Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

get-answers-fast and gimmeanswers hijack


  • Please log in to reply
9 replies to this topic

#1 Nancy in NC

Nancy in NC

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 04 January 2012 - 01:13 PM

What a mess. I'm almost in tears. :'(

I've got a problem with a google redirect/hijack, and it seems to be getting worse. I'm afraid my computer is at risk, and it's my work computer. Ack.

What I've done:

Run malwarebytes
Run cc cleaner
Run registrybooster
Run gmer

I don't much about this kind of thing so I didn't know about your site until some of the things I tried did not work and I started looking elsewhere. I am sorry if what I have done has complicated the situation.

Here are the logs for malwarebytes and gmer. I'd be forever grateful for any help you can give.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8377

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2012 9:28:57 AM
mbam-log-2012-01-04 (09-28-57).txt

Scan type: Quick scan
Objects scanned: 248517
Time elapsed: 19 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
________________________________________________________________________________________________________



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-04 11:49:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 ST340014 rev.3.06
Running: 0re0lgtb.exe; Driver: C:\DOCUME~1\nancy\LOCALS~1\Temp\pxlirkog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF773787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7737C10]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwResumeThread 80578E76 1 Byte [CC] {INT 3 }
? jywhpmbt.sys The system cannot find the file specified. !
init C:\WINDOWS\System32\Drivers\ArcRec.SYS entry point in "init" section [0xF7C40138]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe[2284] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0051E6E5 C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (Icon in the taskbar notification area (F-PROT Antivirus)/FRISK Software International)
.text c:\program files\real\realplayer\RealPlay.exe[2944] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text c:\program files\real\realplayer\update\realsched.exe[5456] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\PROGRA~1\COMMON~1\MICROS~1\MODI\12.0\MSPOCRDC.EXE[5720] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs FStopW.sys (FPAV - RealTime Protector/FRISK Software International)

---- Threads - GMER 1.0.15 ----

Thread System [4:376] 85E9E161
Thread System [4:960] 859A6C30

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:21 AM

Posted 04 January 2012 - 06:59 PM

Welcome aboard Posted Image

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Nancy in NC

Nancy in NC
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 05 January 2012 - 07:17 AM

Thank you SO much for your help. This whole thing has been a mess. :(

Here is the log from TDSSKiller:

07:00:13.0508 5044 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
07:00:15.0524 5044 ============================================================
07:00:15.0524 5044 Current date / time: 2012/01/05 07:00:15.0524
07:00:15.0524 5044 SystemInfo:
07:00:15.0524 5044
07:00:15.0524 5044 OS Version: 5.1.2600 ServicePack: 3.0
07:00:15.0524 5044 Product type: Workstation
07:00:15.0524 5044 ComputerName: ACCOUNTING1
07:00:15.0524 5044 UserName: nancy
07:00:15.0524 5044 Windows directory: C:\WINDOWS
07:00:15.0524 5044 System windows directory: C:\WINDOWS
07:00:15.0524 5044 Processor architecture: Intel x86
07:00:15.0524 5044 Number of processors: 1
07:00:15.0524 5044 Page size: 0x1000
07:00:15.0524 5044 Boot type: Normal boot
07:00:15.0524 5044 ============================================================
07:00:16.0399 5044 Initialize success
07:00:20.0383 5636 ============================================================
07:00:20.0383 5636 Scan started
07:00:20.0383 5636 Mode: Manual;
07:00:20.0383 5636 ============================================================
07:00:21.0055 5636 Abiosdsk - ok
07:00:21.0149 5636 abp480n5 - ok
07:00:21.0321 5636 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:00:21.0352 5636 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
07:00:21.0367 5636 ACPI ( Virus.Win32.Rloader.a ) - infected
07:00:21.0367 5636 ACPI - detected Virus.Win32.Rloader.a (0)
07:00:21.0508 5636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:00:21.0524 5636 ACPIEC - ok
07:00:21.0649 5636 adpu160m - ok
07:00:21.0742 5636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:00:21.0774 5636 aec - ok
07:00:21.0914 5636 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
07:00:21.0930 5636 Afc - ok
07:00:22.0039 5636 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:00:22.0071 5636 AFD - ok
07:00:22.0196 5636 Aha154x - ok
07:00:22.0274 5636 aic78u2 - ok
07:00:22.0336 5636 aic78xx - ok
07:00:22.0461 5636 AliIde - ok
07:00:22.0539 5636 amsint - ok
07:00:22.0680 5636 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
07:00:22.0727 5636 ArcCD - ok
07:00:22.0883 5636 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
07:00:22.0899 5636 ArcRec - ok
07:00:23.0055 5636 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
07:00:23.0117 5636 ArcUdfs - ok
07:00:23.0227 5636 asc - ok
07:00:23.0305 5636 asc3350p - ok
07:00:23.0383 5636 asc3550 - ok
07:00:23.0508 5636 AsyncMac - ok
07:00:23.0633 5636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:00:23.0664 5636 atapi - ok
07:00:23.0774 5636 Atdisk - ok
07:00:23.0883 5636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:00:23.0914 5636 Atmarpc - ok
07:00:24.0071 5636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:00:24.0086 5636 audstub - ok
07:00:24.0242 5636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:00:24.0242 5636 Beep - ok
07:00:24.0430 5636 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
07:00:24.0446 5636 BTCFilterService - ok
07:00:24.0602 5636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:00:24.0617 5636 cbidf2k - ok
07:00:24.0727 5636 cd20xrnt - ok
07:00:24.0852 5636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:00:24.0867 5636 Cdaudio - ok
07:00:24.0977 5636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:00:25.0008 5636 Cdfs - ok
07:00:25.0102 5636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:00:25.0133 5636 Cdrom - ok
07:00:25.0242 5636 Changer - ok
07:00:25.0367 5636 CmdIde - ok
07:00:25.0492 5636 Cpqarray - ok
07:00:25.0602 5636 dac2w2k - ok
07:00:25.0680 5636 dac960nt - ok
07:00:25.0852 5636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:00:25.0867 5636 Disk - ok
07:00:26.0039 5636 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:00:26.0164 5636 dmboot - ok
07:00:26.0305 5636 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:00:26.0321 5636 dmio - ok
07:00:26.0477 5636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:00:26.0492 5636 dmload - ok
07:00:26.0633 5636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:00:26.0649 5636 DMusic - ok
07:00:26.0789 5636 dpti2o - ok
07:00:26.0883 5636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:00:26.0899 5636 drmkaud - ok
07:00:27.0086 5636 E100B (fe9cb643a034285031502d3369e5a869) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:00:27.0117 5636 E100B - ok
07:00:27.0305 5636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:00:27.0321 5636 Fastfat - ok
07:00:27.0492 5636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:00:27.0508 5636 Fdc - ok
07:00:27.0633 5636 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:00:27.0680 5636 Fips - ok
07:00:27.0805 5636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:00:27.0821 5636 Flpydisk - ok
07:00:27.0961 5636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:00:28.0008 5636 FltMgr - ok
07:00:28.0227 5636 FPAV_RTP (ef259d5aeec9e590b143b0112b5efe49) C:\WINDOWS\system32\DRIVERS\FStopW.sys
07:00:28.0399 5636 FPAV_RTP - ok
07:00:28.0539 5636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:00:28.0571 5636 Fs_Rec - ok
07:00:28.0680 5636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:00:28.0711 5636 Ftdisk - ok
07:00:28.0852 5636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:00:28.0883 5636 GEARAspiWDM - ok
07:00:29.0024 5636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:00:29.0039 5636 Gpc - ok
07:00:29.0242 5636 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:00:29.0258 5636 HidUsb - ok
07:00:29.0383 5636 hpn - ok
07:00:29.0555 5636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:00:29.0602 5636 HTTP - ok
07:00:29.0742 5636 i2omgmt - ok
07:00:29.0821 5636 i2omp - ok
07:00:29.0977 5636 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:00:29.0992 5636 i8042prt - ok
07:00:30.0149 5636 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:00:30.0242 5636 ialm - ok
07:00:30.0555 5636 IdeBusDr (791f0829de88dd0ca77192f0dfad03b6) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
07:00:30.0586 5636 IdeBusDr - ok
07:00:30.0805 5636 IdeChnDr (7d2b8be9e89628663c1fb571f7c34062) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
07:00:30.0805 5636 IdeChnDr - ok
07:00:30.0930 5636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:00:30.0946 5636 Imapi - ok
07:00:31.0024 5636 ini910u - ok
07:00:31.0086 5636 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:00:31.0117 5636 IntelIde - ok
07:00:31.0196 5636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:00:31.0211 5636 Ip6Fw - ok
07:00:31.0367 5636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:00:31.0414 5636 IpFilterDriver - ok
07:00:31.0586 5636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:00:31.0602 5636 IpInIp - ok
07:00:31.0696 5636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:00:31.0742 5636 IpNat - ok
07:00:31.0852 5636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:00:31.0867 5636 IPSec - ok
07:00:31.0977 5636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:00:31.0992 5636 IRENUM - ok
07:00:32.0102 5636 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:00:32.0133 5636 isapnp - ok
07:00:32.0274 5636 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:00:32.0305 5636 Kbdclass - ok
07:00:32.0477 5636 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:00:32.0492 5636 kbdhid - ok
07:00:32.0617 5636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:00:32.0617 5636 kmixer - ok
07:00:32.0758 5636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:00:32.0774 5636 KSecDD - ok
07:00:32.0914 5636 Lbd (52320254d74ea11b6f129e7df1016975) C:\WINDOWS\system32\DRIVERS\Lbd.sys
07:00:32.0961 5636 Lbd - ok
07:00:33.0055 5636 lbrtfdc - ok
07:00:33.0196 5636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:00:33.0211 5636 mnmdd - ok
07:00:33.0321 5636 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:00:33.0336 5636 Modem - ok
07:00:33.0477 5636 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\WINDOWS\system32\DRIVERS\motccgp.sys
07:00:33.0508 5636 motccgp - ok
07:00:33.0664 5636 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
07:00:33.0680 5636 motccgpfl - ok
07:00:33.0805 5636 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
07:00:33.0836 5636 motmodem - ok
07:00:33.0961 5636 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
07:00:33.0977 5636 MotoSwitchService - ok
07:00:34.0117 5636 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
07:00:34.0133 5636 Motousbnet - ok
07:00:34.0274 5636 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
07:00:34.0289 5636 motusbdevice - ok
07:00:34.0430 5636 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:00:34.0446 5636 Mouclass - ok
07:00:34.0617 5636 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:00:34.0633 5636 mouhid - ok
07:00:34.0742 5636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:00:34.0758 5636 MountMgr - ok
07:00:34.0836 5636 mraid35x - ok
07:00:34.0961 5636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:00:34.0977 5636 MRxDAV - ok
07:00:35.0133 5636 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:00:35.0242 5636 MRxSmb - ok
07:00:35.0399 5636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:00:35.0414 5636 Msfs - ok
07:00:35.0555 5636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:00:35.0586 5636 MSKSSRV - ok
07:00:35.0696 5636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:00:35.0727 5636 MSPCLOCK - ok
07:00:35.0852 5636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:00:35.0883 5636 MSPQM - ok
07:00:36.0008 5636 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:00:36.0039 5636 mssmbios - ok
07:00:36.0196 5636 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:00:36.0242 5636 Mup - ok
07:00:36.0399 5636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:00:36.0430 5636 NDIS - ok
07:00:36.0586 5636 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:00:36.0617 5636 NdisTapi - ok
07:00:36.0758 5636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:00:36.0774 5636 Ndisuio - ok
07:00:36.0883 5636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:00:36.0914 5636 NdisWan - ok
07:00:37.0055 5636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:00:37.0086 5636 NDProxy - ok
07:00:37.0211 5636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:00:37.0242 5636 NetBIOS - ok
07:00:37.0399 5636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:00:37.0430 5636 NetBT - ok
07:00:37.0586 5636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:00:37.0633 5636 Npfs - ok
07:00:37.0758 5636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:00:37.0883 5636 Ntfs - ok
07:00:38.0008 5636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:00:38.0039 5636 Null - ok
07:00:38.0180 5636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:00:38.0211 5636 NwlnkFlt - ok
07:00:38.0336 5636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:00:38.0352 5636 NwlnkFwd - ok
07:00:38.0586 5636 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:00:38.0602 5636 Parport - ok
07:00:38.0758 5636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:00:38.0774 5636 PartMgr - ok
07:00:38.0883 5636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:00:38.0899 5636 ParVdm - ok
07:00:39.0008 5636 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:00:39.0055 5636 PCI - ok
07:00:39.0180 5636 PCIDump - ok
07:00:39.0289 5636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:00:39.0305 5636 PCIIde - ok
07:00:39.0430 5636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:00:39.0477 5636 Pcmcia - ok
07:00:39.0602 5636 PDCOMP - ok
07:00:39.0680 5636 PDFRAME - ok
07:00:39.0758 5636 PDRELI - ok
07:00:39.0836 5636 PDRFRAME - ok
07:00:39.0914 5636 perc2 - ok
07:00:40.0055 5636 perc2hib - ok
07:00:40.0164 5636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:00:40.0180 5636 PptpMiniport - ok
07:00:40.0258 5636 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
07:00:40.0305 5636 Processor - ok
07:00:40.0446 5636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:00:40.0461 5636 PSched - ok
07:00:40.0571 5636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:00:40.0742 5636 Ptilink - ok
07:00:40.0821 5636 ql1080 - ok
07:00:40.0899 5636 Ql10wnt - ok
07:00:40.0961 5636 ql12160 - ok
07:00:41.0024 5636 ql1240 - ok
07:00:41.0117 5636 ql1280 - ok
07:00:41.0211 5636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:00:41.0227 5636 RasAcd - ok
07:00:41.0383 5636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:00:41.0399 5636 Rasl2tp - ok
07:00:41.0555 5636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:00:41.0571 5636 RasPppoe - ok
07:00:41.0696 5636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:00:41.0711 5636 Raspti - ok
07:00:41.0821 5636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:00:41.0836 5636 Rdbss - ok
07:00:41.0977 5636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:00:41.0992 5636 RDPCDD - ok
07:00:42.0102 5636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:00:42.0180 5636 rdpdr - ok
07:00:42.0352 5636 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:00:42.0399 5636 RDPWD - ok
07:00:42.0524 5636 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:00:42.0539 5636 redbook - ok
07:00:42.0742 5636 SC1BLPT - ok
07:00:42.0867 5636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:00:42.0883 5636 Secdrv - ok
07:00:43.0024 5636 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:00:43.0039 5636 serenum - ok
07:00:43.0149 5636 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:00:43.0164 5636 Serial - ok
07:00:43.0321 5636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:00:43.0336 5636 Sfloppy - ok
07:00:43.0477 5636 Simbad - ok
07:00:43.0555 5636 Sparrow - ok
07:00:43.0649 5636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:00:43.0664 5636 splitter - ok
07:00:43.0805 5636 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:00:43.0821 5636 sr - ok
07:00:43.0992 5636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:00:44.0086 5636 Srv - ok
07:00:44.0227 5636 STAC97 (37dcf0d0efa88b05d07cc6c46bdca797) C:\WINDOWS\system32\drivers\STAC97.sys
07:00:44.0274 5636 STAC97 - ok
07:00:44.0492 5636 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
07:00:44.0508 5636 StillCam - ok
07:00:44.0649 5636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:00:44.0664 5636 swenum - ok
07:00:44.0758 5636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:00:45.0133 5636 swmidi - ok
07:00:45.0242 5636 symc810 - ok
07:00:45.0321 5636 symc8xx - ok
07:00:45.0399 5636 sym_hi - ok
07:00:45.0461 5636 sym_u3 - ok
07:00:45.0571 5636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:00:45.0586 5636 sysaudio - ok
07:00:45.0758 5636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:00:45.0836 5636 Tcpip - ok
07:00:45.0992 5636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:00:46.0008 5636 TDPIPE - ok
07:00:46.0149 5636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:00:46.0164 5636 TDTCP - ok
07:00:46.0289 5636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:00:46.0321 5636 TermDD - ok
07:00:46.0461 5636 TosIde - ok
07:00:46.0571 5636 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
07:00:46.0617 5636 truecrypt - ok
07:00:46.0758 5636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:00:46.0789 5636 Udfs - ok
07:00:46.0899 5636 ultra - ok
07:00:47.0008 5636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:00:47.0086 5636 Update - ok
07:00:47.0258 5636 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:00:47.0274 5636 USBAAPL - ok
07:00:47.0414 5636 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:00:47.0430 5636 usbccgp - ok
07:00:47.0586 5636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:00:47.0602 5636 usbehci - ok
07:00:47.0727 5636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:00:47.0758 5636 usbhub - ok
07:00:47.0883 5636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:00:47.0899 5636 usbprint - ok
07:00:48.0024 5636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:00:48.0039 5636 usbscan - ok
07:00:48.0133 5636 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:00:48.0149 5636 USBSTOR - ok
07:00:48.0258 5636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:00:48.0274 5636 usbuhci - ok
07:00:48.0399 5636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:00:48.0430 5636 VgaSave - ok
07:00:48.0586 5636 ViaIde - ok
07:00:48.0680 5636 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:00:48.0711 5636 VolSnap - ok
07:00:48.0852 5636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:00:48.0867 5636 Wanarp - ok
07:00:49.0024 5636 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
07:00:49.0055 5636 wanatw - ok
07:00:49.0227 5636 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
07:00:49.0274 5636 WDC_SAM - ok
07:00:49.0477 5636 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
07:00:49.0586 5636 Wdf01000 - ok
07:00:49.0696 5636 WDICA - ok
07:00:49.0789 5636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:00:49.0821 5636 wdmaud - ok
07:00:50.0055 5636 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:00:50.0086 5636 WpdUsb - ok
07:00:50.0227 5636 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:00:50.0258 5636 WudfPf - ok
07:00:50.0586 5636 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
07:00:50.0649 5636 WUDFRd - ok
07:00:50.0821 5636 {6080A529-897E-4629-A488-ABA0C29B635E} (9b808527870ebae0b1dfb90ef3f861b9) C:\WINDOWS\system32\drivers\ialmsbw.sys
07:00:50.0836 5636 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
07:00:50.0961 5636 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dba29fe70d66f5a82c860894c91b42c7) C:\WINDOWS\system32\drivers\ialmkchw.sys
07:00:50.0992 5636 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
07:00:51.0024 5636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:00:51.0196 5636 \Device\Harddisk0\DR0 - ok
07:00:51.0211 5636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
07:00:51.0414 5636 \Device\Harddisk1\DR1 - ok
07:00:51.0446 5636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
07:00:51.0461 5636 \Device\Harddisk2\DR2 - ok
07:00:51.0508 5636 Boot (0x1200) (d9126b2fa8eaee3c33eb6d7a47146f9e) \Device\Harddisk0\DR0\Partition0
07:00:51.0524 5636 \Device\Harddisk0\DR0\Partition0 - ok
07:00:51.0571 5636 Boot (0x1200) (613132e05ee2871db2b5a69526750665) \Device\Harddisk1\DR1\Partition0
07:00:51.0571 5636 \Device\Harddisk1\DR1\Partition0 - ok
07:00:51.0586 5636 Boot (0x1200) (c98dbd62520821626f224e10831c6fef) \Device\Harddisk2\DR2\Partition0
07:00:51.0586 5636 \Device\Harddisk2\DR2\Partition0 - ok
07:00:51.0664 5636 Boot (0x1200) (1c89eb7b103c51fec96ee2bf69fc9109) \Device\Harddisk2\DR2\Partition1
07:00:51.0696 5636 \Device\Harddisk2\DR2\Partition1 - ok
07:00:51.0711 5636 ============================================================
07:00:51.0711 5636 Scan finished
07:00:51.0711 5636 ============================================================
07:00:51.0774 3408 Detected object count: 1
07:00:51.0774 3408 Actual detected object count: 1
07:01:53.0727 3408 Backup copy found, using it..
07:01:53.0836 3408 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
07:01:53.0836 3408 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
07:03:22.0008 1108 Deinitialize success

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:21 AM

Posted 05 January 2012 - 06:30 PM

Very well :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Nancy in NC

Nancy in NC
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 05 January 2012 - 07:23 PM

I am off until Monday, so I will do this as SOON as I walk in the door Mon. morning.

Thank you so very much. I can't tell you how much I appreciate this. Things seem much better already!

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:21 AM

Posted 05 January 2012 - 07:31 PM

Cool :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Nancy in NC

Nancy in NC
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 09 January 2012 - 08:07 AM

Good morning! :)

Thanks again for your help.

Here are the scan results/log from the aswmbr scan. (The one item was the only thing that appeared in red.)

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-09 07:15:43
-----------------------------
07:15:43.360 OS Version: Windows 5.1.2600 Service Pack 3
07:15:43.360 Number of processors: 1 586 0x103
07:15:43.360 ComputerName: ACCOUNTING1 UserName: nancy
07:15:44.110 Initialize success
07:18:46.813 AVAST engine defs: 12010900
07:19:18.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
07:19:18.516 Disk 0 Vendor: ST340014 3.06 Size: 38166MB BusType: 3
07:19:18.532 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0
07:19:18.532 Disk 1 Vendor: IBM-DJNA J76O Size: 12949MB BusType: 3
07:19:18.532 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0
07:19:18.532 Disk 2 Vendor: ST320082 3.01 Size: 190782MB BusType: 3
07:19:18.563 Disk 0 MBR read successfully
07:19:18.563 Disk 0 MBR scan
07:19:18.626 Disk 0 Windows XP default MBR code
07:19:18.641 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
07:19:18.657 Disk 0 scanning sectors +78140160
07:19:18.782 Disk 0 scanning C:\WINDOWS\system32\drivers
07:19:59.157 Service scanning
07:20:06.282 Modules scanning
07:20:32.329 Disk 0 trace - called modules:
07:20:32.360 ntoskrnl.exe CLASSPNP.SYS disk.sys tsk1975.tmp hal.dll IdeChnDr.sys
07:20:32.360 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8f3d8]
07:20:32.360 3 CLASSPNP.SYS[f7717fd7] -> nt!IofCallDriver -> \Device\00000059[0x86f35440]
07:20:32.360 5 tsk1975.tmp[f7678620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x86f91030]
07:20:33.235 AVAST engine scan C:\WINDOWS
07:21:19.251 AVAST engine scan C:\WINDOWS\system32
07:30:49.688 AVAST engine scan C:\WINDOWS\system32\drivers
07:32:00.063 AVAST engine scan C:\Documents and Settings\nancy
07:35:40.485 File: C:\Documents and Settings\nancy\Local Settings\Temp\jar_cache7555403577668522089.tmp **INFECTED** Win32:FakeAlert-BPE [Trj]
07:47:11.501 AVAST engine scan C:\Documents and Settings\All Users
07:49:36.766 Scan finished successfully
08:04:22.579 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nancy\My Documents\My Scans\MBR.dat"
08:04:22.595 The log file has been saved successfully to "C:\Documents and Settings\nancy\My Documents\My Scans\aswMBR.txt"

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:21 AM

Posted 09 January 2012 - 10:43 AM

Clear Java cache as described here: http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml

Post new aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Nancy in NC

Nancy in NC
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 09 January 2012 - 02:00 PM

I did clear the cache as instructed, but the scan is still showing the same item (see below).

Two things...

I did not click on the "fix" button after the scan because I did not want to do anything you did not ask me to, and
I do see the file that is noted as infected in the location specified

Just let me know if I should hit any of the fix buttons next time or try to delete that file...
Thanks!
Nancy

Here's the latest scan log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-09 07:15:43
-----------------------------
07:15:43.360 OS Version: Windows 5.1.2600 Service Pack 3
07:15:43.360 Number of processors: 1 586 0x103
07:15:43.360 ComputerName: ACCOUNTING1 UserName: nancy
07:15:44.110 Initialize success
07:18:46.813 AVAST engine defs: 12010900
07:19:18.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
07:19:18.516 Disk 0 Vendor: ST340014 3.06 Size: 38166MB BusType: 3
07:19:18.532 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0
07:19:18.532 Disk 1 Vendor: IBM-DJNA J76O Size: 12949MB BusType: 3
07:19:18.532 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0
07:19:18.532 Disk 2 Vendor: ST320082 3.01 Size: 190782MB BusType: 3
07:19:18.563 Disk 0 MBR read successfully
07:19:18.563 Disk 0 MBR scan
07:19:18.626 Disk 0 Windows XP default MBR code
07:19:18.641 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
07:19:18.657 Disk 0 scanning sectors +78140160
07:19:18.782 Disk 0 scanning C:\WINDOWS\system32\drivers
07:19:59.157 Service scanning
07:20:06.282 Modules scanning
07:20:32.329 Disk 0 trace - called modules:
07:20:32.360 ntoskrnl.exe CLASSPNP.SYS disk.sys tsk1975.tmp hal.dll IdeChnDr.sys
07:20:32.360 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8f3d8]
07:20:32.360 3 CLASSPNP.SYS[f7717fd7] -> nt!IofCallDriver -> \Device\00000059[0x86f35440]
07:20:32.360 5 tsk1975.tmp[f7678620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x86f91030]
07:20:33.235 AVAST engine scan C:\WINDOWS
07:21:19.251 AVAST engine scan C:\WINDOWS\system32
07:30:49.688 AVAST engine scan C:\WINDOWS\system32\drivers
07:32:00.063 AVAST engine scan C:\Documents and Settings\nancy
07:35:40.485 File: C:\Documents and Settings\nancy\Local Settings\Temp\jar_cache7555403577668522089.tmp **INFECTED** Win32:FakeAlert-BPE [Trj]
07:47:11.501 AVAST engine scan C:\Documents and Settings\All Users
07:49:36.766 Scan finished successfully
08:04:22.579 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nancy\My Documents\My Scans\MBR.dat"
08:04:22.595 The log file has been saved successfully to "C:\Documents and Settings\nancy\My Documents\My Scans\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-09 10:57:18
-----------------------------
10:57:18.532 OS Version: Windows 5.1.2600 Service Pack 3
10:57:18.532 Number of processors: 1 586 0x103
10:57:18.532 ComputerName: ACCOUNTING1 UserName: nancy
10:57:20.188 Initialize success
10:57:37.595 AVAST engine defs: 12010900
10:57:45.595 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
10:57:45.610 Disk 0 Vendor: ST340014 3.06 Size: 38166MB BusType: 3
10:57:45.610 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0
10:57:45.610 Disk 1 Vendor: IBM-DJNA J76O Size: 12949MB BusType: 3
10:57:45.610 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0
10:57:45.626 Disk 2 Vendor: ST320082 3.01 Size: 190782MB BusType: 3
10:57:45.657 Disk 0 MBR read successfully
10:57:45.673 Disk 0 MBR scan
10:57:45.704 Disk 0 Windows XP default MBR code
10:57:45.735 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
10:57:45.751 Disk 0 scanning sectors +78140160
10:57:45.876 Disk 0 scanning C:\WINDOWS\system32\drivers
10:58:41.876 Service scanning
10:58:46.266 Modules scanning
10:59:20.829 Disk 0 trace - called modules:
10:59:20.860 ntoskrnl.exe CLASSPNP.SYS disk.sys tsk1975.tmp hal.dll IdeChnDr.sys
10:59:20.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8f3d8]
10:59:20.860 3 CLASSPNP.SYS[f7717fd7] -> nt!IofCallDriver -> \Device\00000059[0x86f35440]
10:59:20.860 5 tsk1975.tmp[f7678620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x86f91030]
10:59:21.235 AVAST engine scan C:\WINDOWS
10:59:58.641 AVAST engine scan C:\WINDOWS\system32
11:10:29.891 AVAST engine scan C:\WINDOWS\system32\drivers
11:11:47.923 AVAST engine scan C:\Documents and Settings\nancy
11:16:58.673 File: C:\Documents and Settings\nancy\Local Settings\Temp\jar_cache7555403577668522089.tmp **INFECTED** Win32:FakeAlert-BPE [Trj]
11:31:13.813 AVAST engine scan C:\Documents and Settings\All Users
11:33:57.548 Scan finished successfully
13:58:04.282 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nancy\My Documents\My Scans\MBR.dat"
13:58:04.407 The log file has been saved successfully to "C:\Documents and Settings\nancy\My Documents\My Scans\aswMBR.txt"

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:21 AM

Posted 09 January 2012 - 02:12 PM

How is redirection?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users