Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware Causing Audio Adverts and Pop Ups


  • This topic is locked This topic is locked
8 replies to this topic

#1 Conorkc

Conorkc

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 30 July 2010 - 06:39 AM

**Edit Because Attach file didn't Attack to Post

The Malware Play Audio Adverts (For Optrics Acta-mist eye spray, Bonjella and Nurophen) aong with Pop ups for Iq tests etc. The pop ups appear in Internet explorer even though I use Firefox as my default browser and Chrome as my secondary. I have scaned my computer with Malwarebytes, SuperAnti Spyware, Avast and Norton antivirus? But the problem remains.

The Anti virus package I use is Norton 360 the Full edition this is supposed to have it's own firewall and background scanning capability, as you can imagine i'm dissappointed with it and will ot be re purchacing after this insident. If you could recomend a better Anti Virus package for me to use I would be grate full.

Thanks in adance for your help,
Conorkc.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Conorkc at 21:55:58.21 on 29/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1282 [GMT 1:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe 4
svchost.exe 4
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Conorkc\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\conorkc\application data\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [PDService.exe] c:\program files\utimaco\safeguard privatedisk\pdservice.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download All By FlashGet3 - c:\documents and settings\conorkc\application data\flashgetbho\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\conorkc\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: kuaiche.com\software
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\conorkc\applic~1\mozilla\firefox\profiles\irxgy2qf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/|http://www.google.ie/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\conorkc\application data\mozilla\firefox\profiles\irxgy2qf.default\extensions\{80e09551-926a-432b-9b67-f18c3f172abf}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\conorkc\application data\mozilla\firefox\profiles\irxgy2qf.default\extensions\{80e09551-926a-432b-9b67-f18c3f172abf}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\conorkc\application data\mozilla\firefox\profiles\irxgy2qf.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - component: c:\documents and settings\conorkc\application data\mozilla\firefox\profiles\irxgy2qf.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\conorkc\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\conorkc\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-3 310320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-27 165456]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100728.001\IDSXpx86.sys [2010-7-29 331640]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-27 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-27 40384]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-27 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-27 40384]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100729.002\NAVENG.SYS [2010-7-29 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100729.002\NAVEX15.SYS [2010-7-29 1362608]
S2 AdobeActiveFileMonitorAlerter;Adobe Active File Monitor AdobeActiveFileMonitorAlerter;c:\windows\temp\rgqygpkhko.exe service --> c:\windows\temp\rgqygpkhko.exe service [?]
S2 FastUserSwitchingCompatibilityImapiService;Fast User Switching Compatibility FastUserSwitchingCompatibilityImapiService;c:\windows\system32\adsmsextu.exe srv --> c:\windows\system32\adsmsextu.exe srv [?]
S2 yzxnpjyloixnbq;yzxnpjyloixnbq;\??\c:\windows\system32\drivers\omhsli.sys --> c:\windows\system32\drivers\omhsli.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

=============== Created Last 30 ================

2010-07-29 20:35:50 131840 ----a-w- c:\windows\system32\OLD9.tmp
2010-07-29 20:35:45 2066048 ----a-w- c:\windows\system32\OLD5.tmp
2010-07-29 20:35:44 2189184 ----a-w- c:\windows\system32\OLD2.tmp
2010-07-29 18:57:32 20 ----a-w- c:\documents and settings\conorkc\defogger_reenable
2010-07-29 15:54:52 0 d-----w- c:\docume~1\conorkc\applic~1\SUPERAntiSpyware.com
2010-07-29 15:54:52 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-29 15:54:35 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-28 22:30:21 0 d-----w- c:\program files\Trend Micro
2010-07-27 18:27:37 0 d-----w- c:\docume~1\conorkc\applic~1\LogoManager
2010-07-27 18:24:54 0 d-----w- c:\program files\common files\LogoManager
2010-07-27 18:24:36 0 d-----w- c:\program files\LogoManager Pro Suite
2010-07-27 13:47:41 38848 ----a-w- c:\windows\avastSS.scr
2010-07-27 13:47:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-24 17:52:35 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-07-24 17:06:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-24 16:20:03 0 d-----w- C:\Intel
2010-07-24 14:29:10 0 d-----w- c:\program files\CCleaner
2010-07-24 14:16:14 0 d-----w- c:\windows\pss

==================== Find3M ====================

2010-07-29 20:30:37 94208 ----a-w- c:\windows\DUMPc1aa.tmp
2010-07-29 20:10:54 94208 ----a-w- c:\windows\DUMPd5fd.tmp
2010-07-29 20:01:00 94208 ----a-w- c:\windows\DUMPd9d5.tmp
2010-07-29 19:55:16 94208 ----a-w- c:\windows\DUMPd512.tmp
2010-07-29 19:46:24 94208 ----a-w- c:\windows\DUMPc12d.tmp
2010-07-29 19:43:36 94208 ----a-w- c:\windows\DUMPc4e6.tmp
2010-07-29 19:42:18 94208 ----a-w- c:\windows\DUMPc803.tmp
2010-07-29 19:33:17 94208 ----a-w- c:\windows\DUMPd8bc.tmp
2010-07-29 17:25:24 102400 ----a-w- c:\windows\DUMPf53d.tmp
2010-07-24 17:30:06 102400 ----a-w- c:\windows\DUMP14cb.tmp
2010-07-24 16:13:28 7044 ----a-w- c:\windows\system32\secushr.dat
2010-07-24 14:10:33 479102 ----a-w- c:\windows\hpoins21.dat
2009-10-25 21:26:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009102520091026\index.dat

============= FINISH: 21:57:29.76 ===============

Just an update, I ran Blacklight as per on of the tutorilas on this site. Below is the Log.

07/30/10 14:54:28 [Info]: BlackLight Engine 2.2.1092 initialized
07/30/10 14:54:28 [Info]: OS: 5.1 build 2600 (Service Pack 3)
07/30/10 14:54:28 [Note]: 7019 4
07/30/10 14:54:28 [Note]: 7005 0
07/30/10 14:54:31 [Note]: 7006 0
07/30/10 14:54:31 [Note]: 7011 1132
07/30/10 14:54:31 [Note]: 7035 0
07/30/10 14:54:32 [Note]: 7026 0
07/30/10 14:54:33 [Note]: 7026 0
07/30/10 14:54:33 [Note]: 7024 3
07/30/10 14:54:33 [Info]: Hidden process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
07/30/10 14:54:36 [Note]: FSRAW library version 1.7.1024
07/30/10 15:06:59 [Note]: 2000 1012
07/30/10 15:13:11 [Note]: 7006 0
07/30/10 15:13:12 [Note]: 7011 1132
07/30/10 15:13:12 [Note]: 7026 0
07/30/10 15:13:13 [Note]: 7026 0
07/30/10 15:13:13 [Note]: 7024 3
07/30/10 15:13:13 [Info]: Hidden process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
07/30/10 15:13:13 [Note]: FSRAW library version 1.7.1024
07/30/10 15:13:22 [Note]: 7007 0

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 30 July 2010 - 12:28 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:46 PM

Posted 30 July 2010 - 03:15 PM

Good evening. smile.gif

We'll worry about your PC's security programs once we've got a better idea of how to proceed with the infection. Until then, please uninstall Avast. Running two or more AVs in real-time may result in conflictions giving less, not more, protection and as Norton has a firewall I think it's easier for now to stick with that security suite.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download MBRCheck.exe by a_d_13 from here and save it to your Desktop.
  • Double click the file to begin the scan.
  • A Command Window will open and after the scan has completed you will be prompted to press <ENTER> to exit.
  • A text file called MBRCheck_date/time.txt can be found on the Desktop. I'd like you to post the contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Preformat.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see a folder with a .vbs file in it. Double click Preformat.vbs to run it and a text file called Preformat.txt should be created in the same folder - either that or you'll get an error message.
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

So long, and thanks for all the fish.

 

 


#3 Conorkc

Conorkc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 31 July 2010 - 06:08 AM

Hi Nova,

Sorry about this but my computer was acting up on restart, it was giving me blue screens etc and it would take 5 or 6 attempts to get to the login screen. Then when I would login it was saying to reboot as new hardware was installed? Last night I tried multiple times to logon but with no joy, So I decided to Reformat the HD and Install Fedora 12. I'm am so sorry if I have wasted your time. I have one question tho, could an infection like this be sitting Dormant on my other Windows PC's? and if so is there any way to check?

Thanks for your help!

Regards,
Conor

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:46 PM

Posted 31 July 2010 - 02:50 PM

Good evening. smile.gif

Run MBRCheck.exe on any Windows PCs that you have and post the logs and i'll tell you.

So long, and thanks for all the fish.

 

 


#5 Conorkc

Conorkc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 02 August 2010 - 09:22 AM

Thanks Nova!

Here is the Log from my Gaming Machine.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000009d

Kernel Drivers (total 165):
0x02010000 \SystemRoot\system32\ntoskrnl.exe
0x02527000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\PSHED.dll
0x0062C000 \SystemRoot\system32\CLFS.SYS
0x00689000 \SystemRoot\system32\CI.dll
0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A0B000 \SystemRoot\System32\Drivers\spfw.sys
0x00B3F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B48000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B76000 \SystemRoot\system32\drivers\acpi.sys
0x00BCC000 \SystemRoot\system32\drivers\msisadrv.sys
0x008F7000 \SystemRoot\system32\drivers\pci.sys
0x00BD6000 \SystemRoot\System32\drivers\partmgr.sys
0x00BEB000 \SystemRoot\system32\drivers\volmgr.sys
0x00927000 \SystemRoot\System32\drivers\volmgrx.sys
0x00A00000 \SystemRoot\system32\drivers\pciide.sys
0x0098D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0099D000 \SystemRoot\System32\drivers\mountmgr.sys
0x009B0000 \SystemRoot\system32\drivers\atapi.sys
0x009B8000 \SystemRoot\system32\drivers\ataport.SYS
0x009DC000 \SystemRoot\system32\drivers\nvstor.sys
0x0073B000 \SystemRoot\system32\drivers\storport.sys
0x00798000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x007BA000 \SystemRoot\system32\DRIVERS\SI3132.sys
0x00C03000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C4A000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C5E000 \SystemRoot\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
0x00CC5000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x00CCE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E08000 \SystemRoot\system32\drivers\ndis.sys
0x00D55000 \SystemRoot\system32\drivers\msrpc.sys
0x00DA5000 \SystemRoot\system32\drivers\NETIO.SYS
0x01009000 \SystemRoot\System32\drivers\tcpip.sys
0x0117F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138E000 \SystemRoot\system32\drivers\volsnap.sys
0x013D2000 \SystemRoot\System32\Drivers\spldr.sys
0x013DA000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x013E2000 \SystemRoot\System32\Drivers\mup.sys
0x011AB000 \SystemRoot\System32\drivers\ecache.sys
0x011D7000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00FCB000 \SystemRoot\system32\drivers\disk.sys
0x007D4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x013F4000 \SystemRoot\system32\drivers\crcdisk.sys
0x03442000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0344F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x03458000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x03609000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04333000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0346C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04335000 \SystemRoot\System32\drivers\watchdog.sys
0x04345000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04352000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0435D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043A3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043B4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x043D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x043DD000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x043EF000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x04403000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0460B000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x04774000 \SystemRoot\System32\Drivers\a8745sd7.SYS
0x047B7000 \SystemRoot\System32\Drivers\a58wt2ci.SYS
0x04600000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x044F0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x04529000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04536000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04559000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04565000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x045A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045C4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0354F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x045DC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x045EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x035E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04608000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04800000 \SystemRoot\system32\DRIVERS\ks.sys
0x04834000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0483F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0484F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x0485A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x048A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x048B6000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x0492D000 \SystemRoot\system32\drivers\portcls.sys
0x04968000 \SystemRoot\system32\drivers\drmk.sys
0x0498B000 \SystemRoot\system32\drivers\ksthunk.sys
0x04991000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x049AD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x049AF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x049B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x049CA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x049D2000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x049E5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00FE9000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x049F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04E0B000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
0x053C0000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04EA9000 \SystemRoot\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
0x053F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04EBD000 \SystemRoot\System32\Drivers\Null.SYS
0x04EDC000 \SystemRoot\System32\drivers\vga.sys
0x04EEA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04F0F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04F18000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04F21000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04F2C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04F3D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04F46000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04F63000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
0x04FAF000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
0x04FBF000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
0x05005000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05049000 \SystemRoot\system32\DRIVERS\smb.sys
0x05064000 \SystemRoot\system32\drivers\afd.sys
0x050CF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x050ED000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x050F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x05107000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x05122000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0516F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0517B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100730.001\IDSvia64.sys
0x0540E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x05484000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x054A9000 \SystemRoot\system32\drivers\csc.sys
0x0551F000 \SystemRoot\System32\Drivers\dfsc.sys
0x0553C000 \SystemRoot\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
0x05604000 \SystemRoot\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
0x0565B000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x05662000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05670000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0567A000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x0569C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x056AF000 \SystemRoot\System32\drivers\Dxapi.sys
0x056BB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x056CE000 \SystemRoot\system32\drivers\luafv.sys
0x056F0000 \SystemRoot\system32\drivers\spsys.sys
0x0578A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0579E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0A007000 \SystemRoot\system32\drivers\HTTP.sys
0x0A0AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0A0D3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0A0F1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A10B000 \SystemRoot\system32\drivers\mrxdav.sys
0x0A132000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A15B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A1A4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A1C3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A200000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A295000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x0A2E4000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x0A2F1000 \SystemRoot\system32\drivers\peauth.sys
0x0A3A7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A3B2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A3C2000 \??\C:\Windows\nvoclk64.sys
0x0A3D0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05200000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100801.003\EX64.SYS
0x057B6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100801.003\ENG64.SYS
0x03400000 \SystemRoot\System32\Drivers\fastfat.SYS
0x776D0000 \Windows\System32\ntdll.dll

Processes (total 88):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
520 csrss.exe
572 C:\Windows\System32\wininit.exe
580 csrss.exe
632 C:\Windows\System32\winlogon.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
220 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
652 C:\Windows\System32\audiodg.exe
888 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\SLsvc.exe
1064 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\nvvsvc.exe
1228 C:\Windows\System32\svchost.exe
1340 C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
1544 C:\Windows\System32\dwm.exe
1576 C:\Windows\explorer.exe
1792 C:\Windows\System32\spoolsv.exe
1800 C:\Windows\System32\taskeng.exe
1832 C:\Windows\System32\svchost.exe
1980 C:\Program Files (x86)\ASUS\AASP\1.00.33\aaCenter.exe
2036 C:\Windows\WindowsMobile\wmdSync.exe
2044 C:\Program Files\Windows Sidebar\sidebar.exe
1424 C:\Program Files\Windows Sidebar\sidebar.exe
732 C:\Windows\ehome\ehtray.exe
476 C:\Windows\System32\mobsync.exe
2124 C:\Windows\System32\AEADISRV.EXE
2176 C:\Windows\System32\svchost.exe
2212 D:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
2328 C:\Windows\ehome\ehmsas.exe
2380 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2516 C:\Windows\SysWOW64\lkcitdl.exe
2640 C:\Windows\SysWOW64\lkads.exe
2656 C:\Windows\SysWOW64\lktsrv.exe
2668 C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
2704 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2828 C:\Windows\System32\svchost.exe
2840 C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
2856 C:\Windows\SysWOW64\nisvcloc.exe
2936 C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
2984 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
2060 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
896 C:\Windows\System32\svchost.exe
2248 C:\Windows\SysWOW64\PnkBstrA.exe
212 C:\Windows\System32\svchost.exe
2112 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2500 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3120 C:\Windows\System32\svchost.exe
3160 C:\Windows\System32\svchost.exe
3220 C:\Windows\System32\SearchIndexer.exe
3536 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
3612 dllhost.exe
3764 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3776 C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
3788 C:\Program Files\Logitech\SetPoint II\SetPointII.exe
3812 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
3872 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3896 C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
3916 C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
3968 C:\Windows\System32\svchost.exe
940 C:\Program Files\Windows Media Player\wmpnscfg.exe
3980 C:\Program Files\Windows Media Player\wmpnetwk.exe
4360 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
4640 C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe
4936 C:\Windows\System32\taskeng.exe
4780 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4304 C:\Users\Conor\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
3240 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2292 C:\Windows\System32\taskmgr.exe
3204 C:\Windows\System32\svchost.exe
4000 C:\Program Files (x86)\EVEMon\EVEMon.exe
2132 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5972 C:\Windows\System32\wuauclt.exe
4648 C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
5672 WmiPrvSE.exe
4456 taskeng.exe
4608 C:\Windows\System32\SearchProtocolHost.exe
5968 C:\Windows\System32\SearchFilterHost.exe
3880 C:\Windows\explorer.exe
5884 C:\Users\Conor\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD161HJ, Rev: JF10
PhysicalDrive1 Model Number: WDC WD1001FALS-00E8B, Rev: 05.0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:46 PM

Posted 02 August 2010 - 02:26 PM

Good evening. smile.gif

You're good to go. No sign of any MBR manipulation.

So long, and thanks for all the fish.

 

 


#7 Conorkc

Conorkc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 03 August 2010 - 06:07 AM

Thanks a million for looking into this for me!

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:46 PM

Posted 03 August 2010 - 02:48 PM

Good evening. smile.gif

Always a pleasure. Just as an afterthought:

Free anti-virus programs.
AVG Free Edition: Available here.
avast! 4 Home Edition: Available here
AntiVir Personal Edition Classic : Available here

Free firewalls.
Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

The rule is one AV and one firewall at a time to avoid conflictions. There are other free options to those above, but i've played with them all at one time or another and didn't have any issues to speak off.


So long, and thanks for all the fish.

 

 


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:46 PM

Posted 08 August 2010 - 03:45 PM

As this issue appears to have been resolved this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users