Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked


  • Please log in to reply
11 replies to this topic

#1 BillErhard

BillErhard

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 19 January 2012 - 04:52 PM

For a few days my Firefox browser has been getting redirected to a scam site at http://9newstoday.net/hoj/hoj/index.html
I have Microsoft Security Essentials installed, and it has been removing two Trojans, Java/Jasapryt and JS/BlacoleRef.G but they keep coming back and getting removed. I think this may stem from a possibly hacked website I clicked a link to where the java console popped up, but disappeared before I could read what was going on.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:14 PM

Posted 19 January 2012 - 06:04 PM

Welcome aboard Posted Image

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

===========================================================================

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 BillErhard

BillErhard
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 19 January 2012 - 07:39 PM

While I was running the programs, Security Essentials removed one instance each of the same Trojans listed above.

While running Security Check I got an error message:

netsh.exe - Entry Point Not Found

The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic
link library MSWSOCK.dll


While running MiniToolBox I got the same error once, and the following error twice:

nslookup.exe - Ordinal Not Found

The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll


The logs are below

===========================================================================

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:15 on 19/01/2012 (Bill)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:39 25/10/2010]

C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\09kquszc.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:15 26/10/2010]

-=E.O.F=-

===========================================================================

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java DB 10.5.3.0
Java™ 6 Update 22
Java™ 6 Update 25
Java™ 7
Java™ SE Development Kit 6 Update 23
Java™ SE Development Kit 7
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

===========================================================================

Farbar Service Scanner Version: 18-01-2012 01
Ran by Bill (administrator) on 19-01-2012 at 18:20:56
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(10)
0x0B0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

===========================================================================

MiniToolBox by Farbar Version: 18-01-2012
Ran by Bill (administrator) on 19-01-2012 at 18:22:12
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : billdesktop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Flappy



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Flappy

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-12-3F-6C-6C-F1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::212:3fff:fe6c:6cf1%4

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 207.69.188.172

207.69.188.171

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Thursday, January 19, 2012 4:33:09 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : Flappy

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-02-05

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.5%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled



Pinging google.com [74.125.115.104] with 32 bytes of data:



Reply from 74.125.115.104: bytes=32 time=56ms TTL=53

Reply from 74.125.115.104: bytes=32 time=70ms TTL=53



Ping statistics for 74.125.115.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 70ms, Average = 63ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=42ms TTL=53

Reply from 209.191.122.70: bytes=32 time=42ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 42ms, Average = 42ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 6c 6c f1 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.5 192.168.2.5 20
192.168.2.0 255.255.255.0 192.168.2.5 192.168.2.5 20
192.168.2.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.5 192.168.2.5 20
224.0.0.0 240.0.0.0 192.168.2.5 192.168.2.5 20
255.255.255.255 255.255.255.255 192.168.2.5 192.168.2.5 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/19/2012 04:43:13 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/19/2012 04:10:46 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/19/2012 04:06:55 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/19/2012 04:06:53 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/19/2012 04:06:30 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/19/2012 04:06:28 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/19/2012 04:05:19 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/19/2012 04:05:00 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/19/2012 04:02:40 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/19/2012 04:02:37 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (01/19/2012 06:22:31 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:16 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:16 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:15 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:15 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/19/2012 06:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (01/19/2012 04:43:13 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/19/2012 04:10:46 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/19/2012 04:06:55 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/19/2012 04:06:53 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/19/2012 04:06:30 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/19/2012 04:06:28 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/19/2012 04:05:19 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/19/2012 04:05:00 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/19/2012 04:02:40 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/19/2012 04:02:37 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL


=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.0.16600)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.0) (Version: 10.1.0)
AIM 7
Alien Breed 2: Assault
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Assassin's Creed
Astonia3
Astonia35
Audacity 1.2.6
Bonjour (Version: 3.0.0.10)
Borderlands
Breath of Death VII
Brink
Broadcom Gigabit Integrated Controller (Version: 8.10.07)
CCleaner (Version: 3.14)
Core Temp 1.0 RC2 (Version: 1.0)
CPUID CPU-Z 1.58
CPUID HWMonitor 1.18
Cthulhu Saves the World
Curse Client (Version: 4.0.1.180)
Defense Grid: The Awakening
Diablo II
Diablo III Beta (Version: 0.5.1.8101)
Dragon Age: Origins
Dungeon Defenders Demo
Dungeons & Dragons Online : Eberron Unlimited v01.14.00.802 (Version: 01.14.00.8025)
Dungeons of Dredmor
Dwarfs!?
FL Studio 10
Fraps (remove only)
Google Talk (remove only)
Guild Wars
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)
iTunes (Version: 10.5.2.11)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Japanese Language Support
Java Auto Updater (Version: 2.1.5.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 25 (Version: 6.0.250)
Java™ 7 (Version: 7.0.0)
Java™ SE Development Kit 6 Update 23 (Version: 1.6.0.230)
Java™ SE Development Kit 7 (Version: 1.7.0.0)
Junk Mail filter update (Version: 14.0.8117.416)
LAME v3.98.3 for Audacity
League of Legends (Version: 1.0020)
League of Legends (Version: 1.02.0000)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework Client Profile (Version: 3.5)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XML Parser (Version: 8.70.1104.04)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
Nimbus
NVIDIA Control Panel 285.58 (Version: 285.58)
NVIDIA Graphics Driver 285.58 (Version: 285.58)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA nView 135.95 (Version: 135.95)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Oblivion mod manager 1.1.9
OpenOffice.org 3.3 (Version: 3.3.9567)
Orcs Must Die! Demo
Overlord
Overlord II
Overlord: Raising Hell
Plants vs. Zombies: Game of the Year
Python 2.7.1 (Version: 2.7.1150)
QuickTime (Version: 7.71.80.42)
Razer Krait (Version: 5.01)
Recettear: An Item Shop's Tale
Rise of Immortals
Safari (Version: 5.34.52.7)
Sanctum
Search Toolbar (Version: 1.2)
Segoe UI (Version: 14.0.4327.805)
Spiral Knights
StarCraft
StarCraft II (Version: 1.3.2.18317)
Steam (Version: 1.0.0.0)
Stellar Impact
Swords and Soldiers HD
Team Fortress 2
The Elder Scrolls IV: Oblivion
UE3Redist (Version: 1.00.0000)
Unity Web Player (Version: )
Unofficial Oblivion Patch v3.2.0 (Version: 3.2.0)
Ventrilo Client (Version: 3.0.8)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.00 beta 2 (32-bit) (Version: 4.00.2)
World of Logs Client
World of Tanks v.0.6.7
World of Warcraft (Version: 4.3.0.15050)
XSplit (Version: 1.0.1112.0503)
Yahoo! Detect
Zombie Shooter 2

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2046.09 MB
Available physical RAM: 1396.61 MB
Total Pagefile: 3938.15 MB
Available Pagefile: 3471.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.02 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:272.15 GB) NTFS
4 Drive e: (CAT4.0.0) (CDROM) (Total:7.72 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\BILLDESKTOP

Administrator ASPNET Bill
Guest HelpAssistant SUPPORT_388945a0
UpdatusUser


**** End of log ****


===========================================================================

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bill :: BILLDESKTOP [administrator]

1/19/2012 6:24:53 PM
mbam-log-2012-01-19 (18-24-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196990
Time elapsed: 12 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

===========================================================================

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 18:52:03
-----------------------------
18:52:03.453 OS Version: Windows 5.1.2600 Service Pack 3
18:52:03.453 Number of processors: 2 586 0x404
18:52:03.453 ComputerName: BILLDESKTOP UserName: Bill
18:52:04.828 Initialize success
18:53:04.312 AVAST engine defs: 12011902
18:53:19.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:53:19.734 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:53:19.734 Disk 0 MBR read successfully
18:53:19.750 Disk 0 MBR scan
18:53:19.812 Disk 0 Windows XP default MBR code
18:53:19.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
18:53:19.812 Disk 0 scanning sectors +976752000
18:53:19.890 Disk 0 scanning C:\WINDOWS\system32\drivers
18:53:32.578 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot-B [Rtk]
18:53:40.656 Disk 0 trace - called modules:
18:53:40.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88ce0ff0]<<
18:53:40.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x894c9ab8]
18:53:40.656 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8941e368]
18:53:40.656 \Driver\00001676[0x88f05838] -> IRP_MJ_CREATE -> 0x88ce0ff0
18:53:41.875 AVAST engine scan C:\WINDOWS
18:53:46.109 AVAST engine scan C:\WINDOWS\system32
18:56:51.250 AVAST engine scan C:\WINDOWS\system32\drivers
18:57:04.484 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot-B [Rtk]
18:57:22.734 AVAST engine scan C:\Documents and Settings\Bill
19:15:12.671 AVAST engine scan C:\Documents and Settings\All Users
19:20:04.609 Scan finished successfully
19:27:24.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bill\Desktop\MBR.dat"
19:27:24.718 The log file has been saved successfully to "C:\Documents and Settings\Bill\Desktop\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:14 PM

Posted 19 January 2012 - 08:25 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 BillErhard

BillErhard
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 19 January 2012 - 08:31 PM

20:27:26.0921 2076 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
20:27:27.0843 2076 ============================================================
20:27:27.0843 2076 Current date / time: 2012/01/19 20:27:27.0843
20:27:27.0843 2076 SystemInfo:
20:27:27.0843 2076
20:27:27.0843 2076 OS Version: 5.1.2600 ServicePack: 3.0
20:27:27.0843 2076 Product type: Workstation
20:27:27.0843 2076 ComputerName: BILLDESKTOP
20:27:27.0843 2076 UserName: Bill
20:27:27.0843 2076 Windows directory: C:\WINDOWS
20:27:27.0843 2076 System windows directory: C:\WINDOWS
20:27:27.0843 2076 Processor architecture: Intel x86
20:27:27.0843 2076 Number of processors: 2
20:27:27.0843 2076 Page size: 0x1000
20:27:27.0843 2076 Boot type: Normal boot
20:27:27.0843 2076 ============================================================
20:27:28.0484 2076 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:27:28.0531 2076 Initialize success
20:27:42.0937 3108 ============================================================
20:27:42.0937 3108 Scan started
20:27:42.0937 3108 Mode: Manual;
20:27:42.0937 3108 ============================================================
20:27:45.0343 3108 Abiosdsk - ok
20:27:45.0375 3108 abp480n5 - ok
20:27:45.0421 3108 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:27:45.0421 3108 ACPI - ok
20:27:45.0468 3108 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:27:45.0468 3108 ACPIEC - ok
20:27:45.0484 3108 adpu160m - ok
20:27:45.0515 3108 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:27:45.0515 3108 aec - ok
20:27:45.0578 3108 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:27:45.0578 3108 AFD - ok
20:27:45.0593 3108 Aha154x - ok
20:27:45.0593 3108 aic78u2 - ok
20:27:45.0609 3108 aic78xx - ok
20:27:45.0625 3108 AliIde - ok
20:27:45.0718 3108 ALSysIO - ok
20:27:45.0734 3108 amsint - ok
20:27:45.0796 3108 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:27:45.0796 3108 Arp1394 - ok
20:27:45.0812 3108 asc - ok
20:27:45.0828 3108 asc3350p - ok
20:27:45.0828 3108 asc3550 - ok
20:27:45.0906 3108 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:27:45.0906 3108 AsyncMac - ok
20:27:45.0953 3108 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:27:45.0953 3108 atapi - ok
20:27:45.0968 3108 Atdisk - ok
20:27:46.0031 3108 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:27:46.0031 3108 Atmarpc - ok
20:27:46.0078 3108 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:27:46.0078 3108 audstub - ok
20:27:46.0125 3108 b57w2k (6f7911f3e674363a91541e097f49b633) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:27:46.0125 3108 b57w2k - ok
20:27:46.0187 3108 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:27:46.0187 3108 Beep - ok
20:27:46.0234 3108 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:27:46.0234 3108 cbidf2k - ok
20:27:46.0250 3108 cd20xrnt - ok
20:27:46.0281 3108 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:27:46.0281 3108 Cdaudio - ok
20:27:46.0343 3108 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:27:46.0343 3108 Cdfs - ok
20:27:46.0406 3108 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:27:46.0406 3108 Cdrom - ok
20:27:46.0453 3108 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:27:46.0453 3108 cercsr6 - ok
20:27:46.0468 3108 Changer - ok
20:27:46.0484 3108 CmdIde - ok
20:27:46.0500 3108 Cpqarray - ok
20:27:46.0546 3108 cpudrv - ok
20:27:46.0609 3108 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
20:27:46.0609 3108 cpuz134 - ok
20:27:46.0625 3108 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
20:27:46.0640 3108 cpuz135 - ok
20:27:46.0640 3108 dac2w2k - ok
20:27:46.0656 3108 dac960nt - ok
20:27:46.0687 3108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:27:46.0687 3108 Disk - ok
20:27:46.0734 3108 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:27:46.0750 3108 dmboot - ok
20:27:46.0765 3108 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:27:46.0765 3108 dmio - ok
20:27:46.0781 3108 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:27:46.0781 3108 dmload - ok
20:27:46.0812 3108 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:27:46.0812 3108 DMusic - ok
20:27:46.0828 3108 dpti2o - ok
20:27:46.0875 3108 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:27:46.0875 3108 drmkaud - ok
20:27:46.0921 3108 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:27:46.0921 3108 Fastfat - ok
20:27:46.0953 3108 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:27:46.0953 3108 Fdc - ok
20:27:46.0984 3108 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:27:46.0984 3108 Fips - ok
20:27:47.0000 3108 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:27:47.0000 3108 Flpydisk - ok
20:27:47.0031 3108 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:27:47.0031 3108 FltMgr - ok
20:27:47.0078 3108 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:27:47.0078 3108 fssfltr - ok
20:27:47.0093 3108 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:27:47.0093 3108 Fs_Rec - ok
20:27:47.0109 3108 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:27:47.0109 3108 Ftdisk - ok
20:27:47.0171 3108 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:27:47.0171 3108 GEARAspiWDM - ok
20:27:47.0187 3108 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:27:47.0187 3108 Gpc - ok
20:27:47.0234 3108 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:27:47.0250 3108 HDAudBus - ok
20:27:47.0296 3108 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:27:47.0296 3108 hidusb - ok
20:27:47.0328 3108 hpn - ok
20:27:47.0375 3108 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:27:47.0390 3108 HPZid412 - ok
20:27:47.0390 3108 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:27:47.0390 3108 HPZipr12 - ok
20:27:47.0453 3108 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:27:47.0453 3108 HPZius12 - ok
20:27:47.0515 3108 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:27:47.0531 3108 HTTP - ok
20:27:47.0546 3108 i2omgmt - ok
20:27:47.0546 3108 i2omp - ok
20:27:47.0562 3108 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
20:27:47.0562 3108 i8042prt - ok
20:27:47.0640 3108 iastor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:27:47.0640 3108 iastor - ok
20:27:47.0671 3108 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:27:47.0671 3108 Imapi - ok
20:27:47.0687 3108 ini910u - ok
20:27:47.0703 3108 IntelIde - ok
20:27:47.0765 3108 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:27:47.0765 3108 intelppm - ok
20:27:47.0828 3108 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:27:47.0828 3108 Ip6Fw - ok
20:27:47.0859 3108 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:27:47.0859 3108 IpFilterDriver - ok
20:27:47.0906 3108 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:27:47.0906 3108 IpInIp - ok
20:27:47.0937 3108 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:27:47.0937 3108 IpNat - ok
20:27:47.0953 3108 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:27:47.0953 3108 IPSec - ok
20:27:48.0000 3108 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:27:48.0000 3108 IRENUM - ok
20:27:48.0015 3108 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:27:48.0015 3108 isapnp - ok
20:27:48.0046 3108 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:27:48.0046 3108 Kbdclass - ok
20:27:48.0062 3108 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:27:48.0062 3108 kbdhid - ok
20:27:48.0109 3108 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:27:48.0109 3108 kmixer - ok
20:27:48.0156 3108 krait03 (37c7c9044067e28327392d0b02cda526) C:\WINDOWS\system32\Drivers\krait.sys
20:27:48.0156 3108 krait03 - ok
20:27:48.0203 3108 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:27:48.0203 3108 KSecDD - ok
20:27:48.0218 3108 lbrtfdc - ok
20:27:48.0250 3108 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:27:48.0250 3108 mnmdd - ok
20:27:48.0265 3108 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:27:48.0265 3108 Modem - ok
20:27:48.0281 3108 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:27:48.0281 3108 Mouclass - ok
20:27:48.0296 3108 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:27:48.0312 3108 mouhid - ok
20:27:48.0312 3108 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:27:48.0312 3108 MountMgr - ok
20:27:48.0406 3108 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:27:48.0406 3108 MpFilter - ok
20:27:48.0718 3108 MpKsl88599a18 - ok
20:27:48.0765 3108 MpKslb6a02ac2 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9AF014-D169-4C6A-A2A9-3D1DD8C10E22}\MpKslb6a02ac2.sys
20:27:48.0765 3108 MpKslb6a02ac2 - ok
20:27:48.0859 3108 mraid35x - ok
20:27:48.0937 3108 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:27:48.0937 3108 MRxDAV - ok
20:27:48.0968 3108 MRxSmb (223a6c7b8803e46f621e8945aaf8f013) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:27:48.0984 3108 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 223a6c7b8803e46f621e8945aaf8f013, Fake md5: 8e989b35459085f88437aba10e0ecb9e
20:27:48.0984 3108 MRxSmb ( Virus.Win32.ZAccess.k ) - infected
20:27:48.0984 3108 MRxSmb - detected Virus.Win32.ZAccess.k (0)
20:27:49.0015 3108 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:27:49.0031 3108 Msfs - ok
20:27:49.0046 3108 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:27:49.0046 3108 MSKSSRV - ok
20:27:49.0078 3108 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:27:49.0078 3108 MSPCLOCK - ok
20:27:49.0156 3108 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:27:49.0156 3108 MSPQM - ok
20:27:49.0171 3108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:27:49.0171 3108 mssmbios - ok
20:27:49.0203 3108 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:27:49.0203 3108 Mup - ok
20:27:49.0218 3108 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:27:49.0234 3108 NDIS - ok
20:27:49.0281 3108 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:27:49.0281 3108 NdisTapi - ok
20:27:49.0296 3108 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:27:49.0296 3108 Ndisuio - ok
20:27:49.0312 3108 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:27:49.0312 3108 NdisWan - ok
20:27:49.0343 3108 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:27:49.0343 3108 NDProxy - ok
20:27:49.0359 3108 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:27:49.0359 3108 NetBIOS - ok
20:27:49.0390 3108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:27:49.0390 3108 NetBT - ok
20:27:49.0437 3108 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:27:49.0437 3108 NIC1394 - ok
20:27:49.0484 3108 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:27:49.0484 3108 nm - ok
20:27:49.0500 3108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:27:49.0500 3108 Npfs - ok
20:27:49.0515 3108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:27:49.0531 3108 Ntfs - ok
20:27:49.0578 3108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:27:49.0578 3108 Null - ok
20:27:49.0875 3108 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:27:50.0140 3108 nv - ok
20:27:50.0187 3108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:27:50.0187 3108 NwlnkFlt - ok
20:27:50.0203 3108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:27:50.0203 3108 NwlnkFwd - ok
20:27:50.0218 3108 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:27:50.0218 3108 ohci1394 - ok
20:27:50.0250 3108 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:27:50.0265 3108 Parport - ok
20:27:50.0265 3108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:27:50.0265 3108 PartMgr - ok
20:27:50.0296 3108 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:27:50.0296 3108 ParVdm - ok
20:27:50.0343 3108 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:27:50.0343 3108 PCI - ok
20:27:50.0359 3108 PCIDump - ok
20:27:50.0390 3108 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:27:50.0390 3108 PCIIde - ok
20:27:50.0406 3108 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:27:50.0421 3108 Pcmcia - ok
20:27:50.0421 3108 PDCOMP - ok
20:27:50.0437 3108 PDFRAME - ok
20:27:50.0453 3108 PDRELI - ok
20:27:50.0468 3108 PDRFRAME - ok
20:27:50.0484 3108 perc2 - ok
20:27:50.0500 3108 perc2hib - ok
20:27:50.0546 3108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:27:50.0546 3108 PptpMiniport - ok
20:27:50.0562 3108 PROCEXP151 - ok
20:27:50.0578 3108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:27:50.0578 3108 PSched - ok
20:27:50.0593 3108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:27:50.0593 3108 Ptilink - ok
20:27:50.0609 3108 ql1080 - ok
20:27:50.0625 3108 Ql10wnt - ok
20:27:50.0625 3108 ql12160 - ok
20:27:50.0640 3108 ql1240 - ok
20:27:50.0656 3108 ql1280 - ok
20:27:50.0671 3108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:27:50.0671 3108 RasAcd - ok
20:27:50.0703 3108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:27:50.0703 3108 Rasl2tp - ok
20:27:50.0734 3108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:27:50.0734 3108 RasPppoe - ok
20:27:50.0750 3108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:27:50.0750 3108 Raspti - ok
20:27:50.0781 3108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:27:50.0781 3108 Rdbss - ok
20:27:50.0796 3108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:27:50.0796 3108 RDPCDD - ok
20:27:50.0812 3108 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:27:50.0812 3108 rdpdr - ok
20:27:50.0859 3108 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:27:50.0859 3108 RDPWD - ok
20:27:50.0937 3108 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:27:50.0937 3108 redbook - ok
20:27:51.0031 3108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:27:51.0031 3108 Secdrv - ok
20:27:51.0046 3108 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:27:51.0062 3108 Serial - ok
20:27:51.0093 3108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:27:51.0093 3108 Sfloppy - ok
20:27:51.0109 3108 Simbad - ok
20:27:51.0125 3108 Sparrow - ok
20:27:51.0156 3108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:27:51.0156 3108 splitter - ok
20:27:51.0171 3108 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:27:51.0171 3108 sr - ok
20:27:51.0250 3108 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:27:51.0250 3108 Srv - ok
20:27:51.0265 3108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:27:51.0265 3108 swenum - ok
20:27:51.0281 3108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:27:51.0281 3108 swmidi - ok
20:27:51.0296 3108 symc810 - ok
20:27:51.0312 3108 symc8xx - ok
20:27:51.0328 3108 sym_hi - ok
20:27:51.0343 3108 sym_u3 - ok
20:27:51.0375 3108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:27:51.0375 3108 sysaudio - ok
20:27:51.0437 3108 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:27:51.0437 3108 Tcpip - ok
20:27:51.0484 3108 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:27:51.0484 3108 Tcpip6 - ok
20:27:51.0500 3108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:27:51.0500 3108 TDPIPE - ok
20:27:51.0531 3108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:27:51.0531 3108 TDTCP - ok
20:27:51.0546 3108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:27:51.0546 3108 TermDD - ok
20:27:51.0562 3108 TosIde - ok
20:27:51.0609 3108 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:27:51.0609 3108 tunmp - ok
20:27:51.0609 3108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:27:51.0609 3108 Udfs - ok
20:27:51.0640 3108 ultra - ok
20:27:51.0671 3108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:27:51.0687 3108 Update - ok
20:27:51.0734 3108 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:27:51.0734 3108 USBAAPL - ok
20:27:51.0796 3108 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:27:51.0796 3108 usbaudio - ok
20:27:51.0828 3108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:27:51.0828 3108 usbccgp - ok
20:27:51.0875 3108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:27:51.0875 3108 usbehci - ok
20:27:51.0890 3108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:27:51.0890 3108 usbhub - ok
20:27:51.0937 3108 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:27:51.0953 3108 usbprint - ok
20:27:52.0000 3108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:27:52.0000 3108 usbscan - ok
20:27:52.0031 3108 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:27:52.0031 3108 USBSTOR - ok
20:27:52.0093 3108 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:27:52.0093 3108 usbuhci - ok
20:27:52.0125 3108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:27:52.0125 3108 VgaSave - ok
20:27:52.0125 3108 ViaIde - ok
20:27:52.0140 3108 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:27:52.0156 3108 VolSnap - ok
20:27:52.0187 3108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:27:52.0187 3108 Wanarp - ok
20:27:52.0203 3108 WDICA - ok
20:27:52.0234 3108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:27:52.0234 3108 wdmaud - ok
20:27:52.0343 3108 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:27:52.0343 3108 WudfPf - ok
20:27:52.0359 3108 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:27:52.0359 3108 WudfRd - ok
20:27:52.0390 3108 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:27:52.0562 3108 \Device\Harddisk0\DR0 - ok
20:27:52.0562 3108 Boot (0x1200) (e429216783488a217fb43de81047dcb1) \Device\Harddisk0\DR0\Partition0
20:27:52.0562 3108 \Device\Harddisk0\DR0\Partition0 - ok
20:27:52.0562 3108 ============================================================
20:27:52.0562 3108 Scan finished
20:27:52.0562 3108 ============================================================
20:27:52.0578 3352 Detected object count: 1
20:27:52.0578 3352 Actual detected object count: 1
20:28:00.0359 3352 Backup copy found, using it..
20:28:00.0437 3352 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
20:28:01.0765 3352 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
20:28:04.0156 0788 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:14 PM

Posted 19 January 2012 - 08:54 PM

Post new aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 BillErhard

BillErhard
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 19 January 2012 - 09:24 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 20:57:37
-----------------------------
20:57:37.671 OS Version: Windows 5.1.2600 Service Pack 3
20:57:37.671 Number of processors: 2 586 0x404
20:57:37.671 ComputerName: BILLDESKTOP UserName: Bill
20:57:38.921 Initialize success
20:57:49.656 AVAST engine defs: 12011902
20:57:54.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:57:54.875 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:57:54.890 Disk 0 MBR read successfully
20:57:54.890 Disk 0 MBR scan
20:57:54.921 Disk 0 Windows XP default MBR code
20:57:54.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
20:57:54.937 Disk 0 scanning sectors +976752000
20:57:55.078 Disk 0 scanning C:\WINDOWS\system32\drivers
20:58:11.046 Service scanning
20:58:11.531 Service MpKslf99684ae c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9AF014-D169-4C6A-A2A9-3D1DD8C10E22}\MpKslf99684ae.sys **LOCKED** 32
20:58:12.125 Modules scanning
20:58:15.296 Disk 0 trace - called modules:
20:58:15.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:58:15.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x894c8ab8]
20:58:15.312 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x898d6030]
20:58:16.234 AVAST engine scan C:\WINDOWS
20:58:21.109 AVAST engine scan C:\WINDOWS\system32
21:01:28.890 AVAST engine scan C:\WINDOWS\system32\drivers
21:01:56.375 AVAST engine scan C:\Documents and Settings\Bill
21:16:44.171 AVAST engine scan C:\Documents and Settings\All Users
21:21:27.015 Scan finished successfully
21:23:15.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bill\Desktop\MBR.dat"
21:23:15.203 The log file has been saved successfully to "C:\Documents and Settings\Bill\Desktop\aswMBR.txt"

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:14 PM

Posted 19 January 2012 - 09:29 PM

Good :)

How is computer doing?

Next we have missing "hosts" file.

Download following "hosts"(zipped) file: http://www.bleepstatic.com/fhost/uploads/0/hosts_xp.zip
Unzip it.
Copy hosts file found inside.
Open Windows Explorer and paste hosts file to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder.

==================================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 BillErhard

BillErhard
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 19 January 2012 - 09:39 PM

After running TDSSkiller I've been browsing and haven't gotten any redirects yet. It's looking good! Thanks :thumbup2:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:37 on 19/01/2012 by Bill
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 711 bytes [02:35 20/01/2012] [15:40 19/01/2012]
lmhosts.sam --a---- 3683 bytes [12:00 04/08/2004] [12:00 04/08/2004]
networks --a---- 407 bytes [12:00 04/08/2004] [12:00 04/08/2004]
protocol --a---- 799 bytes [12:00 04/08/2004] [12:00 04/08/2004]
services --a---- 7116 bytes [12:00 04/08/2004] [12:00 04/08/2004]

---Folders---
None found.

-= EOF =-

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:14 PM

Posted 19 January 2012 - 10:05 PM

Good news :)

Next you have issues with Windows updates and Security Center due to some missing registry keys.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/



Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_wuauserv.reg and confirm the prompt.
Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click wuauserv.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.


Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer.
Check on Windows updates and Security Center.
Post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 BillErhard

BillErhard
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 19 January 2012 - 10:27 PM

Windows updates and Security Center seem to work. No windows updates to install, updated Security center definitions.

Farbar Service Scanner Version: 18-01-2012 01
Ran by Bill (administrator) on 19-01-2012 at 22:24:49
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(10)
0x0B0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:14 PM

Posted 19 January 2012 - 10:31 PM

Very good :)

Any current issues?

Last checks...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users