Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MRT.exe and SYK.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 Twisted Firestarter

Twisted Firestarter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:tampa
  • Local time:12:09 PM

Posted 10 November 2010 - 06:17 PM

Hello,

I recently got infected with some virus I suppose. When I check the Task Manager , I saw the above exe's eating up 50% of CPU.Can you please help how can I get this fixed?
When I do google search and click any search result it takes me to some other page everytime.Please helplppp

Attaching the results of the tool.

DDS.txt

DDS (Ver_10-11-10.01) - NTFSx86
Run by Nitin at 18:23:40.10 on Wed 11/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.986 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe 4
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
svchost.exe 4
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\OEM02Mon.exe
C:\Documents and Settings\Nitin\My Documents\Downloads\gAlwaysIdle\gidle.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Flovaa.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Nitin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\DOCUME~1\Nitin\LOCALS~1\Temp\Fkx.exe
C:\Documents and Settings\Nitin\Desktop\Virus beater\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\documents and settings\nitin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OpenCandyReminder] "c:\documents and settings\nitin\application data\opencandy\opencandy_57f21988064c4466bbe237f7a112146b\OCReminder.exe" /RUNSTARTUP
uRun: [U36VRSFLG6] c:\docume~1\nitin\locals~1\temp\Fkx.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [gidle] "c:\documents and settings\nitin\my documents\downloads\galwaysidle\gidle.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [RegGenie Scheduler] c:\program files\reggenie\RegGenieScheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ttgrkoby] c:\documents and settings\localservice\local settings\application data\xkkaawsvp\cvjhuygtssd.exe
StartupFolder: c:\docume~1\nitin\startm~1\programs\startup\winmys~1.lnk - c:\xampp\mysql\bin\winmysqladmin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoMultiIE = 0 (0x0)
uPolicies-explorer: LWA = 0 (0x0)
uPolicies-explorer: LWB = 0 (0x0)
uPolicies-explorer: LWC = 0 (0x0)
uPolicies-explorer: LWD = 0 (0x0)
uPolicies-explorer: LWE = 0 (0x0)
uPolicies-explorer: LWF = 0 (0x0)
uPolicies-explorer: LWG = 0 (0x0)
uPolicies-explorer: LWH = 0 (0x0)
uPolicies-explorer: LWI = 0 (0x0)
uPolicies-explorer: LWJ = 0 (0x0)
uPolicies-explorer: LWK = 0 (0x0)
uPolicies-explorer: LWL = 0 (0x0)
uPolicies-explorer: LWM = 0 (0x0)
uPolicies-explorer: LWN = 0 (0x0)
uPolicies-explorer: LWO = 0 (0x0)
uPolicies-explorer: LWP = 0 (0x0)
uPolicies-explorer: LWQ = 0 (0x0)
uPolicies-explorer: LWR = 0 (0x0)
uPolicies-explorer: LWS = 0 (0x0)
uPolicies-explorer: LWT = 0 (0x0)
uPolicies-explorer: LWU = 0 (0x0)
uPolicies-explorer: LWV = 0 (0x0)
uPolicies-explorer: LWW = 0 (0x0)
uPolicies-explorer: LWX = 0 (0x0)
uPolicies-explorer: LWY = 0 (0x0)
uPolicies-explorer: LWZ = 0 (0x0)
uPolicies-system: DisableClock = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} - hxxps://chat.tcs.com/sametime/javaconnect/STUrlConLoader.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/wireless/bin/sysreqlab_srlx.cab
DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} - hxxps://chat.tcs.com/sametime/javaconnect/STAutoAwayLoader.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inmumm08.tcs.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
SSODL: Maxegdos - {98ABC659-E79A-48AC-B7ED-716BFFD564B1} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nitin\applic~1\mozilla\firefox\profiles\tou0lgfe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\nitin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\nitin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\nitin\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-9 24636]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82696]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-8-14 104456]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-8 105984]
S2 dwmyumdf;IPX Traffic Filter Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-5 133104]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.cfxxe" exec /i "c:\combofix\regt.cfxxe" /s "c:\combofix\cregb.dat" --> c:\combofix\PEV.cfxxe [?]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-11-10 23:00:39 225280 ----a-w- c:\windows\Flovaa.exe
2010-11-10 23:00:28 270336 ----a-w- c:\windows\system32\sshnas21.dll
2010-11-10 03:59:41 -------- d-----w- c:\program files\TuneUpMedia
2010-11-10 03:59:38 -------- d-----w- c:\docume~1\nitin\applic~1\TuneUpMedia
2010-11-10 03:59:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUpMedia
2010-11-10 03:56:57 -------- d-----w- c:\docume~1\nitin\locals~1\applic~1\OpenCandy
2010-11-10 03:56:52 -------- d-----w- c:\docume~1\nitin\applic~1\OpenCandy
2010-11-10 03:56:49 -------- d-----w- c:\program files\WinSCP
2010-11-09 01:52:10 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-09 01:52:10 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-09 01:51:08 -------- d-----w- c:\program files\iPod
2010-11-09 01:51:05 -------- d-----w- c:\program files\iTunes
2010-11-09 01:51:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-09 01:48:20 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-11-09 01:48:20 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-11-09 01:47:57 -------- d-----w- c:\program files\Bonjour
2010-10-22 17:33:16 -------- d-----w- c:\docume~1\nitin\locals~1\applic~1\PageRage

==================== Find3M ====================

2010-11-10 05:13:12 81984 ----a-w- c:\windows\system32\bdod.bin
2010-09-24 16:12:46 80 --sh--r- c:\windows\system32\4DD5C2233F.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-17 03:53:01 133136 ----a-w- c:\windows\system32\bda336.tmp
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A798AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x8A787BD0]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; STD ; CLD ; CLD ; REP MOVSD ; NOP ; JMP

FAR 0x0:0x620; }
user != kernel MBR !!!

============= FINISH: 18:24:58.71 ===============



The GMER Scan is in progress.I will attached it once it is completed.

Guys , just an update.I tried Malware Bytes scan and it was able to remove the exe's successfully. Check the log below. I think am Virus free as of now.I will keep monitoring if something is still left out and inform if I need help.Thanks!!!


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5093

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/10/2010 8:04:54 PM
mbam-log-2010-11-10 (20-04-54).txt

Scan type: Quick scan
Objects scanned: 173690
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.FraudPack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Nitin\Local Settings\Temp\Fkx.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nitin\Local Settings\Temp\Fkv.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nitin\Local Settings\Temp\Fkw.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nitin\Local Settings\Temp\Fky.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Flovaa.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 11 November 2010 - 04:32 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:09 PM

Posted 17 November 2010 - 10:17 PM

Hello Twisted Firestarter ,

Posted Image

Sorry for the delay. :( Do you need help with this?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:09 PM

Posted 22 November 2010 - 11:52 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users