Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet sites redirected - virus?


  • This topic is locked This topic is locked
11 replies to this topic

#1 MAMABOST

MAMABOST

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 04 February 2012 - 05:23 PM

I have been dealing with this issue for a few months and I just did some checking on the internet and it looks like it might be a virus. When I do a google search and then click on a link, it redirects me to another website. Also on occasion when I am on a site such as facebook and click a link a new tab opens up and a website for work at home moms opens up which is very hard to close. I did have the windows 7 security warning virus right before this happened, but I thought I got rid of it with rkill and malwarebytes anti malware which I still have running on my computer. I am afraid to do anything else to my computer without some advice. I am running Windows 7 professional and I use mozilla firefox. Please let me know what other information you will need.

BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:33 PM

Posted 04 February 2012 - 06:55 PM

Hi MAMABOST, and welcome to the forums!! :thumbsup:

My name is bloopie and I'll be helping you for now.

Let's try to get some logs from your computer:

First please post the last log from MBAM that you ran. The file can be located by opening MBAM and clicking the "Logs" tab at the top and double-clicking the most recent scan. Copy and past that scan here.

Please re-run Rkill, and without rebooting:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
============================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
============================

  • Please download MBRScan and save it to your desktop.
  • Doubleclick on MBRScan.exe and click the Report button. (Vista and Windows 7 Users, right click on MBRScan and then click on run as administrator).
  • Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
  • When the scan is finished, a log file will appear.
  • Save that log file to your desktop and post its content in your next reply.
============================

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Please be sure to include the logs from MBAM, MinitoolBox, GMER, MBRScan and aswMBR in your next reply!

Any problems running the tools, please let me know!


bloopie

#3 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 06 February 2012 - 08:03 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Janet :: JANET-PC [administrator]

Protection: Enabled

1/3/2012 7:50:05 PM
mbam-log-2012-01-03 (19-50-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386349
Time elapsed: 57 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Janet\AppData\Local\cjh.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
C:\Users\Janet\AppData\Local\kid.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\qcexhn\setup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Windows\Temp\sugasy\setup.exe (Trojan.Krypt) -> Quarantined and deleted successfully.

#4 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 06 February 2012 - 08:10 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Janet (administrator) on 06-02-2012 at 20:03:50
Microsoft Windows 7 Professional (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Hardware not present)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Janet-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : B8-AC-6F-B7-3B-F4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:ae6a:eca0:1234:b187:9f0f:d162:df2e(Preferred)
Temporary IPv6 Address. . . . . . : 2002:ae6a:eca0:1234:843f:ea30:671c:d6e7(Preferred)
Link-local IPv6 Address . . . . . : fe80::b187:9f0f:d162:df2e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, February 06, 2012 5:59:37 PM
Lease Expires . . . . . . . . . . : Wednesday, February 03, 2021 5:59:37 PM
Default Gateway . . . . . . . . . : fe80::222:75ff:fe38:f104%11
192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-F2-94-EC-B8-AC-6F-B7-3B-F4
DNS Servers . . . . . . . . . . . : 192.168.2.1
192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.159.99] with 32 bytes of data:
Reply from 74.125.159.99: bytes=32 time=25ms TTL=53
Reply from 74.125.159.99: bytes=32 time=27ms TTL=53

Ping statistics for 74.125.159.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 27ms, Average = 26ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=79ms TTL=52
Reply from 98.137.149.56: bytes=32 time=121ms TTL=52

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 79ms, Maximum = 121ms, Average = 100ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...b8 ac 6f b7 3b f4 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 266
192.168.2.3 255.255.255.255 On-link 192.168.2.3 266
192.168.2.255 255.255.255.255 On-link 192.168.2.3 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 266 ::/0 fe80::222:75ff:fe38:f104
1 306 ::1/128 On-link
11 18 2002:ae6a:eca0:1234::/64 On-link
11 266 2002:ae6a:eca0:1234:843f:ea30:671c:d6e7/128
On-link
11 266 2002:ae6a:eca0:1234:b187:9f0f:d162:df2e/128
On-link
11 266 fe80::/64 On-link
11 266 fe80::b187:9f0f:d162:df2e/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 mswsock.dll [File Not found] ()
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/06/2012 08:04:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:03:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:00:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:00:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:00:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:00:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:00:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:00:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:00:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/06/2012 08:00:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (02/06/2012 05:59:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (02/06/2012 05:59:42 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/06/2012 05:59:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv

Error: (02/06/2012 05:59:41 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (02/06/2012 05:59:40 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (02/06/2012 05:59:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/06/2012 05:59:35 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:57:26 PM on ?2/?6/?2012 was unexpected.

Error: (02/06/2012 05:56:14 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/06/2012 05:56:13 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/06/2012 05:56:08 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (01/24/2011 02:45:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/24/2011 02:44:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 84 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/22/2010 00:48:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 713 seconds with 240 seconds of active time. This session ended with a crash.

Error: (10/29/2010 10:45:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 69 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/23/2010 09:59:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Ad-Aware
Ad-Aware (Version: 8.3.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.1.2 (Version: 9.1.2)
Angry Birds (Version: 1.6.3.1)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.010.0210.2205)
AVG PC Tuneup 2011 (Version: 10.0.0.26)
Bonjour (Version: 2.0.5.0)
BufferChm (Version: 130.0.331.000)
C4500 (Version: 130.0.365.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Light (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2206.39615)
Catalyst Control Center InstallProxy (Version: 2010.0210.2206.39615)
Catalyst Control Center Localization All (Version: 2010.0210.2206.39615)
ccc-core-static (Version: 2010.0210.2206.39615)
ccc-utility64 (Version: 2010.0210.2206.39615)
CCC Help Chinese Standard (Version: 2010.0210.2205.39615)
CCC Help Chinese Traditional (Version: 2010.0210.2205.39615)
CCC Help Czech (Version: 2010.0210.2205.39615)
CCC Help Danish (Version: 2010.0210.2205.39615)
CCC Help Dutch (Version: 2010.0210.2205.39615)
CCC Help English (Version: 2010.0210.2205.39615)
CCC Help Finnish (Version: 2010.0210.2205.39615)
CCC Help French (Version: 2010.0210.2205.39615)
CCC Help German (Version: 2010.0210.2205.39615)
CCC Help Greek (Version: 2010.0210.2205.39615)
CCC Help Hungarian (Version: 2010.0210.2205.39615)
CCC Help Italian (Version: 2010.0210.2205.39615)
CCC Help Japanese (Version: 2010.0210.2205.39615)
CCC Help Korean (Version: 2010.0210.2205.39615)
CCC Help Norwegian (Version: 2010.0210.2205.39615)
CCC Help Polish (Version: 2010.0210.2205.39615)
CCC Help Portuguese (Version: 2010.0210.2205.39615)
CCC Help Russian (Version: 2010.0210.2205.39615)
CCC Help Spanish (Version: 2010.0210.2205.39615)
CCC Help Swedish (Version: 2010.0210.2205.39615)
CCC Help Thai (Version: 2010.0210.2205.39615)
CCC Help Turkish (Version: 2010.0210.2205.39615)
CCleaner (Version: 2.34)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conduit Engine (Version: )
Conexant HD Audio (Version: 4.98.71.61)
Consumer In-Home Service Agreement (Version: 2.0.0)
Copy (Version: 130.0.428.000)
Coupon Printer for Windows (Version: 5.0.0.0)
Cricut DesignStudio
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 1.21)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.40)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
eBridge Print Driver 4.3.11.0613
eBridgeViewer (Version: 5.0.11.620)
Express Scribe
Google Chrome (Version: 16.0.912.77)
GoToAssist 8.0.0.514
GPBaseService2 (Version: 130.0.371.000)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.6203)
H&R Block North Carolina 2010 (Version: 1.10.3701)
H&R Block North Carolina 2011 (Version: 1.11.4001)
H&R Block Premium + Efile + State 2010 (Version: 10.06.5701)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 130.0.374.000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Runtime (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
MOSS v2.0 (Version: 2.0.0)
MotoHelper 2.0.24 Driver 4.7.1 (Version: 2.0.24)
MotoHelper MergeModules (Version: 1.0.0)
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1)
Mozilla Firefox (3.6.18) (Version: 3.6.18 (en-US))
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network64 (Version: 130.0.572.000)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PowerDVD DX (Version: 8.3.6029)
PS_AIO_04_C4500_Software_Min (Version: 130.0.365.000)
QB Desktop Repair Utility (Version: 1.1.0)
QuickBooks Pro 2007 (Version: )
QuickBooks Product Listing Service (Version: 2.0.132)
QuickTime (Version: 7.69.80.9)
Reader Library by Sony (Version: 3.3.00.07130)
Roxio Burn (Version: 1.01)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skins (Version: 2010.0210.2206.39615)
Skype Click to Call (Version: 5.8.8855)
Skype 5.5 (Version: 5.5.124)
SmartWebPrinting (Version: 130.0.457.000)
Smilebox (Version: 1.1.1.1)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
SupportSoft Assisted Service (Version: 15)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
TweakNow PowerPack 2011 SP2b (Version: 3.3.2)
Unity Web Player (Version: )
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Vuze Remote Toolbar (Version: 6.3.3.3)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Devices: ================================

Name: Dell Wireless 1397 WLAN Mini-Card
Description: Dell Wireless 1397 WLAN Mini-Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3838.85 MB
Available physical RAM: 1797.07 MB
Total Pagefile: 7675.85 MB
Available Pagefile: 5596.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.88 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:212.91 GB) (Free:169.86 GB) NTFS
2 Drive d: (H&R Block 2011) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
3 Drive e: (LACIE) (Fixed) (Total:111.76 GB) (Free:87.4 GB) FAT32
5 Drive g: (USB Disk) (Removable) (Total:7.45 GB) (Free:5.11 GB) FAT32

========================= Users: ========================================

User accounts for \\JANET-PC

Administrator ASPNET Guest
Janet

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:33 PM

Posted 07 February 2012 - 09:30 AM

Thanks for those MAMABOST,

Please continue with the other scans from post #2 as they may be the most important logs. :thumbup2:

bloopie

#6 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 February 2012 - 12:16 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-08 12:15:10
Windows 6.1.7600
Running: utvz3xoh.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\like[3].php 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\lr[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\jquery-ui-1.8.2.custom.min[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\jquery[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\jsapi[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\ddc[8].htm 11861 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\share.475759c7f9879ed08f39a762160a24df[1].css 19067 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\Windows-8-continuing-1-150x150[1].jpg 5274 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\Tablets-in-2012-what-are-the-expectations-1[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\viewChannelModule[1].act 60348 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\FDAF_2012_GetIntoTheNew_728x90_MLPOL_Auto_Background[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\spinner[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\r=O[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\ads[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\ads[7] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\ads[7].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\ads[8].js 11346 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\icon-comments[1].png 1137 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\0R9H4HQJ53_343890187[1].html 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\ca.twopointo.creatormedianavigator[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\channeldata[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\cms-2c[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\count[1].json 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\icon-tags[2].png 533 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\btn-fb[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\button_bk_on[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\results[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4JWA7PU\px[1].txt 1267 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWIOBAJP\futon_atf[1].txt 1140 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWIOBAJP\969387795[1].htm 7227 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWIOBAJP\pix[1].gif 49 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\20120112_bestof2011[1].txt 26605 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\AdDisplayTrackerServlet[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\AdDisplayTrackerServlet[6].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\AdDisplayTrackerServlet[7].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\AdDisplayTrackerServlet[8].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\AdDisplayTrackerServlet[9].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\afrCAAU5Y2B.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\iframe3CAN7K3ZT.htm 493 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\ddc[8].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\ddc[9].htm 11861 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\futon_atf[2].txt 1138 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\pixel[6].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\st[5] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\st[6] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\st[9] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\969539956[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\adservercontinuation[1].aspx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJYHAGO9\freq[7].html 395 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@voicefive[7].txt 4578 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@afy11[6].txt 1640 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CAFYCYC9.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pubmatic[3].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[5].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[8].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nextag[2].txt 1468 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crwdcntrl[2].txt 2545 bytes

---- EOF - GMER 1.0.15 ----

#7 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 February 2012 - 12:20 PM


MBRScan v1.1.0



OS             : Windows 7  (64 bit)

PROCESSOR      : AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD

BOOT           : Normal Boot

DATE           : 2012/02/08 (ISO 8601) at 12:18:26

________________________________________________________________________________



DISK           : Device\Harddisk0\DR0 __WDC WD2500AAJS-75M0A0 (02.03E02)

BUS_TYPE       : (0x0B)  S-ATA

USE_PIO        : NO

MAX_TRANSFER   : 128 Kb

ALIGNMENT_MASK : word aligned

________________________________________________________________________________



DISK           : Device\Harddisk1\DR1 __SAMSUNG HM120JC

BUS_TYPE       : (0x07)  USB

USE_PIO        : NO

MAX_TRANSFER   : 64 Kb

ALIGNMENT_MASK : byte aligned

________________________________________________________________________________



Device\Harddisk0\DR0	232.8 Go  [Fixed] ==> Vista MBR Code



MBR_MD5   : D90188B3126F65BB08A53FCC19C4FD0D

MBR_SHA1  : E9FDD60301AC1FC167597CEE79E552D1305C44C5



Device\Harddisk0\Partition1	39.19 Mo  	0xDE Dell Utility 

Device\Harddisk0\Partition2	19.88 Go  	0x07 NTFS / HPFS __ BOOTABLE __

Device\Harddisk0\Partition3	212.9 Go  	0x07 NTFS / HPFS

________________________________________________________________________________



Device\Harddisk1\DR1	111.8 Go  [Fixed] ==> Unknown MBR Code ....



MBR_MD5   : 091C70E5C585B4BDC2CA8B0F852BDBDA

MBR_SHA1  : 7B43ACCFECD0A69BA8D80977CF7CE1D88B942725



Device\Harddisk1\Partition1	111.8 Go  	0x0C FAT32 [LBA]  __ BOOTABLE __

________________________________________________________________________________



############################### Additional scan ################################



DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk

ADDRESS : 0x02FDD000

SIZE    : 292.0 Ko



DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk

ADDRESS : 0x00BAE000

SIZE    : 40.0 Ko



DRIVER  : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk

ADDRESS : 0x00C1B000

SIZE    : 52.0 Ko



DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk

ADDRESS : 0x00C3C000

SIZE    : 376.0 Ko



DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk

ADDRESS : 0x00C9A000

SIZE    : 768.0 Ko



DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk

ADDRESS : 0x00E8E000

SIZE    : 656.0 Ko



DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk

ADDRESS : 0x00F32000

SIZE    : 60.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\ACPI.sys => Invisible on the disk

ADDRESS : 0x00F41000

SIZE    : 348.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\WMILIB.SYS => Invisible on the disk

ADDRESS : 0x00F98000

SIZE    : 36.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\msisadrv.sys => Invisible on the disk

ADDRESS : 0x00FA1000

SIZE    : 40.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\pci.sys => Invisible on the disk

ADDRESS : 0x00FAB000

SIZE    : 204.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\vdrvroot.sys => Invisible on the disk

ADDRESS : 0x00FDE000

SIZE    : 52.0 Ko



DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk

ADDRESS : 0x00FEB000

SIZE    : 84.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\volmgr.sys => Invisible on the disk

ADDRESS : 0x00E00000

SIZE    : 84.0 Ko



DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk

ADDRESS : 0x00E15000

SIZE    : 368.0 Ko



DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk

ADDRESS : 0x00E71000

SIZE    : 104.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\atapi.sys => Invisible on the disk

ADDRESS : 0x00D86000

SIZE    : 36.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\ataport.SYS => Invisible on the disk

ADDRESS : 0x00D8F000

SIZE    : 168.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\msahci.sys => Invisible on the disk

ADDRESS : 0x00DB9000

SIZE    : 44.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\PCIIDEX.SYS => Invisible on the disk

ADDRESS : 0x00DC4000

SIZE    : 64.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\amdxata.sys => Invisible on the disk

ADDRESS : 0x00DD4000

SIZE    : 44.0 Ko



DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk

ADDRESS : 0x01061000

SIZE    : 304.0 Ko



DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk

ADDRESS : 0x010AD000

SIZE    : 80.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\Lbd.sys => Invisible on the disk

ADDRESS : 0x010C1000

SIZE    : 84.0 Ko



DRIVER  : C:\Windows\System32\Drivers\PxHlpa64.sys => Invisible on the disk

ADDRESS : 0x010D6000

SIZE    : 48.0 Ko



DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk

ADDRESS : 0x01222000

SIZE    : 1.64 Mo



DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk

ADDRESS : 0x010E2000

SIZE    : 376.0 Ko



DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk

ADDRESS : 0x013C5000

SIZE    : 104.0 Ko



DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk

ADDRESS : 0x01140000

SIZE    : 460.0 Ko



DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk

ADDRESS : 0x013DF000

SIZE    : 68.0 Ko



DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk

ADDRESS : 0x013F0000

SIZE    : 40.0 Ko



DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk

ADDRESS : 0x0140D000

SIZE    : 968.0 Ko



DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk

ADDRESS : 0x014FF000

SIZE    : 384.0 Ko



DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk

ADDRESS : 0x0155F000

SIZE    : 172.0 Ko



DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk

ADDRESS : 0x01600000

SIZE    : 1.99 Mo



DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk

ADDRESS : 0x0158A000

SIZE    : 296.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\vmstorfl.sys => Invisible on the disk

ADDRESS : 0x015D4000

SIZE    : 64.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\volsnap.sys => Invisible on the disk

ADDRESS : 0x011B3000

SIZE    : 304.0 Ko



DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk

ADDRESS : 0x015E4000

SIZE    : 32.0 Ko



DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk

ADDRESS : 0x01000000

SIZE    : 232.0 Ko



DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk

ADDRESS : 0x015EC000

SIZE    : 72.0 Ko



DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk

ADDRESS : 0x01400000

SIZE    : 36.0 Ko



DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk

ADDRESS : 0x018FB000

SIZE    : 232.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk

ADDRESS : 0x01935000

SIZE    : 88.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk

ADDRESS : 0x0194B000

SIZE    : 192.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\AtiPcie.sys => Invisible on the disk

ADDRESS : 0x0197B000

SIZE    : 32.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk

ADDRESS : 0x019BB000

SIZE    : 168.0 Ko



DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk

ADDRESS : 0x019E5000

SIZE    : 36.0 Ko



DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk

ADDRESS : 0x019EE000

SIZE    : 28.0 Ko



DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk

ADDRESS : 0x01800000

SIZE    : 56.0 Ko



DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk

ADDRESS : 0x0180E000

SIZE    : 148.0 Ko



DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk

ADDRESS : 0x01833000

SIZE    : 64.0 Ko



DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk

ADDRESS : 0x01843000

SIZE    : 36.0 Ko



DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk

ADDRESS : 0x0184C000

SIZE    : 36.0 Ko



DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk

ADDRESS : 0x01855000

SIZE    : 36.0 Ko



DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk

ADDRESS : 0x0185E000

SIZE    : 44.0 Ko



DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk

ADDRESS : 0x01869000

SIZE    : 68.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk

ADDRESS : 0x0187A000

SIZE    : 120.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk

ADDRESS : 0x01898000

SIZE    : 52.0 Ko



DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk

ADDRESS : 0x018A5000

SIZE    : 276.0 Ko



DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk

ADDRESS : 0x02C39000

SIZE    : 548.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk

ADDRESS : 0x02CC2000

SIZE    : 36.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk

ADDRESS : 0x02CCB000

SIZE    : 152.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk

ADDRESS : 0x02CF1000

SIZE    : 88.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk

ADDRESS : 0x02D07000

SIZE    : 60.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk

ADDRESS : 0x02D16000

SIZE    : 108.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk

ADDRESS : 0x02D31000

SIZE    : 80.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk

ADDRESS : 0x02D45000

SIZE    : 324.0 Ko



DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk

ADDRESS : 0x02D96000

SIZE    : 48.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk

ADDRESS : 0x02DA2000

SIZE    : 44.0 Ko



DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk

ADDRESS : 0x02DAD000

SIZE    : 60.0 Ko



DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk

ADDRESS : 0x03AC0000

SIZE    : 524.0 Ko



DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk

ADDRESS : 0x03B43000

SIZE    : 120.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk

ADDRESS : 0x03B61000

SIZE    : 68.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk

ADDRESS : 0x03B72000

SIZE    : 152.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\amdk8.sys => Invisible on the disk

ADDRESS : 0x03B98000

SIZE    : 92.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk

ADDRESS : 0x03BAF000

SIZE    : 208.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\atipmdag.sys => Invisible on the disk

ADDRESS : 0x03CC2000

SIZE    : 6.39 Mo



DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk

ADDRESS : 0x0447E000

SIZE    : 976.0 Ko



DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk

ADDRESS : 0x04572000

SIZE    : 280.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk

ADDRESS : 0x045B8000

SIZE    : 144.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\k57nd60a.sys => Invisible on the disk

ADDRESS : 0x04400000

SIZE    : 324.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk

ADDRESS : 0x04451000

SIZE    : 52.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk

ADDRESS : 0x0445E000

SIZE    : 44.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk

ADDRESS : 0x04327000

SIZE    : 344.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk

ADDRESS : 0x04469000

SIZE    : 68.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk

ADDRESS : 0x045DC000

SIZE    : 64.0 Ko



DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk

ADDRESS : 0x0437D000

SIZE    : 88.0 Ko



DRIVER  : C:\Windows\sys________________________________________________________________________________



_______MBR   \Device\Harddisk0\DR0  



0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3.м.|..ؾ.|.

0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   ...Ph....

0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10   ..~..|.......

0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   ..V.UF..F..

0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   AU.]r..Uu.

0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ..t.F.f`.~..t

0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.

0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..B.V...

0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ........|.V.

0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE   .v..N..n..fas.

0x000000A0   4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80   N......~.......

0x000000B0   EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE   .U2.V..]..>

0x000000C0   7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0   }Uun.v.......

0x000000D0   D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 B0 FF E6   d..`x..

0x000000E0   64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81   dq...f#u;f.

0x000000F0   FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07   TCPAu2...r,fh.

0x00000100   BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66   ..fh....fh....f

0x00000110   53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00   SfSfUfh....fh.|.

0x00000120   00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00   .fah....Z2.|.

0x00000130   00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07   ..........

0x00000140   32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4   2....<.t..

0x00000150   0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24   ..+d.$.$

0x00000160   02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74   .Invalid partit

0x00000170   69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20   ion table.Error 

0x00000180   6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E   loading operatin

0x00000190   67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67   g system.Missing

0x000001A0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 00 65    operating sys.e

0x000001B0   6D 00 00 00 00 62 7A 99 68 F4 E2 48 00 00 00 01   m....bz.hH....

0x000001C0   01 00 DE FE 3F 04 3F 00 00 00 86 39 01 00 80 19   ..?.?....9....

0x000001D0   15 05 07 FE FF FF 00 40 01 00 00 30 7C 02 00 FE   ......@...0|..

0x000001E0   FF FF 07 FE FF FF 00 70 7D 02 00 18 9D 1A 00 00   ......p}.......

0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............U



_______MBR   \Device\Harddisk1\DR1  



0x00000000   E9 29 00 53 50 46 5F 42 6F 6F 74 55 AA 01 A0 12   ).SPF_BootU...

0x00000010   0C 80 00 00 00 02 01 00 00 00 00 00 10 00 00 00   ................

0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 B8 C0 07 8E   ..............

0x00000030   D8 FA 8E D0 BC 00 00 FB 8A 16 11 00 52 52 33 C0   .м......RR3

0x00000040   CD 13 5A B4 08 CD 13 88 36 1B 00 5A 0F 82 E3 00   .Z...6..Z...

0x00000050   80 E1 3F 88 0E 1A 00 B8 00 80 8E C0 BB 35 02 81   .?.......5..

0x00000060   3E 12 00 FF 03 76 47 BE 1C 00 89 44 06 89 5C 04   >....vG...D..\.

0x00000070   66 A1 16 00 66 89 44 08 66 33 C0 A0 10 00 88 44   f..f.D.f3....D

0x00000080   02 66 50 B4 42 CD 13 0F 82 A8 00 E8 B5 00 66 58   .fPB.....fX

0x00000090   66 01 44 08 A0 0F 00 88 44 02 C7 44 04 00 00 C7   f.D.....D.D...

0x000000A0   44 06 00 70 B4 42 CD 13 0F 82 87 00 EB 72 8B 0E   D..pB.....r..

0x000000B0   12 00 86 E9 C0 E1 06 0A 0E 15 00 8A 36 14 00 32   .........6..2

0x000000C0   E4 A0 10 00 8B F0 33 FF EB 51 B8 01 02 CD 13 72   ....3.Q...r

0x000000D0   62 8B C1 86 E0 C0 EC 06 83 E1 3F 3A 0E 1A 00 72   b....?:...r

0x000000E0   10 3A 36 1B 00 72 05 32 F6 40 EB 02 FE C6 80 E1   .:6..r.2@..

0x000000F0   C0 FE C1 C0 E4 06 86 E0 0B C8 81 C3 00 02 4E 0B   ......N.

0x00000100   F6 75 18 0B FF 75 14 E8 39 00 BF 01 00 B8 00 70   u...u.9....p

0x00000110   8E C0 33 DB 32 E4 A0 0F 00 8B F0 83 FE 00 77 AA   .32......w

0x00000120   B8 00 80 8E D8 8E C0 FA 8E D0 BC 00 00 FB EA 00   .....м...

0x00000130   00 00 70 BE 5C 01 B4 0E 33 DB AC CD 10 0A C0 75   ..p\..3۬..u

0x00000140   F9 EB FE BB 35 02 66 26 81 3F 53 50 46 44 75 E3   5.f&.?SPFDu

0x00000150   66 26 81 7F 04 69 73 6B 2E 75 D8 C3 53 50 46 44   f&...isk.uSPFD

0x00000160   69 73 6B 20 42 6F 6F 74 20 4D 61 6E 61 67 65 72   isk Boot Manager

0x00000170   20 6B 65 72 6E 65 6C 20 6C 6F 61 64 20 66 61 69    kernel load fai

0x00000180   6C 75 72 65 2E 2E 2E 2E 2E 2E 2E 2E 07 0A 0D 00   lure............

0x00000190   4D 61 64 65 20 69 6E 20 53 50 46 44 69 73 6B 00   Made in SPFDisk.

0x000001A0   0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

0x000001B0   00 00 00 00 00 00 00 00 A1 B3 B0 2A 00 00 80 01   ........*....

0x000001C0   01 00 0C FE FF FE 3F 00 00 00 82 37 F9 0D 00 00   ....?....7...

0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............U



#8 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 February 2012 - 12:37 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 12:21:42
-----------------------------
12:21:42.571 OS Version: Windows x64 6.1.7600
12:21:42.571 Number of processors: 2 586 0x6B02
12:21:42.571 ComputerName: JANET-PC UserName: Janet
12:21:44.786 Initialize success
12:23:59.534 AVAST engine defs: 12020800
12:24:05.930 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:24:05.930 Disk 0 Vendor: WDC_WD2500AAJS-75M0A0 02.03E02 Size: 238418MB BusType: 11
12:24:05.945 Disk 0 MBR read successfully
12:24:05.945 Disk 0 MBR scan
12:24:05.961 Disk 0 Windows VISTA default MBR code
12:24:05.961 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:24:05.976 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20358 MB offset 81920
12:24:05.992 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 218019 MB offset 41775104
12:24:06.008 Service scanning
12:24:07.365 Modules scanning
12:24:07.365 Disk 0 trace - called modules:
12:24:07.380 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:24:07.396 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800465a060]
12:24:07.412 3 CLASSPNP.SYS[fffff8800194c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045de680]
12:24:09.299 AVAST engine scan C:\Windows
12:24:11.312 AVAST engine scan C:\Windows\system32
12:24:24.540 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:26:21.369 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
12:26:24.130 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
12:28:17.012 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
12:28:17.074 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
12:28:17.215 File: C:\Windows\assembly\tmp\TF1N9VH3\IEExecRemote.dll **SUSPICIOUS**
12:28:17.246 File: C:\Windows\assembly\tmp\TF1N9VH3\__AssemblyInfo__.ini **SUSPICIOUS**
12:28:17.745 AVAST engine scan C:\Windows\system32\drivers
12:28:29.570 AVAST engine scan C:\Users\Janet
12:33:25.609 AVAST engine scan C:\ProgramData
12:34:52.221 Scan finished successfully
12:36:47.146 Disk 0 MBR has been saved successfully to "C:\Users\Janet\Desktop\MBR.dat"
12:36:47.146 The log file has been saved successfully to "C:\Users\Janet\Desktop\aswMBR.

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:33 PM

Posted 08 February 2012 - 01:03 PM

Hi again,

Yes, you have a rootkit! We will need some more powerful tools:

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and please be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

bloopie

Edited by bloopie, 08 February 2012 - 01:12 PM.


#10 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 February 2012 - 10:26 PM

Bloopie,

Thanks for your help. I have posted all the information requested in a new post.

Janet

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:33 PM

Posted 08 February 2012 - 10:55 PM

My pleasure MAMABOST!! :thumbup2:

Thanks for letting me know and good luck!!!

Best of regards,

bloopie

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:33 PM

Posted 08 February 2012 - 11:06 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users