012 05:05:33 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/16/2012 11:06:25 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (08/16/2012 10:40:54 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (08/16/2012 10:36:37 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (08/14/2012 11:33:32 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.2180hungapp0.0.0.000000000

Error: (08/14/2012 11:25:18 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.2180hungapp0.0.0.000000000

Error: (08/14/2012 11:00:53 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.2180hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 7.0.5 (Version: 7.0.5)
BufferChm (Version: 70.0.170.000)
Conquer Online 2.0
CP_AtenaShokunin1Config (Version: 70.0.170.000)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_LightScribeConfig (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Package_Variety1 (Version: 70.0.170.000)
CP_Package_Variety2 (Version: 70.0.170.000)
CP_Package_Variety3 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
cp_UpdateProjectsConfig (Version: 70.0.170.000)
CueTour (Version: 70.0.170.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
ESET Online Scanner v3
FullDPAppQFolder (Version: 1.00.0000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Boot Optimizer (Version: 3.0.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Software Update (Version: 3.0.7.014)
HPPhotoSmartExpress (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareDevices (Version: 70.0.170.000)
Internet Services (Version: FE UI-1.0.0.1680)
J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
K-Lite Codec Pack 9.1.0 (Full) (Version: 9.1.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers
OptionalContentQFolder (Version: 1.00.0000)
PC-Doctor 5 for Windows (Version: 5.00.3462.03)
PhotoGallery (Version: 70.0.170.000)
PowerCinema
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
RandMap (Version: 70.0.170.000)
Realtek High Definition Audio Driver
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SlideShowMusic (Version: 70.0.170.000)
Sonic_PrimoSDK (Version: 70.0.170.000)
Spybot - Search & Destroy (Version: 1.6.2)
Unload (Version: 7.0.0)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 1470.48 MB
Available physical RAM: 1006.52 MB
Total Pagefile: 3366.24 MB
Available Pagefile: 3016.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.73 MB

========================= Partitions: =====================================

1 Drive c: (PRESARIO) (Fixed) (Total:69.86 GB) (Free:53.78 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:4.65 GB) (Free:2.08 GB) FAT32

========================= Users: ========================================

User accounts for \\YOUR-C94F920E24

Administrator Compaq_Owner Guest
HelpAssistant SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 AM

Posted 26 August 2012 - 05:08 PM

How is it now?
Did you run Combofix before or after you started thie topic?

You need to remove the old and Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 aools

aools
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 26 August 2012 - 05:43 PM

i think hubbie had ran it before started topic bout 2 days before it hadnt sorted the problem it still came back should i keep all these programs or uninstall the eset seemed to work best took a few hours but finding 19 were the others didnt even scratch that was good

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 AM

Posted 26 August 2012 - 07:49 PM

Hello, is it rummomg well now?
You can remove them all.
Bookmark the ESET link or this BC topic as you need to load a new copy of ESET each time you run it to have the latest definitions.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 aools

aools
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 27 August 2012 - 04:04 AM

yes thanks all running well now no sign of any problems

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 AM

Posted 27 August 2012 - 09:02 AM

Excellent!! If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Catcher73

Catcher73

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 27 August 2012 - 10:55 AM

Will this same fix work on removing the UPS/Fedex Virus?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 AM

Posted 27 August 2012 - 11:05 AM

can you boot to your desktop? Then run the tools and post the logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users