Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous Trojans Detected


  • Please log in to reply
8 replies to this topic

#1 infected mqan

infected mqan

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:definitely somewhere
  • Local time:12:51 PM

Posted 25 June 2011 - 09:16 AM

Hello all,
I'm back with another old infected pc of mine.(HP Pavilion a530n; XP Home - SP3) I'll start with what I have done so far:
First plugged in my PC, I decided it would be easiest to just do a Destructive Restore(I thought this was a complete reformat?).
After the Destructive Reformat; I updated Windows to sp3, and did all the Windows Updates that were prompted.
After that I installed Avira, Mbam & SAS. And I then ran them, in that order.
The Avira scan found 8 trojans.
MBAM didn't find anything.
SAS found some spyware traces.
After those 3, I decided to run ESET Online Scanner- and then that found 3 trojans.
Then installed Hitman Pro; scanned and removed cookies.

So that is what I have done so far, I don't know what to do at this point. For some reason I think the PC is still infected. Any help would be greatly appreciated!

Kindest Regards,
Mitch

Edited by infected mqan, 25 June 2011 - 02:27 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:51 PM

Posted 25 June 2011 - 07:35 PM

Hi Mitch,can you find the Avira and ESET logs to post?

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.


AVIRA
Right click tray icon,select start Antivir
Left Pane click REports
Highlight(click on) the report you want
Click on the 2nd icon to display log (left of printer icon)
Clock CTRL+A(selects all of log, CTRL+C copies it then CTRL+V to paste it
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 infected mqan

infected mqan
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:definitely somewhere
  • Local time:12:51 PM

Posted 25 June 2011 - 07:46 PM

Hello Boopme,
as requested:

ESET
SmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=efc9373b07cd564e975edede55103a90
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-25 02:08:02
# local_time=2011-06-25 09:08:02 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 0 44598433 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67764
# found=3
# cleaned=3
# scan_time=2201
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


-----------


Avira AntiVir Personal
Report file date: Saturday, June 25, 2011 01:43

Scanning for 2825893 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-AT5QGAAC3Z

Version information:
BUILD.DAT : 10.0.0.650 31822 Bytes 6/17/2011 15:43:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 6/17/2011 17:36:21
AVSCAN.DLL : 10.0.3.0 46440 Bytes 6/17/2011 17:37:04
LUKE.DLL : 10.0.3.2 104296 Bytes 6/17/2011 17:36:49
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 12:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 12:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 17:36:57
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 17:18:22
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 17:18:22
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 17:18:22
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 17:18:23
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 17:18:23
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 17:18:23
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 17:18:23
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 17:18:23
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 17:18:23
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 06:49:15
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 20:10:35
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 20:39:56
VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 19:44:57
VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 12:03:40
VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 21:53:41
VBASE019.VDF : 7.11.9.172 141824 Bytes 6/14/2011 11:29:55
VBASE020.VDF : 7.11.9.214 144896 Bytes 6/15/2011 21:32:34
VBASE021.VDF : 7.11.9.244 196608 Bytes 6/16/2011 22:51:31
VBASE022.VDF : 7.11.10.28 152576 Bytes 6/20/2011 05:34:51
VBASE023.VDF : 7.11.10.53 210432 Bytes 6/21/2011 05:34:52
VBASE024.VDF : 7.11.10.88 132096 Bytes 6/24/2011 05:34:53
VBASE025.VDF : 7.11.10.89 2048 Bytes 6/24/2011 05:34:53
VBASE026.VDF : 7.11.10.90 2048 Bytes 6/24/2011 05:34:54
VBASE027.VDF : 7.11.10.91 2048 Bytes 6/24/2011 05:34:54
VBASE028.VDF : 7.11.10.92 2048 Bytes 6/24/2011 05:34:54
VBASE029.VDF : 7.11.10.93 2048 Bytes 6/24/2011 05:34:54
VBASE030.VDF : 7.11.10.94 2048 Bytes 6/24/2011 05:34:54
VBASE031.VDF : 7.11.10.104 52224 Bytes 6/24/2011 05:34:55
Engineversion : 8.2.5.24
AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 12:53:28
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/16/2011 05:54:00
AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 12:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 6/16/2011 05:54:00
AERDL.DLL : 8.1.9.9 639347 Bytes 6/17/2011 17:36:10
AEPACK.DLL : 8.2.6.9 557429 Bytes 6/16/2011 05:54:00
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/16/2011 05:54:00
AEHEUR.DLL : 8.1.2.132 3567992 Bytes 6/25/2011 05:35:04
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/16/2011 05:54:00
AEGEN.DLL : 8.1.5.6 401780 Bytes 6/16/2011 05:54:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 12:53:14
AECORE.DLL : 8.1.21.1 196983 Bytes 6/16/2011 05:54:00
AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 12:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 12:53:36
AVPREF.DLL : 10.0.0.0 44904 Bytes 6/17/2011 17:36:20
AVREP.DLL : 10.0.0.10 174120 Bytes 6/25/2011 05:35:04
AVREG.DLL : 10.0.3.2 53096 Bytes 6/17/2011 17:36:20
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 6/17/2011 17:36:21
AVARKT.DLL : 10.0.22.6 231784 Bytes 6/17/2011 17:36:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 6/17/2011 17:36:18
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 12:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 12:53:46
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 6/17/2011 17:37:06
RCTEXT.DLL : 10.0.58.0 97128 Bytes 6/17/2011 17:37:06

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4e3d5a6f\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Saturday, June 25, 2011 01:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'BackWeb-137903.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'mmtask.exe' - '1' Module(s) have been scanned
Scan process 'shwicon2k.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'KBD.EXE' - '1' Module(s) have been scanned
Scan process 'hphmon05.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011055.exe'
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011055.exe
[DETECTION] Is the TR/Emuni.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '4cc422d9.qua'.
Begin scan in 'C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011056.exe'
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011056.exe
[DETECTION] Is the TR/Emuni.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '54530d7e.qua'.
Begin scan in 'C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011057.exe'
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011057.exe
[DETECTION] Is the TR/Emuni.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '060c5796.qua'.
Begin scan in 'C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011058.exe'
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011058.exe
[DETECTION] Is the TR/Emuni.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '603b1854.qua'.
Begin scan in 'C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011059.exe'
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011059.exe
[DETECTION] Is the TR/Emuni.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '25bf356a.qua'.
Begin scan in 'C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011060.exe'
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011060.exe
[DETECTION] Is the TR/Emuni.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '5aa4070b.qua'.
Begin scan in 'C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011061.exe'
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011061.exe
[DETECTION] Is the TR/Emuni.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '161c2b41.qua'.


End of the scan: Saturday, June 25, 2011 01:43
Used time: 00:14 Minute(s)

The scan has been done completely.

0 Scanned directories
37 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
30 Files not concerned
0 Archives were scanned
0 Warnings
7 Notes


The scan results will be transferred to the Guard.
------------


Avira AntiVir Personal
Report file date: Saturday, June 25, 2011 01:42

Scanning for 2825893 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-AT5QGAAC3Z

Version information:
BUILD.DAT : 10.0.0.650 31822 Bytes 6/17/2011 15:43:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 6/17/2011 17:36:21
AVSCAN.DLL : 10.0.3.0 46440 Bytes 6/17/2011 17:37:04
LUKE.DLL : 10.0.3.2 104296 Bytes 6/17/2011 17:36:49
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 12:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 12:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 17:36:57
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 17:18:22
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 17:18:22
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 17:18:22
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 17:18:23
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 17:18:23
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 17:18:23
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 17:18:23
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 17:18:23
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 17:18:23
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 06:49:15
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 20:10:35
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 20:39:56
VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 19:44:57
VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 12:03:40
VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 21:53:41
VBASE019.VDF : 7.11.9.172 141824 Bytes 6/14/2011 11:29:55
VBASE020.VDF : 7.11.9.214 144896 Bytes 6/15/2011 21:32:34
VBASE021.VDF : 7.11.9.244 196608 Bytes 6/16/2011 22:51:31
VBASE022.VDF : 7.11.10.28 152576 Bytes 6/20/2011 05:34:51
VBASE023.VDF : 7.11.10.53 210432 Bytes 6/21/2011 05:34:52
VBASE024.VDF : 7.11.10.88 132096 Bytes 6/24/2011 05:34:53
VBASE025.VDF : 7.11.10.89 2048 Bytes 6/24/2011 05:34:53
VBASE026.VDF : 7.11.10.90 2048 Bytes 6/24/2011 05:34:54
VBASE027.VDF : 7.11.10.91 2048 Bytes 6/24/2011 05:34:54
VBASE028.VDF : 7.11.10.92 2048 Bytes 6/24/2011 05:34:54
VBASE029.VDF : 7.11.10.93 2048 Bytes 6/24/2011 05:34:54
VBASE030.VDF : 7.11.10.94 2048 Bytes 6/24/2011 05:34:54
VBASE031.VDF : 7.11.10.104 52224 Bytes 6/24/2011 05:34:55
Engineversion : 8.2.5.24
AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 12:53:28
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/16/2011 05:54:00
AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 12:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 6/16/2011 05:54:00
AERDL.DLL : 8.1.9.9 639347 Bytes 6/17/2011 17:36:10
AEPACK.DLL : 8.2.6.9 557429 Bytes 6/16/2011 05:54:00
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/16/2011 05:54:00
AEHEUR.DLL : 8.1.2.132 3567992 Bytes 6/25/2011 05:35:04
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/16/2011 05:54:00
AEGEN.DLL : 8.1.5.6 401780 Bytes 6/16/2011 05:54:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 12:53:14
AECORE.DLL : 8.1.21.1 196983 Bytes 6/16/2011 05:54:00
AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 12:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 12:53:36
AVPREF.DLL : 10.0.0.0 44904 Bytes 6/17/2011 17:36:20
AVREP.DLL : 10.0.0.10 174120 Bytes 6/25/2011 05:35:04
AVREG.DLL : 10.0.3.2 53096 Bytes 6/17/2011 17:36:20
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 6/17/2011 17:36:21
AVARKT.DLL : 10.0.22.6 231784 Bytes 6/17/2011 17:36:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 6/17/2011 17:36:18
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 12:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 12:53:46
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 6/17/2011 17:37:06
RCTEXT.DLL : 10.0.58.0 97128 Bytes 6/17/2011 17:37:06

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4e3d5a6f\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Saturday, June 25, 2011 01:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'BackWeb-137903.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'mmtask.exe' - '1' Module(s) have been scanned
Scan process 'shwicon2k.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'KBD.EXE' - '1' Module(s) have been scanned
Scan process 'hphmon05.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011054.exe'
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP19\A0011054.exe
[DETECTION] Is the TR/Emuni.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '4cc422f0.qua'.


End of the scan: Saturday, June 25, 2011 01:42
Used time: 00:15 Minute(s)

The scan has been done completely.

0 Scanned directories
31 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
30 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

Edited by infected mqan, 25 June 2011 - 07:46 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:51 PM

Posted 25 June 2011 - 08:11 PM

Not bad, no info stealers or backdoors. How is this puppy running now?

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Check for rootkits
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 infected mqan

infected mqan
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:definitely somewhere
  • Local time:12:51 PM

Posted 25 June 2011 - 08:33 PM

Not bad, no info stealers or backdoors

Good to hear!!

How is this puppy running now?

Didn't get to see how it was running while infected. I just grabbed the PC from my garage, and started repairing it:\ Seems to be working alright.

Run TFC by OT

done.

as requested:
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4325376 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 53.05 )
0xF80A9000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2281472 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7D92000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1536000 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 53.05 )
0xF7F2C000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1269760 bytes (Agere Systems, SoftModem Device Driver)
0xF839D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6975000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7C30000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF6A7C000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF3EE0000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF3C6F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF84F6000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF43AB000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8370000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF69E5000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6A54000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6901000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF694F000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF683D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF8085000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF82D6000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF848B000 fasttx2k.sys 143360 bytes (Promise Technology, Inc., Promise FastTrak Series Driver for WindowsXP)
0xF8062000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6A32000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF6A10000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8453000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84C6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8356000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF84AE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF6825000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8473000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF842A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7CC7000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF5658000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xF4396000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF82FA000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7D7E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF6AD5000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8441000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84E5000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7CB6000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF3FF0000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8865000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF87A5000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8685000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8805000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF87E5000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF8835000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8875000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF5538000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8715000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8695000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8885000 C:\WINDOWS\System32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF8825000 C:\WINDOWS\System32\DRIVERS\NVENET.sys 57344 bytes (NVIDIA Corporation, NVIDIA nForce MCP Networking Driver.)
0xF8665000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8815000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8895000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8645000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF86D5000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8765000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8845000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8635000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF86C5000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8625000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8705000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8675000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0xF86F5000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8855000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF3E68000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8655000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF86E5000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8735000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF87D5000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8975000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF89BD000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF896D000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF894D000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF88A5000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF89E5000 C:\WINDOWS\System32\Drivers\sunkfilt.sys 28672 bytes (Alcor Micro Corp., SunkFilt)
0xF89ED000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF88BD000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
0xF8955000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF895D000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88C5000 nv_agp.sys 24576 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)
0xF89CD000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF89C5000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF89AD000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF899D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF89B5000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF88AD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF898D000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF88B5000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8995000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF897D000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8965000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF89F5000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8B11000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF5689000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8AED000 C:\WINDOWS\System32\DRIVERS\PS2.sys 16384 bytes (Hewlett-Packard Company, PS2 SYS)
0xF8AE9000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8A35000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7C96000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8B01000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF831A000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF830E000 C:\WINDOWS\System32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF8312000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF8B4D000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8B45000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B59000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8B43000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8B25000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B47000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8BD9000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8B49000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B39000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B3B000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8B27000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C49000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8CA3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8D50000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8BED000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

sidenote: for some reason RKunhooker didn't save the log as a .txt (I had to chose notepad .. Open With>Notepad)



Regards,
Mitch

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:51 PM

Posted 25 June 2011 - 08:40 PM

Looks good
What version of JAVA,if any, is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).

Same with Adobe

You may also want to run Secunia PSI
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector


EDITHow do I clear my web browser's cache, cookies, and history? :

Edited by boopme, 25 June 2011 - 08:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 infected mqan

infected mqan
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:definitely somewhere
  • Local time:12:51 PM

Posted 25 June 2011 - 08:48 PM

I have already downloaded Secunia- updated both Java and Adobe :D... (Learned about it from you, when you were helping me with my last PC :) )

So is it safe to say, I'm safe & secure?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:51 PM

Posted 25 June 2011 - 08:54 PM

looks good to me.. set a new restore point when you finished updating...
HAPPY SURFING
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 infected mqan

infected mqan
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:definitely somewhere
  • Local time:12:51 PM

Posted 25 June 2011 - 08:59 PM

Thank you sir! Never fail to help me :D

Take care!!

Kindest Regards,
Mitch




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users