Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

moneypak scam


  • Please log in to reply
22 replies to this topic

#1 bighenny22

bighenny22

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 09 November 2012 - 10:56 PM

evening all ... i think i have the FBI moneypak scam virus ...just join this site and willing to learn, not the way i want to get to no this site but oh well..
FBI virus is on my computor i can go into safe mode and get into command prompt mode too ..so what should i do next ..please help ...

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:14 AM

Posted 09 November 2012 - 10:59 PM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 09 November 2012 - 11:25 PM

ok TDSSKILLER LOG file

23:11:00.0437 0808 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:11:01.0031 0808 ============================================================
23:11:01.0031 0808 Current date / time: 2012/11/09 23:11:01.0031
23:11:01.0031 0808 SystemInfo:
23:11:01.0031 0808
23:11:01.0171 0808 OS Version: 5.1.2600 ServicePack: 3.0
23:11:01.0171 0808 Product type: Workstation
23:11:01.0171 0808 ComputerName: YOU
23:11:01.0171 0808 UserName: Administrator
23:11:01.0171 0808 Windows directory: C:\WINDOWS
23:11:01.0171 0808 System windows directory: C:\WINDOWS
23:11:01.0171 0808 Processor architecture: Intel x86
23:11:01.0171 0808 Number of processors: 2
23:11:01.0171 0808 Page size: 0x1000
23:11:01.0171 0808 Boot type: Safe boot with network
23:11:01.0171 0808 ============================================================
23:11:16.0218 0808 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:11:16.0343 0808 Drive \Device\Harddisk1\DR2 - Size: 0x1DDBF8000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:11:16.0375 0808 ============================================================
23:11:16.0375 0808 \Device\Harddisk0\DR0:
23:11:16.0390 0808 MBR partitions:
23:11:16.0390 0808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
23:11:16.0390 0808 \Device\Harddisk1\DR2:
23:11:16.0390 0808 MBR partitions:
23:11:16.0390 0808 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEDD21
23:11:16.0406 0808 ============================================================
23:11:16.0906 0808 C: <-> \Device\Harddisk0\DR0\Partition1
23:11:16.0906 0808 ============================================================
23:11:16.0906 0808 Initialize success
23:11:16.0906 0808 ============================================================
23:11:51.0421 0788 ============================================================
23:11:51.0500 0788 Scan started
23:11:51.0500 0788 Mode: Manual; TDLFS;
23:11:51.0500 0788 ============================================================
23:12:10.0734 0788 ================ Scan system memory ========================
23:12:10.0734 0788 System memory - ok
23:12:10.0750 0788 ================ Scan services =============================
23:12:13.0828 0788 [ 17067069B9A7865028C1F2E6971D0CCC ] aawservice C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
23:12:13.0828 0788 aawservice - ok
23:13:07.0421 0788 Abiosdsk - ok
23:13:07.0468 0788 abp480n5 - ok
23:13:08.0015 0788 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:13:08.0359 0788 ACPI - ok
23:13:09.0250 0788 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:13:09.0281 0788 ACPIEC - ok
23:13:09.0531 0788 [ AC3E7DB45F04EBD40F4C1E0A0D774269 ] Ad-Watch Connect Filter C:\WINDOWS\system32\drivers\NSDriver.sys
23:13:09.0625 0788 Ad-Watch Connect Filter - ok
23:13:10.0828 0788 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:13:11.0312 0788 AdobeFlashPlayerUpdateSvc - ok
23:13:11.0343 0788 adpu160m - ok
23:13:11.0640 0788 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:13:12.0015 0788 aec - ok
23:13:12.0437 0788 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:13:12.0718 0788 AFD - ok
23:13:12.0796 0788 Aha154x - ok
23:13:12.0828 0788 aic78u2 - ok
23:13:12.0828 0788 aic78xx - ok
23:13:12.0937 0788 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:13:13.0031 0788 Alerter - ok
23:13:13.0171 0788 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:13:13.0218 0788 ALG - ok
23:13:13.0234 0788 AliIde - ok
23:13:13.0234 0788 amsint - ok
23:13:14.0484 0788 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:13:14.0562 0788 Apple Mobile Device - ok
23:13:15.0015 0788 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:13:15.0265 0788 AppMgmt - ok
23:13:15.0437 0788 asc - ok
23:13:15.0531 0788 asc3350p - ok
23:13:15.0578 0788 asc3550 - ok
23:13:17.0640 0788 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:13:17.0781 0788 aspnet_state - ok
23:13:17.0984 0788 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:13:18.0109 0788 AsyncMac - ok
23:13:18.0468 0788 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:13:18.0484 0788 atapi - ok
23:13:18.0562 0788 Atdisk - ok
23:13:18.0843 0788 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:13:18.0953 0788 Atmarpc - ok
23:13:19.0296 0788 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:13:19.0328 0788 AudioSrv - ok
23:13:20.0625 0788 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:13:20.0671 0788 audstub - ok
23:13:20.0968 0788 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:13:21.0140 0788 Beep - ok
23:13:22.0062 0788 [ ED910B63A75863A89AAB65F2763D5B71 ] BLKWGU(Belkin) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
23:13:22.0625 0788 BLKWGU(Belkin) - ok
23:13:23.0421 0788 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:13:24.0093 0788 Bonjour Service - ok
23:13:24.0437 0788 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:13:24.0515 0788 Browser - ok
23:13:25.0015 0788 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:13:25.0078 0788 cbidf2k - ok
23:13:25.0281 0788 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:13:25.0343 0788 CCDECODE - ok
23:13:25.0375 0788 cd20xrnt - ok
23:13:25.0531 0788 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:13:25.0578 0788 Cdaudio - ok
23:13:26.0015 0788 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:13:26.0171 0788 Cdfs - ok
23:13:26.0359 0788 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:13:26.0421 0788 Cdrom - ok
23:13:26.0437 0788 Changer - ok
23:13:26.0859 0788 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:13:26.0953 0788 CiSvc - ok
23:13:27.0125 0788 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:13:27.0187 0788 ClipSrv - ok
23:13:27.0375 0788 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:13:27.0609 0788 clr_optimization_v2.0.50727_32 - ok
23:13:27.0625 0788 CmdIde - ok
23:13:30.0281 0788 [ E5ADEEF2C0DB43964223F408F1FCC97E ] cmuda C:\WINDOWS\system32\drivers\cmuda.sys
23:13:32.0281 0788 cmuda - ok
23:13:32.0296 0788 COMSysApp - ok
23:13:32.0343 0788 Cpqarray - ok
23:13:32.0796 0788 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:13:32.0937 0788 CryptSvc - ok
23:13:32.0953 0788 dac2w2k - ok
23:13:32.0984 0788 dac960nt - ok
23:13:33.0484 0788 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:13:34.0187 0788 DcomLaunch - ok
23:13:34.0625 0788 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:13:34.0796 0788 Dhcp - ok
23:13:35.0156 0788 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:13:35.0265 0788 Disk - ok
23:13:35.0296 0788 dmadmin - ok
23:13:36.0593 0788 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:13:37.0812 0788 dmboot - ok
23:13:38.0234 0788 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:13:38.0468 0788 dmio - ok
23:13:38.0703 0788 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:13:38.0781 0788 dmload - ok
23:13:38.0812 0788 dmoko - ok
23:13:39.0093 0788 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:13:39.0140 0788 dmserver - ok
23:13:39.0515 0788 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:13:39.0656 0788 DMusic - ok
23:13:39.0937 0788 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:13:40.0031 0788 Dnscache - ok
23:13:40.0562 0788 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:13:40.0843 0788 Dot3svc - ok
23:13:40.0859 0788 dpti2o - ok
23:13:40.0953 0788 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:13:41.0078 0788 drmkaud - ok
23:13:42.0218 0788 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:13:42.0312 0788 EapHost - ok
23:13:42.0765 0788 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:13:42.0984 0788 ERSvc - ok
23:13:43.0375 0788 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:13:43.0515 0788 Eventlog - ok
23:13:43.0859 0788 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:13:44.0187 0788 EventSystem - ok
23:13:44.0593 0788 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:13:44.0906 0788 Fastfat - ok
23:13:45.0156 0788 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:13:45.0453 0788 FastUserSwitchingCompatibility - ok
23:13:45.0546 0788 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:13:45.0593 0788 Fdc - ok
23:13:46.0015 0788 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:13:46.0171 0788 Fips - ok
23:13:46.0343 0788 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:13:46.0421 0788 Flpydisk - ok
23:13:46.0656 0788 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:13:46.0906 0788 FltMgr - ok
23:13:47.0421 0788 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:13:47.0500 0788 FontCache3.0.0.0 - ok
23:13:47.0796 0788 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:13:47.0968 0788 fssfltr - ok
23:13:49.0656 0788 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:13:50.0812 0788 fsssvc - ok
23:13:50.0890 0788 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:13:50.0906 0788 Fs_Rec - ok
23:13:51.0203 0788 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:13:51.0359 0788 Ftdisk - ok
23:13:51.0765 0788 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:13:51.0796 0788 GEARAspiWDM - ok
23:13:52.0093 0788 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:13:52.0187 0788 Gpc - ok
23:13:52.0984 0788 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate1ca40c9e4edcf78 C:\Program Files\Google\Update\GoogleUpdate.exe
23:13:52.0984 0788 gupdate1ca40c9e4edcf78 - ok
23:13:53.0203 0788 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:13:53.0203 0788 gupdatem - ok
23:13:53.0468 0788 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:13:53.0765 0788 gusvc - ok
23:13:54.0546 0788 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:13:54.0609 0788 helpsvc - ok
23:13:55.0343 0788 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:13:55.0406 0788 HidServ - ok
23:13:55.0625 0788 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:13:55.0687 0788 HidUsb - ok
23:13:56.0281 0788 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:13:56.0343 0788 hkmsvc - ok
23:13:56.0359 0788 hpn - ok
23:13:56.0765 0788 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:13:57.0140 0788 HTTP - ok
23:13:57.0296 0788 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:13:57.0359 0788 HTTPFilter - ok
23:13:57.0375 0788 i2omgmt - ok
23:13:57.0578 0788 i2omp - ok
23:13:57.0703 0788 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:13:58.0031 0788 i8042prt - ok
23:14:01.0234 0788 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:14:03.0156 0788 ialm - ok
23:14:05.0078 0788 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:14:06.0687 0788 idsvc - ok
23:14:07.0937 0788 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:14:08.0140 0788 Imapi - ok
23:14:09.0296 0788 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:14:09.0640 0788 ImapiService - ok
23:14:09.0671 0788 ini910u - ok
23:14:09.0875 0788 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:14:09.0953 0788 IntelIde - ok
23:14:10.0218 0788 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:14:10.0375 0788 intelppm - ok
23:14:10.0640 0788 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:14:10.0687 0788 Ip6Fw - ok
23:14:11.0875 0788 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:14:12.0062 0788 IpFilterDriver - ok
23:14:12.0343 0788 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:14:12.0515 0788 IpInIp - ok
23:14:12.0984 0788 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:14:13.0343 0788 IpNat - ok
23:14:16.0312 0788 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:14:16.0343 0788 iPod Service - ok
23:14:16.0375 0788 ipokoraid - ok
23:14:16.0468 0788 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:14:16.0671 0788 IPSec - ok
23:14:17.0531 0788 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
23:14:17.0812 0788 irda - ok
23:14:17.0890 0788 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:14:17.0968 0788 IRENUM - ok
23:14:18.0171 0788 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
23:14:18.0234 0788 Irmon - ok
23:14:18.0484 0788 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
23:14:18.0531 0788 irsir - ok
23:14:19.0203 0788 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:14:19.0406 0788 isapnp - ok
23:14:20.0031 0788 [ 178FF3D714E54A6936CDCFCD4A6748CE ] JL2005C C:\WINDOWS\system32\Drivers\jl2005c.sys
23:14:20.0093 0788 JL2005C - ok
23:14:20.0187 0788 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:14:20.0234 0788 Kbdclass - ok
23:14:21.0031 0788 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:14:21.0125 0788 kbdhid - ok
23:14:21.0859 0788 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:14:22.0453 0788 kmixer - ok
23:14:22.0890 0788 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:14:23.0062 0788 KSecDD - ok
23:14:23.0500 0788 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:14:23.0718 0788 lanmanserver - ok
23:14:24.0000 0788 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:14:24.0312 0788 lanmanworkstation - ok
23:14:24.0437 0788 lbrtfdc - ok
23:14:25.0125 0788 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:14:25.0156 0788 LmHosts - ok
23:14:25.0843 0788 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
23:14:25.0921 0788 LPDSVC - ok
23:14:26.0843 0788 [ 75B8EF2A089127E8A3B38F46CC366D79 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
23:14:26.0953 0788 MBAMSwissArmy - ok
23:14:29.0421 0788 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:14:30.0062 0788 MDM - ok
23:14:30.0218 0788 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:14:30.0281 0788 Messenger - ok
23:14:31.0453 0788 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:14:31.0609 0788 mnmdd - ok
23:14:32.0281 0788 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:14:32.0390 0788 mnmsrvc - ok
23:14:32.0609 0788 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:14:32.0796 0788 Modem - ok
23:14:33.0187 0788 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:14:33.0281 0788 Mouclass - ok
23:14:33.0593 0788 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:14:33.0671 0788 mouhid - ok
23:14:34.0093 0788 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:14:34.0140 0788 MountMgr - ok
23:14:34.0187 0788 mraid35x - ok
23:14:34.0609 0788 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:14:34.0875 0788 MRxDAV - ok
23:14:36.0296 0788 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:14:37.0046 0788 MRxSmb - ok
23:14:37.0421 0788 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:14:37.0531 0788 MSDTC - ok
23:14:37.0718 0788 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:14:37.0796 0788 Msfs - ok
23:14:37.0812 0788 MSIServer - ok
23:14:37.0937 0788 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:14:38.0046 0788 MSKSSRV - ok
23:14:38.0218 0788 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:14:38.0312 0788 MSPCLOCK - ok
23:14:38.0640 0788 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:14:38.0843 0788 MSPQM - ok
23:14:39.0187 0788 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:14:39.0250 0788 mssmbios - ok
23:14:39.0484 0788 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:14:39.0578 0788 MSTEE - ok
23:14:40.0390 0788 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:14:40.0578 0788 Mup - ok
23:14:41.0265 0788 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:14:41.0421 0788 NABTSFEC - ok
23:14:43.0328 0788 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:14:44.0015 0788 napagent - ok
23:14:44.0500 0788 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:14:44.0718 0788 NDIS - ok
23:14:45.0296 0788 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:14:45.0359 0788 NdisIP - ok
23:14:45.0609 0788 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:14:45.0687 0788 NdisTapi - ok
23:14:46.0281 0788 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:14:46.0406 0788 Ndisuio - ok
23:14:47.0062 0788 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:14:47.0250 0788 NdisWan - ok
23:14:47.0437 0788 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:14:47.0500 0788 NDProxy - ok
23:14:51.0093 0788 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23:14:52.0750 0788 Nero BackItUp Scheduler 3 - ok
23:14:53.0343 0788 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:14:53.0406 0788 NetBIOS - ok
23:14:55.0000 0788 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:14:55.0468 0788 NetBT - ok
23:14:56.0625 0788 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:14:56.0781 0788 NetDDE - ok
23:14:58.0281 0788 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:14:58.0296 0788 NetDDEdsdm - ok
23:14:58.0843 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:14:58.0984 0788 Netlogon - ok
23:14:59.0562 0788 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:14:59.0968 0788 Netman - ok
23:15:00.0531 0788 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:15:00.0781 0788 NetTcpPortSharing - ok
23:15:01.0765 0788 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:15:02.0171 0788 Nla - ok
23:15:04.0625 0788 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
23:15:05.0453 0788 NMIndexingService - ok
23:15:06.0078 0788 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:15:06.0203 0788 Npfs - ok
23:15:07.0296 0788 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:15:08.0250 0788 Ntfs - ok
23:15:08.0375 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:15:08.0390 0788 NtLmSsp - ok
23:15:09.0250 0788 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:15:10.0000 0788 NtmsSvc - ok
23:15:10.0078 0788 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:15:10.0140 0788 Null - ok
23:15:10.0671 0788 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:15:10.0859 0788 NwlnkFlt - ok
23:15:11.0406 0788 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:15:11.0453 0788 NwlnkFwd - ok
23:15:11.0750 0788 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:15:12.0015 0788 ose - ok
23:15:12.0562 0788 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:15:12.0828 0788 Parport - ok
23:15:13.0109 0788 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:15:13.0156 0788 PartMgr - ok
23:15:13.0921 0788 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:15:14.0015 0788 ParVdm - ok
23:15:14.0375 0788 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:15:14.0484 0788 PCI - ok
23:15:14.0500 0788 PCIDump - ok
23:15:14.0843 0788 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
23:15:14.0906 0788 PCIIde - ok
23:15:16.0046 0788 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:15:16.0359 0788 Pcmcia - ok
23:15:16.0453 0788 PDCOMP - ok
23:15:16.0515 0788 PDFRAME - ok
23:15:16.0546 0788 PDRELI - ok
23:15:16.0687 0788 PDRFRAME - ok
23:15:16.0843 0788 perc2 - ok
23:15:16.0921 0788 perc2hib - ok
23:15:17.0609 0788 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
23:15:17.0828 0788 PLFlash DeviceIoControl Service - ok
23:15:18.0281 0788 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:15:18.0296 0788 PlugPlay - ok
23:15:18.0968 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:15:18.0968 0788 PolicyAgent - ok
23:15:19.0531 0788 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:15:19.0593 0788 PptpMiniport - ok
23:15:19.0734 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:15:19.0781 0788 ProtectedStorage - ok
23:15:20.0359 0788 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:15:20.0609 0788 PSched - ok
23:15:20.0718 0788 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:15:20.0796 0788 Ptilink - ok
23:15:21.0718 0788 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
23:15:21.0765 0788 PxHelp20 - ok
23:15:21.0781 0788 ql1080 - ok
23:15:22.0046 0788 Ql10wnt - ok
23:15:22.0296 0788 ql12160 - ok
23:15:22.0437 0788 ql1240 - ok
23:15:22.0468 0788 ql1280 - ok
23:15:22.0703 0788 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:15:22.0734 0788 RasAcd - ok
23:15:23.0531 0788 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:15:23.0750 0788 RasAuto - ok
23:15:24.0015 0788 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:15:24.0109 0788 Rasirda - ok
23:15:24.0328 0788 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:15:24.0406 0788 Rasl2tp - ok
23:15:25.0609 0788 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:15:25.0937 0788 RasMan - ok
23:15:26.0109 0788 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:15:26.0171 0788 RasPppoe - ok
23:15:26.0421 0788 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:15:26.0453 0788 Raspti - ok
23:15:27.0390 0788 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:15:27.0640 0788 Rdbss - ok
23:15:27.0843 0788 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:15:27.0937 0788 RDPCDD - ok
23:15:28.0687 0788 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:15:28.0984 0788 rdpdr - ok
23:15:29.0593 0788 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:15:30.0031 0788 RDPWD - ok
23:15:30.0500 0788 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:15:30.0750 0788 RDSessMgr - ok
23:15:31.0281 0788 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:15:31.0546 0788 redbook - ok
23:15:32.0078 0788 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:15:32.0156 0788 RemoteAccess - ok
23:15:32.0421 0788 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:15:32.0531 0788 RemoteRegistry - ok
23:15:32.0812 0788 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
23:15:32.0984 0788 RimUsb - ok
23:15:33.0171 0788 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:15:33.0281 0788 RimVSerPort - ok
23:15:33.0421 0788 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
23:15:33.0625 0788 ROOTMODEM - ok
23:15:34.0218 0788 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:15:34.0468 0788 RpcLocator - ok
23:15:35.0750 0788 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:15:35.0781 0788 RpcSs - ok
23:15:36.0531 0788 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:15:36.0796 0788 RSVP - ok
23:15:39.0656 0788 [ A6886CAF9D03DADE7144171E471ECA6F ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
23:15:41.0125 0788 rt2870 - ok
23:15:41.0703 0788 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:15:41.0890 0788 RTL8023xp - ok
23:15:43.0546 0788 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:15:43.0703 0788 rtl8139 - ok
23:15:44.0281 0788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:15:44.0281 0788 SamSs - ok
23:15:45.0093 0788 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:15:45.0390 0788 SCardSvr - ok
23:15:45.0968 0788 [ 11D4171BD7F6776A85553CA1F83F7303 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
23:15:46.0109 0788 SCDEmu - ok
23:15:46.0687 0788 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:15:47.0093 0788 Schedule - ok
23:15:48.0218 0788 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:15:48.0281 0788 SeaPort - ok
23:15:49.0921 0788 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:15:50.0109 0788 Secdrv - ok
23:15:51.0109 0788 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:15:51.0234 0788 seclogon - ok
23:15:51.0750 0788 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:15:51.0843 0788 SENS - ok
23:15:51.0984 0788 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:15:52.0046 0788 serenum - ok
23:15:52.0125 0788 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:15:52.0187 0788 Serial - ok
23:15:57.0328 0788 [ 58C52CF9DD452817B9F4BA0781014836 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
23:15:59.0031 0788 SfCtlCom - ok
23:15:59.0468 0788 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:15:59.0531 0788 Sfloppy - ok
23:15:59.0984 0788 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:15:59.0984 0788 ShellHWDetection - ok
23:16:00.0093 0788 Simbad - ok
23:16:18.0750 0788 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:16:25.0890 0788 Skype C2C Service - ok
23:16:32.0406 0788 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:16:32.0890 0788 SkypeUpdate - ok
23:16:33.0921 0788 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:16:34.0046 0788 SLIP - ok
23:16:34.0171 0788 Sparrow - ok
23:16:34.0531 0788 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:16:34.0625 0788 splitter - ok
23:16:35.0250 0788 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:16:35.0390 0788 Spooler - ok
23:16:37.0171 0788 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
23:16:37.0171 0788 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
23:16:37.0203 0788 sptd ( LockedFile.Multi.Generic ) - warning
23:16:37.0203 0788 sptd - detected LockedFile.Multi.Generic (1)
23:16:37.0437 0788 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:16:37.0531 0788 sr - ok
23:16:38.0390 0788 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:16:38.0718 0788 srservice - ok
23:16:40.0781 0788 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:16:41.0531 0788 Srv - ok
23:16:42.0921 0788 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:16:43.0156 0788 SSDPSRV - ok
23:16:43.0828 0788 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:16:44.0515 0788 stisvc - ok
23:16:45.0265 0788 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:16:45.0343 0788 streamip - ok
23:16:45.0546 0788 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:16:45.0625 0788 swenum - ok
23:16:45.0859 0788 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:16:46.0015 0788 swmidi - ok
23:16:46.0031 0788 SwPrv - ok
23:16:46.0062 0788 symc810 - ok
23:16:46.0078 0788 symc8xx - ok
23:16:46.0109 0788 sym_hi - ok
23:16:46.0125 0788 sym_u3 - ok
23:16:46.0265 0788 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:16:46.0390 0788 sysaudio - ok
23:16:46.0609 0788 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:16:46.0812 0788 SysmonLog - ok
23:16:47.0953 0788 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:16:48.0437 0788 TapiSrv - ok
23:16:49.0453 0788 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:16:50.0218 0788 Tcpip - ok
23:16:50.0406 0788 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:16:50.0578 0788 TDPIPE - ok
23:16:50.0796 0788 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:16:50.0984 0788 TDTCP - ok
23:16:51.0546 0788 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:16:51.0625 0788 TermDD - ok
23:16:53.0468 0788 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:16:54.0125 0788 TermService - ok
23:16:54.0625 0788 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:16:54.0656 0788 Themes - ok
23:16:55.0390 0788 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:16:55.0703 0788 TlntSvr - ok
23:16:55.0968 0788 [ CA9E9C2C04A198ED345C1752222A5F3E ] tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys
23:16:56.0078 0788 tmactmon - ok
23:16:58.0296 0788 [ B365E817E398FF2AC5706EAB232EF6C1 ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
23:16:59.0218 0788 TMBMServer - ok
23:17:00.0031 0788 [ FCFA40E475FF5549F5CD335F4046ABA4 ] tmcfw C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
23:17:00.0671 0788 tmcfw - ok
23:17:01.0031 0788 [ A3D20789B3FF0576A29462BEF25BCFCC ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
23:17:01.0312 0788 tmcomm - ok
23:17:01.0468 0788 [ 21F215E54770C4BF93EFAF63F58FE57E ] tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys
23:17:01.0578 0788 tmevtmgr - ok
23:17:02.0656 0788 [ 255328CF08D602368B69FF1F55EBD93E ] TmPfw C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
23:17:03.0609 0788 TmPfw - ok
23:17:03.0750 0788 [ 379C4F99994A56B66E11D1E32BB22A1C ] tmpreflt C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
23:17:03.0796 0788 tmpreflt - ok
23:17:04.0968 0788 [ 0FEC6C50B2BE07C57651573CDD1C721F ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
23:17:06.0390 0788 TmProxy - ok
23:17:06.0578 0788 [ 44C262C1B2412DED35078B6166D2ACC2 ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
23:17:06.0906 0788 tmtdi - ok
23:17:07.0812 0788 [ 717E406972BBC07F8FB2A989416CAB73 ] tmxpflt C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
23:17:08.0375 0788 tmxpflt - ok
23:17:08.0406 0788 TosIde - ok
23:17:08.0812 0788 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:17:08.0984 0788 TrkWks - ok
23:17:09.0531 0788 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:17:09.0609 0788 Udfs - ok
23:17:09.0640 0788 ufamrkfp - ok
23:17:09.0765 0788 ultra - ok
23:17:11.0640 0788 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:17:12.0468 0788 Update - ok
23:17:13.0125 0788 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:17:13.0484 0788 upnphost - ok
23:17:14.0359 0788 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:17:14.0437 0788 UPS - ok
23:17:14.0765 0788 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:17:14.0828 0788 USBAAPL - ok
23:17:15.0375 0788 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:17:15.0515 0788 usbccgp - ok
23:17:16.0531 0788 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:17:16.0750 0788 usbehci - ok
23:17:18.0125 0788 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:17:18.0281 0788 usbhub - ok
23:17:18.0578 0788 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:17:18.0609 0788 usbscan - ok
23:17:18.0750 0788 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:17:18.0812 0788 USBSTOR - ok
23:17:19.0015 0788 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:17:19.0312 0788 usbuhci - ok
23:17:19.0562 0788 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:17:19.0671 0788 VgaSave - ok
23:17:19.0687 0788 ViaIde - ok
23:17:20.0078 0788 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:17:20.0203 0788 VolSnap - ok
23:17:24.0343 0788 [ 642EB152CB980AD9181B2161066BE629 ] vsapint C:\WINDOWS\system32\DRIVERS\vsapint.sys
23:17:26.0812 0788 vsapint - ok
23:17:27.0921 0788 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:17:28.0531 0788 VSS - ok
23:17:28.0937 0788 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:17:29.0296 0788 W32Time - ok
23:17:30.0015 0788 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:17:30.0109 0788 Wanarp - ok
23:17:31.0453 0788 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:17:32.0515 0788 Wdf01000 - ok
23:17:32.0578 0788 WDICA - ok
23:17:33.0406 0788 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:17:33.0578 0788 wdmaud - ok
23:17:33.0718 0788 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:17:33.0984 0788 WebClient - ok
23:17:36.0828 0788 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:17:37.0203 0788 winmgmt - ok
23:17:37.0640 0788 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:17:37.0828 0788 WmdmPmSN - ok
23:17:39.0437 0788 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:17:40.0546 0788 Wmi - ok
23:17:40.0875 0788 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:17:41.0171 0788 WmiApSrv - ok
23:17:44.0187 0788 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:17:45.0781 0788 WMPNetworkSvc - ok
23:17:46.0531 0788 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:17:46.0671 0788 wscsvc - ok
23:17:47.0031 0788 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:17:47.0156 0788 WSTCODEC - ok
23:17:47.0531 0788 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:17:47.0671 0788 WudfPf - ok
23:17:48.0328 0788 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:17:48.0625 0788 WudfRd - ok
23:17:48.0890 0788 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:17:49.0046 0788 WudfSvc - ok
23:17:50.0515 0788 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:17:51.0328 0788 WZCSVC - ok
23:17:52.0718 0788 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:17:53.0625 0788 xmlprov - ok
23:17:56.0265 0788 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:17:57.0453 0788 YahooAUService - ok
23:17:58.0187 0788 [ 00AE175B903D45ED4A62384D3315DC2A ] ZDPSp50 C:\WINDOWS\system32\Drivers\ZDPSp50.sys
23:17:58.0281 0788 ZDPSp50 - ok
23:17:58.0453 0788 ================ Scan global ===============================
23:17:59.0125 0788 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:17:59.0984 0788 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:18:00.0921 0788 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:18:01.0187 0788 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:18:01.0187 0788 [Global] - ok
23:18:01.0187 0788 ================ Scan MBR ==================================
23:18:01.0265 0788 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:18:52.0843 0788 \Device\Harddisk0\DR0 - ok
23:18:52.0890 0788 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
23:18:53.0796 0788 \Device\Harddisk1\DR2 - ok
23:18:53.0812 0788 ================ Scan VBR ==================================
23:18:53.0921 0788 [ 0B5725224D2AAA3F094A7541248101ED ] \Device\Harddisk0\DR0\Partition1
23:18:54.0109 0788 \Device\Harddisk0\DR0\Partition1 - ok
23:18:54.0171 0788 [ AB270809BA686ED9F181D1545DF27FC3 ] \Device\Harddisk1\DR2\Partition1
23:18:54.0203 0788 \Device\Harddisk1\DR2\Partition1 - ok
23:18:54.0218 0788 ============================================================
23:18:54.0218 0788 Scan finished
23:18:54.0218 0788 ============================================================
23:18:54.0531 0328 Detected object count: 1
23:18:54.0531 0328 Actual detected object count: 1

#4 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 10 November 2012 - 12:12 AM

heres aswMBR log file

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-09 23:26:41
-----------------------------
23:26:41.468 OS Version: Windows 5.1.2600 Service Pack 3
23:26:41.468 Number of processors: 2 586 0x304
23:26:41.531 ComputerName: YOU UserName:
23:27:53.843 Initialize success
23:33:09.875 AVAST engine defs: 12110900
23:33:46.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
23:33:46.156 Disk 0 Vendor: IC35L120AVVA07-0 VA6OA52A Size: 114473MB BusType: 3
23:33:46.359 Disk 0 MBR read successfully
23:33:46.375 Disk 0 MBR scan
23:33:47.140 Disk 0 Windows XP default MBR code
23:33:47.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
23:33:47.484 Disk 0 scanning sectors +234436545
23:33:48.125 Disk 0 scanning C:\WINDOWS\system32\drivers
23:36:08.906 Service scanning
23:38:27.406 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:39:16.125 Modules scanning
23:41:14.171 Disk 0 trace - called modules:
23:41:14.218 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86f8a8ac]<<
23:41:14.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ec8ab8]
23:41:14.421 3 CLASSPNP.SYS[f774afd7] -> nt!IofCallDriver -> \Device\0000007f[0x86f3c9e8]
23:41:14.484 5 ACPI.sys[f75bf620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x86ecf940]
23:41:31.859 AVAST engine scan C:\WINDOWS
23:42:14.531 AVAST engine scan C:\WINDOWS\system32
00:00:02.375 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:04:02.046 AVAST engine scan C:\WINDOWS\system32\drivers
00:05:36.359 AVAST engine scan C:\Documents and Settings\Administrator
00:07:26.406 AVAST engine scan C:\Documents and Settings\All Users
00:10:01.875 Scan finished successfully
00:11:18.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
00:11:18.828 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#5 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 10 November 2012 - 08:49 AM

eset list of threats found

C:\Documents and Settings\home\Application Data\ethore.dll a variant of Win32/Kryptik.AMJF trojan cleaned by deleting - quarantined
C:\Documents and Settings\home\Application Data\rocedm.dll a variant of Win32/Medfos.EB trojan cleaned by deleting - quarantined
C:\Documents and Settings\home\Application Data\IQManager\languages\English.lng Win32/Adware.Antipiracy.L application cleaned by deleting - quarantined
C:\Documents and Settings\home\Desktop\programs\Skype.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Documents and Settings\home\Desktop\programs\programs\NERO 8.3.6.0+KEYGEN\Nero-8.3.6.0_eng_update\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\home\Local Settings\Application Data\Microsoft\Windows\3532\wfapigp.exe a variant of Win32/Kryptik.AMLT trojan cleaned by deleting - quarantined
C:\Documents and Settings\home\My Documents\139d2e78.dll a variant of Win32/Kryptik.ANNW trojan cleaned by deleting - quarantined
C:\Documents and Settings\home\Start Menu\Programs\Startup\ctfmon.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.msn Win32/Qhost trojan cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:14 AM

Posted 10 November 2012 - 09:08 AM

Reboot to normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 10 November 2012 - 08:13 PM

Malwarebytes log file

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
home :: YOU [administrator]

11/10/2012 9:39:40 AM
mbam-log-2012-11-10 (20-11-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317362
Time elapsed: 4 hour(s), 25 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMOKO (Worm.KoobFace) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPOKORAID (Worm.KoobFace) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\dmoko (Worm.KoobFace) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\ipokoraid (Worm.KoobFace) -> No action taken.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: C:\Documents and Settings\home\Application Data\IQManager\iqmanager.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|rpcSsc (Worm.KoobFace) -> Data: ipokoraid^^ -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ethore (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Documents and Settings\home\Application Data\ethore.dll",UpdateTextureState -> No action taken.

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\n.) Good: (fastprox.dll) -> No action taken.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\$331e89bc4c61646963a22f580884a090\n.) Good: (shell32.dll) -> No action taken.

Folders Detected: 3
C:\Documents and Settings\home\Application Data\hellomoto (Trojan.Ransom.FGen) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages (Trojan.FakeCRight) -> No action taken.

Files Detected: 30
C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\n (Trojan.Agent.MRGGen) -> No action taken.
c:\recycler\s-1-5-18\$331e89bc4c61646963a22f580884a090\u\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\U\80000032.@ (Rootkit.0Access) -> No action taken.
C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\$331e89bc4c61646963a22f580884a090\n (Trojan.Agent.MRGGen) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp390\a0205685.ini (Trojan.0access) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp390\a0207685.ini (Trojan.0access) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp391\a0207730.ini (Trojan.0access) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp391\a0208730.ini (Trojan.0access) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp391\a0208756.ini (Trojan.0access) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp391\a0209755.ini (Trojan.0access) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp391\a0209761.ini (Trojan.0access) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp391\a0209766.ini (Trojan.0access) -> No action taken.
C:\System Volume Information\_restore{E17507BD-2E89-4144-9E87-474A03FBEBE1}\RP391\A0209783.dll (Trojan.FakeSysInt) -> No action taken.
C:\System Volume Information\_restore{E17507BD-2E89-4144-9E87-474A03FBEBE1}\RP391\A0209787.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{e17507bd-2e89-4144-9e87-474a03fbebe1}\rp391\a0209794.ini (Trojan.0access) -> No action taken.
C:\Documents and Settings\home\Application Data\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> No action taken.
C:\Documents and Settings\home\Application Data\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\settings.ini (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\torrents (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\wallpaper.jpg (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\Czech.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\Danish.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\Dutch.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\French.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\German.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\Italian.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\Portuguese.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\Slovak.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\Spanish.lng (Trojan.FakeCRight) -> No action taken.
C:\Documents and Settings\home\Application Data\IQManager\languages\template.lng (Trojan.FakeCRight) -> No action taken.

(end)

#8 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 10 November 2012 - 08:14 PM

mini tool box results

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by home (administrator) on 10-11-2012 at 09:56:45
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

D-Link DWA-140 RangeBooster N USB Adapter(rev.B2) = Wireless Network Connection 9 (Connected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : you

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Wireless Network Connection 9:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : D-Link DWA-140 RangeBooster N USB Adapter(rev.B2)

Physical Address. . . . . . . . . : 00-26-5A-6A-FB-E6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.14

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Saturday, November 10, 2012 9:28:52 AM

Lease Expires . . . . . . . . . . : Tuesday, November 13, 2012 9:28:52 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-13-8F-FA-87-43



Pinging google.com [74.125.226.71] with 32 bytes of data:



Reply from 74.125.226.71: bytes=32 time=16ms TTL=54

Reply from 74.125.226.71: bytes=32 time=13ms TTL=54



Ping statistics for 74.125.226.71:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 13ms, Maximum = 16ms, Average = 14ms



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=94ms TTL=51

Reply from 72.30.38.140: bytes=32 time=98ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 94ms, Maximum = 98ms, Average = 96ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 5a 6a fb e6 ...... D-Link DWA-140 RangeBooster N USB Adapter(rev.B2) - Packet Scheduler Miniport
0x3 ...00 13 8f fa 87 43 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.14 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.14 192.168.2.14 20
192.168.2.0 255.255.255.0 192.168.2.14 192.168.2.14 20
192.168.2.14 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.14 192.168.2.14 20
224.0.0.0 240.0.0.0 192.168.2.14 192.168.2.14 20
255.255.255.255 255.255.255.255 192.168.2.14 3 1
255.255.255.255 255.255.255.255 192.168.2.14 192.168.2.14 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/28/2012 08:06:05 PM) (Source: Application Error) (User: )
Description: Faulting application heroes3.exe, version 4.0.0.0, faulting module aclayers.dll, version 5.1.2600.5906, fault address 0x0001698b.
Processing media-specific event for [heroes3.exe!ws!]

Error: (10/17/2012 03:18:17 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00670028.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/12/2012 04:09:37 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00670028.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/02/2012 04:10:08 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/28/2012 04:25:18 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(5c:95:ae:03:f8:8a@fe80::5e95:aeff:fe03:f88a._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (09/27/2012 08:01:50 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19328, fault address 0x000da6fc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/25/2012 08:22:21 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19328, fault address 0x000da6fc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/23/2012 10:09:02 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19328, fault address 0x000da6fc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/23/2012 05:43:53 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0xffffffff.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/22/2012 03:46:12 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(5c:95:ae:03:f8:8a@fe80::5e95:aeff:fe03:f88a._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.


System errors:
=============
Error: (11/10/2012 02:30:03 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 02:29:56 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 02:28:04 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 01:42:12 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 01:42:05 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 01:42:00 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 01:41:55 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 01:41:50 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 11:43:01 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2012 11:42:56 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (10/28/2012 08:06:05 PM) (Source: Application Error)(User: )
Description: heroes3.exe4.0.0.0aclayers.dll5.1.2600.59060001698b

Error: (10/17/2012 03:18:17 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000670028

Error: (10/12/2012 04:09:37 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000670028

Error: (10/02/2012 04:10:08 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (09/28/2012 04:25:18 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(5c:95:ae:03:f8:8a@fe80::5e95:aeff:fe03:f88a._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (09/27/2012 08:01:50 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.19328000da6fc

Error: (09/25/2012 08:22:21 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.19328000da6fc

Error: (09/23/2012 10:09:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.19328000da6fc

Error: (09/23/2012 05:43:53 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.0ffffffff

Error: (09/22/2012 03:46:12 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(5c:95:ae:03:f8:8a@fe80::5e95:aeff:fe03:f88a._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
ACDSee for PENTAX 3.0 (Version: 9.0.34)
Ad-Aware (Version: 7.1.0.7)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader 9.3 (Version: 9.3.0)
Adobe Shockwave Player (Version: 11)
Advanced SystemCare 3 (Version: 3.3.1)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Application Verifier Database
AVG PC Tuneup (Version: 10.0.0.27)
Belkin Wireless USB Utility (Version: 6.3.2.16)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32)
BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone (Version: 6.0.0.344 (Platform 6.6.0.50))
Bonjour (Version: 3.0.0.10)
C-Media 3D Audio
CCleaner (Version: 3.24)
Compatibility Administrator 3.0 (Version: 30.00.0001)
DivX Codec (Version: 6.6.1)
DivX Plus Web Player (Version: 2.0.0)
DVD Solution
ESET Online Scanner v3
Full Tilt Poker (Version: 4.30.0.WIN.FullTilt.COM)
Google Talk Plugin (Version: 3.10.2.10212)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
GTA San Andreas (Version: 1.00.00001)
Heroes of Might and Magic II
Heroes of Might and Magic V - Tribes of the East
Heroes of Might and Magic® III Complete
Heroes of Might and Magic® IV
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
iTunes (Version: 10.6.1.7)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Compatibility Analyzer 1.0 (Version: 1.00.0001)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Application Compatibility Toolkit 3.0 (Version: 30.00.0001)
MP3 Player Utilities 3.81 (Version: 3.81)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Multimedia Launcher
Nero 8 (Version: 8.3.314)
neroxml (Version: 1.0.0)
NHL® 09 (Version: 2.0.1.0)
PartyPoker.net (Version: 140)
PokerStars.net
PowerDVD
PowerISO
PowerProducer
PurePlay Poker (Version: 2.0.3104.0)
QuickTime (Version: 7.71.80.42)
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.70)
Rhapsody Player Engine (Version: 1.0.690)
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 6.3.11079)
Skype™ 5.10 (Version: 5.10.116)
Software Update for Web Folders (Version: 9.60.6715.0)
Trend Micro Internet Security (Version: 17.50)
Uninstall Dual Mode Camera
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Windows Application Verifier 2.50 (Version: 20.50.0001)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 1014.79 MB
Available physical RAM: 295.46 MB
Total Pagefile: 2919.98 MB
Available Pagefile: 2395.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1986.7 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:111.79 GB) (Free:25.84 GB) NTFS
3 Drive d: (H3_disk2) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\YOU

Administrator Guest HelpAssistant
home SUPPORT_388945a0

========================= Restore Points ==================================

13-08-2012 06:00:21 System Checkpoint
14-08-2012 22:03:06 System Checkpoint
16-08-2012 21:55:06 Software Distribution Service 3.0
17-08-2012 22:22:02 System Checkpoint
19-08-2012 02:27:57 System Checkpoint
20-08-2012 22:44:13 Installed BlackBerry Desktop Software 7.1.
21-08-2012 23:35:57 System Checkpoint
22-08-2012 18:39:49 Software Distribution Service 3.0
23-08-2012 18:40:45 System Checkpoint
25-08-2012 10:59:27 System Checkpoint
26-08-2012 11:03:13 System Checkpoint
31-08-2012 21:32:23 System Checkpoint
02-09-2012 07:35:06 System Checkpoint
03-09-2012 08:34:34 System Checkpoint
05-09-2012 05:28:02 System Checkpoint
06-09-2012 14:01:20 System Checkpoint
06-09-2012 18:47:20 Installed Microsoft Windows Application Compatibility Toolkit 3.0
06-09-2012 18:48:20 Installed Microsoft Application Compatibility Analyzer 1.0
06-09-2012 18:48:58 Installed Windows Application Verifier 2.50
06-09-2012 18:49:39 Installed Compatibility Administrator 3.0
07-09-2012 22:15:29 System Checkpoint
08-09-2012 23:54:32 System Checkpoint
09-09-2012 03:44:52 Installed BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone.
11-09-2012 00:04:46 System Checkpoint
12-09-2012 02:38:57 System Checkpoint
12-09-2012 20:18:44 Software Distribution Service 3.0
13-09-2012 21:08:20 Software Distribution Service 3.0
14-09-2012 22:13:04 System Checkpoint
16-09-2012 04:24:26 System Checkpoint
17-09-2012 04:55:29 System Checkpoint
18-09-2012 13:32:28 System Checkpoint
19-09-2012 22:58:16 System Checkpoint
21-09-2012 22:07:11 System Checkpoint
22-09-2012 07:00:39 Software Distribution Service 3.0
23-09-2012 07:45:15 System Checkpoint
24-09-2012 22:45:02 System Checkpoint
25-09-2012 23:08:28 System Checkpoint
27-09-2012 00:51:22 System Checkpoint
29-09-2012 00:16:01 System Checkpoint
30-09-2012 00:49:05 System Checkpoint
02-10-2012 00:44:41 System Checkpoint
03-10-2012 01:24:54 System Checkpoint
04-10-2012 01:41:41 System Checkpoint
05-10-2012 02:35:48 System Checkpoint
08-10-2012 02:48:48 System Checkpoint
09-10-2012 04:33:43 System Checkpoint
10-10-2012 22:56:23 System Checkpoint
12-10-2012 00:33:11 System Checkpoint
13-10-2012 03:50:45 System Checkpoint
14-10-2012 18:01:46 System Checkpoint
15-10-2012 19:33:27 System Checkpoint
20-10-2012 03:05:46 System Checkpoint
21-10-2012 04:43:44 System Checkpoint
22-10-2012 06:50:15 System Checkpoint
23-10-2012 12:11:12 System Checkpoint
25-10-2012 00:31:40 System Checkpoint
26-10-2012 01:19:21 System Checkpoint
27-10-2012 01:54:29 System Checkpoint
28-10-2012 04:12:03 System Checkpoint
29-10-2012 22:29:13 System Checkpoint
30-10-2012 23:06:20 System Checkpoint
02-11-2012 01:57:20 System Checkpoint
03-11-2012 06:02:03 System Checkpoint
04-11-2012 06:23:47 System Checkpoint
07-11-2012 01:19:01 System Checkpoint
09-11-2012 01:57:03 System Checkpoint
09-11-2012 23:41:37 Restore Operation
11-11-2012 00:06:41 System Checkpoint

**** End of log ****

#9 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 10 November 2012 - 08:17 PM

Farbar results

Farbar Service Scanner Version: 09-11-2012
Ran by home (administrator) on 10-11-2012 at 20:17:44
Running from "C:\Documents and Settings\home\Desktop\virus 1"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\WINDOWS\System32\svchost.exe -k netsvcs".
The ServiceDll of wscsvc: ""C:\WINDOWS\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(12) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5) tmcfw(11)
0x0C0000000600000001000000020000000300000004000000050000000700000008000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

#10 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 10 November 2012 - 08:24 PM

adw cleaner results

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 20:22:41
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : home - YOU
# Boot Mode : Normal
# Running from : C:\Documents and Settings\home\Desktop\virus 1\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\DOCUME~1\home\LOCALS~1\Temp\AskSearch
Folder Found : C:\DOCUME~1\home\LOCALS~1\Temp\CT3072253
Folder Found : C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ta02dpc1.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Toolbar
Key Found : HKU\S-1-5-21-842925246-651377827-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-842925246-651377827-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ta02dpc1.default\prefs.js

Found : user_pref("CT3072253.autoDisableScopes", -1);

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v [Unable to get version]

File : C:\Documents and Settings\home\Local Settings\Application Data\Chromium\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\home\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2657 octets] - [10/11/2012 20:22:41]
AdwCleaner[S1].txt - [2453 octets] - [09/11/2012 21:30:56]

########## EOF - C:\AdwCleaner[R1].txt - [2777 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:14 AM

Posted 10 November 2012 - 09:06 PM

.

Edited by narenxp, 12 November 2012 - 10:08 AM.


#12 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 12 November 2012 - 09:35 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.9.4 (11.10.2012)
OS: Microsoft Windows XP x86
Ran by home on Sat 11/10/2012 at 20:22:37.57
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\freecause"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\smartbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/10/2012 at 20:44:30.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:14 AM

Posted 12 November 2012 - 10:08 AM

Run malwarebytes again and post the clean log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#14 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 12 November 2012 - 02:16 PM

sorry for the long wait ...doing a malaware run now will post when done ok

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/12/2012 02:07:34 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\IoctlSvc.exe (PID: 1428) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\ [ZA Dir]
* C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\L\ [ZA Dir]
* C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\L\00000004.@ [ZA File]
* C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\L\201d3dde [ZA File]
* C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\n [ZA File]
* C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\U\ [ZA Dir]
* C:\RECYCLER\S-1-5-18\$331e89bc4c61646963a22f580884a090\U\80000032.@ [ZA File]
* C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\$331e89bc4c61646963a22f580884a090\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\$331e89bc4c61646963a22f580884a090\@ [ZA File]
* C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\$331e89bc4c61646963a22f580884a090\L\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\$331e89bc4c61646963a22f580884a090\n [ZA File]
* C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\$331e89bc4c61646963a22f580884a090\U\ [ZA Dir]

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* BITS [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

* wscsvc => "C:\WINDOWS\system32\wscsvc.dll" [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 11/12/2012 02:11:37 PM
Execution time: 0 hours(s), 4 minute(s), and 2 seconds(s)

#15 bighenny22

bighenny22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 12 November 2012 - 02:53 PM

i can't copy and paste the autoruns file when done ...i can save it but thats as far as i can go on it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users