Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus- Trojan.fakeMS


  • Please log in to reply
21 replies to this topic

#1 Gemini1

Gemini1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 27 May 2012 - 05:13 PM

hello,
I recently got this virus on my machine "Trojan.fakeMS" that at first completely locked my machine. I was able to reboot and before the virus locked my machine, I was able to get to a website in my favorites. I then ran my 3 scans, SUPERAntiSpyware Free edition, Avira Virus control , and Malwarebytes' AntiMalware. The Malwarebytes found the virus and quarantined it. I then deleted it from quarantine. I now notice that my machine is running slower than it did before and when I re-boot my machine I also get an error message " Run DLL" - error loading :C \users\myname\Appdata\Local\temp\p0j99p.exe. The specified module could not be found.---
I need help to find out how to be sure that this virus is completely removed from my system and how to fix this error message. I believe that they are relate as I never had this error message before.

I am avoiding doing anything where I have to give any type of personal information on my machine as I do not want to have any more problems.

I have no idea where to look, as I am just a regular user and do not have any type of programming knowledge so any assitance that you can provide will be greatly appreciated.
Thank you

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:39 AM

Posted 27 May 2012 - 07:23 PM

Welcome to Bleeping Computer, Gemini1!

Let's see what the following short scan shows...

Please download RogueKiller

•When you get to the website, go to where it says:
(Download link) Lien de téléchargement: Posted Image
•Click the dark-blue button to download.
•Save to the Desktop

•Close all windows and browsers
•XP: Double-click the program to run it
•Vista/seven: Right-click and select 'Run as Administrator'
•Press: SCAN
•A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right-click on the downloaded icon and select: Rename
Then, rename it to winlogon.exe and try again.

Edited by Aaflac, 27 May 2012 - 07:25 PM.

Old duck...


#3 Gemini1

Gemini1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 27 May 2012 - 10:17 PM

Hello,

THanks, I have done what you advised, and attached the report. I don't understand anything that is in the file. What else do I need to do. Thanks again for your help.
Attached File  RKreport1.txt   2.52KB   7 downloads

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:39 AM

Posted 27 May 2012 - 11:29 PM

Let's press on with RogueKiller...

•Please quit all programs
•Right-click the RogueKiller file and select "Run as Administrator'
•Press: SCAN
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.
An RKreport (Mode: Delete) is created on the Desktop.

Please post (do not attach) the new RKreport (Mode: Delete) in your reply.

Old duck...


#5 Gemini1

Gemini1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 28 May 2012 - 10:11 PM

Hello,

I have copied below the information contained in the report that was generated after doing the scan and then delete as requested, RKreport (Mode: Delete). I can't understand a thing this report is saying, but I am sure it makes complete sense to you.
Thanks again for your all this help.
--
RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brenda [Admin rights]
Mode: Scan -- Date: 05/28/2012 23:01:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : BellCanada_UninstallTracking (C:\Users\Brenda\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=BellCanada) -> FOUND
[SUSP PATH] p0j99p.exe.lnk @Brenda : C:\Windows\System32\rundll32.exe|C:\Users\Brenda\AppData\Local\Temp\p0j99p.exe -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82248DE5 -> HOOKED (Unknown @ 0x898085EE)
SSDT[276] : NtRequestWaitReplyPort @ 0x8225AF90 -> HOOKED (Unknown @ 0x898085F8)
SSDT[289] : NtSetContextThread @ 0x822AA06F -> HOOKED (Unknown @ 0x898085F3)
SSDT[314] : NtSetSecurityObject @ 0x821D7038 -> HOOKED (Unknown @ 0x898085FD)
SSDT[332] : NtSystemDebugControl @ 0x8220FEC1 -> HOOKED (Unknown @ 0x89808602)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x89808616)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8980861B)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 779539d3b80873d581a63015f7ef65b4
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229483 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469981575 | Size: 8989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:39 AM

Posted 28 May 2012 - 10:17 PM

Please go back to Post #4, and follow those steps.

The program did a Scan, but it does not show that the Registry tab was looked at, the items there checked, or that the Delete button was pressed.

Thanks!

Old duck...


#7 Gemini1

Gemini1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 29 May 2012 - 10:47 PM

Hello,
I think I forgot to copy a file yesterday, I noticed 4 files today. I also re-did the scan but realized that I had Malwarebytes running so I re-did it again. I am showing you all the files below as they were created by RogueKiller, so that I can be sure that you have all the information that you need. In the scan that I did yesterday and today's first one around 9:45pm there were boxes to check on the Registry tab and I did the delete. The scan I did later, after Malwarebytes was finished around 11:30, there were no boxes to check on the Registry tab, nothing showed in the list section. Sorry for all the trouble.


RK REPORT 1
RogueKiller V7.5.0 [05/24/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brenda [Admin rights]
Mode: Scan -- Date: 05/27/2012 23:11:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : BellCanada_UninstallTracking (C:\Users\Brenda\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=BellCanada) -> FOUND
[SUSP PATH] p0j99p.exe.lnk @Brenda : C:\Windows\System32\rundll32.exe|C:\Users\Brenda\AppData\Local\Temp\p0j99p.exe -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82248DE5 -> HOOKED (Unknown @ 0x898085EE)
SSDT[276] : NtRequestWaitReplyPort @ 0x8225AF90 -> HOOKED (Unknown @ 0x898085F8)
SSDT[289] : NtSetContextThread @ 0x822AA06F -> HOOKED (Unknown @ 0x898085F3)
SSDT[314] : NtSetSecurityObject @ 0x821D7038 -> HOOKED (Unknown @ 0x898085FD)
SSDT[332] : NtSystemDebugControl @ 0x8220FEC1 -> HOOKED (Unknown @ 0x89808602)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x89808616)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8980861B)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 779539d3b80873d581a63015f7ef65b4
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229483 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469981575 | Size: 8989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RK REPORT 2RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brenda [Admin rights]
Mode: Scan -- Date: 05/28/2012 23:01:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : BellCanada_UninstallTracking (C:\Users\Brenda\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=BellCanada) -> FOUND
[SUSP PATH] p0j99p.exe.lnk @Brenda : C:\Windows\System32\rundll32.exe|C:\Users\Brenda\AppData\Local\Temp\p0j99p.exe -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82248DE5 -> HOOKED (Unknown @ 0x898085EE)
SSDT[276] : NtRequestWaitReplyPort @ 0x8225AF90 -> HOOKED (Unknown @ 0x898085F8)
SSDT[289] : NtSetContextThread @ 0x822AA06F -> HOOKED (Unknown @ 0x898085F3)
SSDT[314] : NtSetSecurityObject @ 0x821D7038 -> HOOKED (Unknown @ 0x898085FD)
SSDT[332] : NtSystemDebugControl @ 0x8220FEC1 -> HOOKED (Unknown @ 0x89808602)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x89808616)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8980861B)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 779539d3b80873d581a63015f7ef65b4
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229483 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469981575 | Size: 8989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RK REPORT 3
RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brenda [Admin rights]
Mode: Remove -- Date: 05/28/2012 23:03:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : BellCanada_UninstallTracking (C:\Users\Brenda\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=BellCanada) -> DELETED
[SUSP PATH] p0j99p.exe.lnk @Brenda : C:\Windows\System32\rundll32.exe|C:\Users\Brenda\AppData\Local\Temp\p0j99p.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82248DE5 -> HOOKED (Unknown @ 0x898085EE)
SSDT[276] : NtRequestWaitReplyPort @ 0x8225AF90 -> HOOKED (Unknown @ 0x898085F8)
SSDT[289] : NtSetContextThread @ 0x822AA06F -> HOOKED (Unknown @ 0x898085F3)
SSDT[314] : NtSetSecurityObject @ 0x821D7038 -> HOOKED (Unknown @ 0x898085FD)
SSDT[332] : NtSystemDebugControl @ 0x8220FEC1 -> HOOKED (Unknown @ 0x89808602)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x89808616)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8980861B)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 779539d3b80873d581a63015f7ef65b4
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229483 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469981575 | Size: 8989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


RK REPORT 4
RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brenda [Admin rights]
Mode: Scan -- Date: 05/29/2012 21:45:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[SUSP PATH] HKLM\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-VNBH1.exe" /REG /REGSVRMODE) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82276DE5 -> HOOKED (Unknown @ 0x8983D6D6)
SSDT[276] : NtRequestWaitReplyPort @ 0x82288F90 -> HOOKED (Unknown @ 0x8983D6E0)
SSDT[289] : NtSetContextThread @ 0x822D806F -> HOOKED (Unknown @ 0x8983D6DB)
SSDT[314] : NtSetSecurityObject @ 0x82205038 -> HOOKED (Unknown @ 0x8983D6E5)
SSDT[332] : NtSystemDebugControl @ 0x8223DEC1 -> HOOKED (Unknown @ 0x8983D6EA)
SSDT[334] : NtTerminateProcess @ 0x82236143 -> HOOKED (Unknown @ 0x8983D677)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8983D6FE)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8983D703)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 779539d3b80873d581a63015f7ef65b4
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229483 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469981575 | Size: 8989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

RK REPORT 5
RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brenda [Admin rights]
Mode: Remove -- Date: 05/29/2012 21:46:03

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[SUSP PATH] HKLM\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-VNBH1.exe" /REG /REGSVRMODE) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82276DE5 -> HOOKED (Unknown @ 0x8983D6D6)
SSDT[276] : NtRequestWaitReplyPort @ 0x82288F90 -> HOOKED (Unknown @ 0x8983D6E0)
SSDT[289] : NtSetContextThread @ 0x822D806F -> HOOKED (Unknown @ 0x8983D6DB)
SSDT[314] : NtSetSecurityObject @ 0x82205038 -> HOOKED (Unknown @ 0x8983D6E5)
SSDT[332] : NtSystemDebugControl @ 0x8223DEC1 -> HOOKED (Unknown @ 0x8983D6EA)
SSDT[334] : NtTerminateProcess @ 0x82236143 -> HOOKED (Unknown @ 0x8983D677)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8983D6FE)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8983D703)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 779539d3b80873d581a63015f7ef65b4
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229483 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469981575 | Size: 8989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt



RK REPORT 6
RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brenda [Admin rights]
Mode: Scan -- Date: 05/29/2012 23:20:33

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82276DE5 -> HOOKED (Unknown @ 0x8983D6D6)
SSDT[276] : NtRequestWaitReplyPort @ 0x82288F90 -> HOOKED (Unknown @ 0x8983D6E0)
SSDT[289] : NtSetContextThread @ 0x822D806F -> HOOKED (Unknown @ 0x8983D6DB)
SSDT[314] : NtSetSecurityObject @ 0x82205038 -> HOOKED (Unknown @ 0x8983D6E5)
SSDT[332] : NtSystemDebugControl @ 0x8223DEC1 -> HOOKED (Unknown @ 0x8983D6EA)
SSDT[334] : NtTerminateProcess @ 0x82236143 -> HOOKED (Unknown @ 0x8983D677)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8983D6FE)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8983D703)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 779539d3b80873d581a63015f7ef65b4
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229483 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469981575 | Size: 8989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt


RK REPORT 7
RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brenda [Admin rights]
Mode: Remove -- Date: 05/29/2012 23:21:59

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82276DE5 -> HOOKED (Unknown @ 0x8983D6D6)
SSDT[276] : NtRequestWaitReplyPort @ 0x82288F90 -> HOOKED (Unknown @ 0x8983D6E0)
SSDT[289] : NtSetContextThread @ 0x822D806F -> HOOKED (Unknown @ 0x8983D6DB)
SSDT[314] : NtSetSecurityObject @ 0x82205038 -> HOOKED (Unknown @ 0x8983D6E5)
SSDT[332] : NtSystemDebugControl @ 0x8223DEC1 -> HOOKED (Unknown @ 0x8983D6EA)
SSDT[334] : NtTerminateProcess @ 0x82236143 -> HOOKED (Unknown @ 0x8983D677)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8983D6FE)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8983D703)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 779539d3b80873d581a63015f7ef65b4
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229483 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469981575 | Size: 8989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

#8 Gemini1

Gemini1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 29 May 2012 - 10:52 PM

Hello again,

I also noticed a folder called "RK Quarantine", not sure if you need this also. I have copied the data below for you to see what is in it.
Thank you so much for all your help.



Time : 27/05/2012 23:11:43
--------------------------
ERROR [InstallHelper.exe.vir] -> C:\Users\Brenda\AppData\Local\Temp\InstallHelper.exe
ERROR [p0j99p.exe.vir] -> C:\Users\Brenda\AppData\Local\Temp\p0j99p.exe


Time : 28/05/2012 23:01:45
--------------------------
ERROR [InstallHelper.exe.vir] -> C:\Users\Brenda\AppData\Local\Temp\InstallHelper.exe
ERROR [p0j99p.exe.vir] -> C:\Users\Brenda\AppData\Local\Temp\p0j99p.exe


Time : 28/05/2012 23:03:23
--------------------------
ERROR [InstallHelper.exe.vir] -> C:\Users\Brenda\AppData\Local\Temp\InstallHelper.exe
ERROR [p0j99p.exe.vir] -> C:\Users\Brenda\AppData\Local\Temp\p0j99p.exe
ERROR [InstallHelper.exe.vir] -> C:\Users\Brenda\AppData\Local\Temp\InstallHelper.exe
ERROR [p0j99p.exe.vir] -> C:\Users\Brenda\AppData\Local\Temp\p0j99p.exe


Time : 29/05/2012 21:45:11
--------------------------
[is-VNBH1.exe.vir] -> C:\Windows\is-VNBH1.exe


Time : 29/05/2012 21:46:03
--------------------------
[is-VNBH1.exe.vir] -> C:\Windows\is-VNBH1.exe
[is-VNBH1.exe.vir] -> C:\Windows\is-VNBH1.exe


Time : 29/05/2012 23:20:33
--------------------------


Time : 29/05/2012 23:21:59
--------------------------

#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:39 AM

Posted 30 May 2012 - 12:01 AM

Are you still getting the error message? Hopefully not.

Please download DDS from one of these locations:
Link 1
Link 2
Save the downloaded file to the Desktop.

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. These may interfere with the running of DDS.

For information on how to disable protective programs, refer to this link

Vista: Right-click DDS and select 'Run as Administrator' to run the tool.

When done, DDS will opens two reports:
DDS.txt (Opens on the Desktop)
Attach.txt (Opens minimized on the TaskBar)

Please post (do not attach) both reports in your reply.




Next, download: aswMBR
Save to the Desktop.

Vista: Right-click the file and select 'Run as Administrator'

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

At this point, click the SCAN button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Please do NOT attempt to fix anything!!

Exit the program.

Please post the aswMBR log in your reply.


Note that a file named MBR.dat is also created on the Desktop.

Please submit MBR.dat for analysis to VirusTotal

When you get to the website, use the Browse button to navigate to the location of MBR.dat
Click on the file, then, click the Open button.
The file is now displayed in the Submit Box.

Scroll down and click Send File, and wait for the results.

If you get a message saying: 'File has already been analyzed', click: 'Reanalyze file now'

Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.

Then, provide the http:\\ address to the results page in your reply.

Old duck...


#10 Gemini1

Gemini1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 30 May 2012 - 11:07 PM

Hello,

Here are the results, but I was not able to turn off my Super AntiSpyware or Malwarebytes Anti-Malware, they are both the free editions. I also the file from aswMBR, MBR.dat on Virustotal. Should this be a window Media players file.?? The MRR.dat file when I look at the properties it shows that this file opens with windows media player. Should I change this, how would I do that?
With the Virustotal I did not see the button Send file, I saw Scan It and that is what I did, but unfortunately the result showed that Analysis failed. This is the link: https://www.virustotal.com/file/analysis/failed/. What should I do?


this is the dds file
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Brenda at 22:50:22 on 2012-05-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1918.1142 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Netscape Accelerator\slipcore.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.theweathernetwork.com/weather/caqc0419/?ref=topnav_weatherindex_weather
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Presario&pf=desktop
uURLSearchHooks: H - No File
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\netscape accelerator\PBHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\program files\netscape accelerator\components\NOWImaging.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11g_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mRun: [SlipStream] "c:\program files\netscape accelerator\slipcore.exe"
mRun: [BellCanada_McciTrayApp] "c:\program files\bellcanada\McciTrayApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [VideotronSA.exe] "c:\program files\videotron\videotron service agent\VideotronSA.exe" /AUTORUN
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\brenda\appdata\roaming\micros~1\windows\startm~1\programs\startup\intern~1.lnk - c:\program files\internet explorer\iexplore.exe
StartupFolder: c:\users\brenda\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\progra~1\netsca~2\sliplsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_Win32.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AC81EEF9-BCC4-457D-B1C8-18472C6FD4F3} : DhcpNameServer = 192.168.2.1
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-16 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/27 00:37:45];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-5-16 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-5-16 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-16 83392]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504]
R2 ServicepointService;ServicepointService;c:\program files\videotron\videotron service agent\ServicepointService.exe [2011-6-27 689464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-27 257696]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-19 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-29 23:16:50 711240 ----a-w- c:\windows\is-VNBH1.exe
2012-05-29 23:10:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-29 23:10:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 18:28:46 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{27026102-6f23-4064-951b-be30f99cd320}\mpengine.dll
2012-05-27 23:09:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-27 23:09:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-27 22:18:09 -------- d-----w- c:\users\brenda\appdata\roaming\SpeedMaxPc
2012-05-27 22:18:09 -------- d-----w- c:\users\brenda\appdata\roaming\DriverCure
2012-05-27 22:17:47 -------- d-----w- c:\programdata\SpeedMaxPc
2012-05-16 23:47:03 -------- d-----w- c:\users\brenda\appdata\roaming\Avira
2012-05-16 23:44:18 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-16 23:44:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-16 23:44:09 -------- d-----w- c:\programdata\Avira
2012-05-16 23:44:09 -------- d-----w- c:\program files\Avira
2012-05-11 22:47:04 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 22:47:03 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 22:47:01 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-11 22:47:01 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-11 22:47:01 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-11 22:47:01 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-05-11 22:47:01 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-11 22:47:01 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-11 22:46:58 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 22:46:58 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 22:46:58 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 22:46:58 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 22:46:58 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 22:46:49 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 22:46:49 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 22:46:49 2044928 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2010-08-13 02:01:40 444 ----a-w- c:\program files\08201022014012.bat
.
============= FINISH: 22:51:07.69 ===============

this is the attachdds file
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 25/07/2007 12:28:11 AM
System Uptime: 30/05/2012 9:59:01 PM (1 hours ago)
.
Motherboard: ECS | | Nettle2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | Socket M2 | 1800/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 152.807 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.013 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1395: 17/05/2012 10:09:54 AM - Scheduled Checkpoint
RP1396: 18/05/2012 1:28:29 AM - Scheduled Checkpoint
RP1397: 18/05/2012 12:23:14 PM - Windows Update
RP1398: 22/05/2012 8:18:59 PM - Windows Update
RP1399: 24/05/2012 1:42:34 AM - Scheduled Checkpoint
RP1400: 25/05/2012 9:48:11 PM - Windows Update
RP1401: 26/05/2012 4:11:36 PM - Scheduled Checkpoint
RP1402: 27/05/2012 6:45:47 PM - Removed Ask Toolbar.
RP1403: 27/05/2012 6:52:54 PM - Removed Adobe Reader 8.3.1
RP1404: 27/05/2012 6:54:55 PM - Removed Google Earth Plug-in.
RP1405: 27/05/2012 6:56:09 PM - Removed Apple Software Update
RP1406: 27/05/2012 6:57:10 PM - Removed Apple Application Support
RP1407: 27/05/2012 6:58:29 PM - Removed Bonjour
RP1408: 27/05/2012 6:58:50 PM - Removed iTunes
RP1409: 27/05/2012 7:01:52 PM - Removed QuickTime
RP1410: 27/05/2012 7:03:41 PM - Removed Apple Mobile Device Support
RP1411: 29/05/2012 2:05:06 AM - Scheduled Checkpoint
RP1412: 29/05/2012 2:27:48 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
µTorrent
Avira Free Antivirus
Bell Internet Check-up
Bing Maps 3D
CCleaner
Citrix Presentation Server Client - Web Only
CyberLink PowerDVD 10
D3DX10
Enhanced Multimedia Keyboard Solution
GearDrvs
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Update
ImgBurn
Java Auto Updater
Java™ 6 Update 29
Kobo
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.0
OmniPage SE 2.0
PSSWCORE
Python 2.4.3
Radialpoint Security Advisor 2.5.10
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Snapfish Media Detector
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Spyde Solitaire
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Videotron Service Agent 3.7.44
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
29/05/2012 4:46:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
28/05/2012 10:58:38 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
27/05/2012 8:23:36 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AC81EEF9-BCC4-457D-B1C8-18472C6FD4F3} because another computer on the network has the same name. The server could not start.
27/05/2012 6:58:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
27/05/2012 6:58:24 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/05/2012 6:54:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
27/05/2012 6:54:04 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/05/2012 6:54:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/05/2012 1:00:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

#11 Gemini1

Gemini1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 30 May 2012 - 11:10 PM

Hi again, I forgot to mention that I am not receiving the DLL error message anymore, as you suspected.

THank you so much for all this help.

#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:39 AM

Posted 31 May 2012 - 12:13 AM

Please provide the results of aswMBR.

Also, please go to one of the following online services that analyzes suspicious files:
Once there, do the folowing:
In the File to Scan (Upload, or, Submit) box, click the Browse button and locate the MBR.dat file.
Click the Open button in the Browse prompt, and, when the file shows, click the Submit (or Upload) button on the website.
If you get a message saying File has already been analyzed, click: Reanalyze or Scan again
Please post the link of the file analysis in your reply.

Old duck...


#13 Gemini1

Gemini1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 31 May 2012 - 06:55 AM

Hello,

This is the aswMBR result. When I tried to scan the file it gave me a failed message, is it because the .dat file is saved as a Window Media player file? Should I open this with a different program? If so, which one? I tried the scans anyways and copied the Internet screen as no reports seem to be generated.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-30 23:17:36
-----------------------------
23:17:36.961 OS Version: Windows 6.0.6002 Service Pack 2
23:17:36.962 Number of processors: 2 586 0x6B01
23:17:36.962 ComputerName: BRENDA-PC UserName: Brenda
23:17:38.240 Initialize success
23:17:50.341 AVAST engine defs: 12053002
23:17:58.965 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
23:17:58.974 Disk 0 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 6
23:17:59.015 Disk 0 MBR read successfully
23:17:59.022 Disk 0 MBR scan
23:17:59.026 Disk 0 unknown MBR code
23:17:59.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229483 MB offset 63
23:17:59.069 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8989 MB offset 469981575
23:17:59.087 Disk 0 scanning sectors +488392065
23:17:59.175 Disk 0 scanning C:\Windows\system32\drivers
23:18:15.937 Service scanning
23:18:37.975 Modules scanning
23:19:04.335 Disk 0 trace - called modules:
23:19:04.381 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
23:19:04.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85baeac8]
23:19:04.745 3 CLASSPNP.SYS[879a38b3] -> nt!IofCallDriver -> [0x84b2bb68]
23:19:04.758 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\00000051[0x84b86c90]
23:19:05.657 AVAST engine scan C:\Windows
23:19:20.542 AVAST engine scan C:\Windows\system32
23:23:35.911 AVAST engine scan C:\Windows\system32\drivers
23:23:49.760 AVAST engine scan C:\Users\Brenda
23:33:41.009 AVAST engine scan C:\ProgramData
23:39:02.189 Scan finished successfully
23:39:21.671 Disk 0 MBR has been saved successfully to "C:\Users\Brenda\Desktop\MBR.dat"
23:39:21.677 The log file has been saved successfully to "C:\Users\Brenda\Desktop\aswMBR.txt"




JOttis results,

Jotti's malware scan
Filename: MBR.dat
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Thu 31 May 2012 13:34:18 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 512 bytes
Filetype: x86 boot sector
MD5: 779539d3b80873d581a63015f7ef65b4
SHA1: ee0458b2bcf54c6d955c333bdf8108a2c3843bd9







Scanners
2012-05-31 Found nothing 2012-05-31 Found nothing
2012-05-31 Found nothing 2012-05-31 Found nothing
2012-05-31 Found nothing 2012-05-31 Found nothing
2012-05-31 Found nothing 2012-05-31 Found nothing
2012-05-31 Found nothing 2012-05-31 Found nothing
2012-05-31 Found nothing 2012-05-30 Found nothing
2012-05-31 Found nothing 2012-05-31 Found nothing
2012-05-31 Found nothing 2012-05-31 Found nothing
2012-05-31 Found nothing 2012-05-30 Found nothing
2012-05-31 Found nothing 2012-05-30 Found nothing



--------------------------------------------------------------------------------




Scan a file - Hash search - Frequently Asked Questions - Privacy policy

© 2004-2012 Jotti <jotti@jotti.org>
This is the link:
http://virusscan.jotti.org/en/scanresult/ce0bd585a011a0b497d6bcda8c5cc701f1c151fc



virscan results
VirSCAN.org Scanned Report :
Scanned time : 2012/05/31 07:37:52 (EDT)
Scanner results: Scanners did not find malware!
File Name : MBR.dat
File Size : 512 byte
File Type : x86 boot sector; partition 1
MD5 : 779539d3b80873d581a63015f7ef65b4
SHA1 : ee0458b2bcf54c6d955c333bdf8108a2c3843bd9
Online report : http://r.virscan.org/4d236289256326c3a75f5d9b06e4423d

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120531032653 2012-05-31 0.32 -
AhnLab V3 ... .. -- 0.17 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.00 -
Antiy 2.0.18 20120528.19019665 2012-05-28 0.00 -
Arcavir 2011 201205280048 2012-05-28 0.00 -
Authentium 5.1.1 201205290357 2012-05-29 0.00 -
AVAST! 4.7.4 120528-0 2012-05-28 0.00 -
AVG 12.0.1782 2425/5029 2012-05-28 0.00 -
BitDefender 7.90123.7245322 7.42414 2012-05-29 0.00 -
ClamAV 0.97.3 14972 2012-05-28 0.00 -
Comodo 5.1 12458 2012-05-31 2.44 -
CP Secure 1.3.0.5 2012.05.25 2012-05-25 0.00 -
Dr.Web 7.0.2.4281 2012.05.29 2012-05-29 0.00 -
F-Prot 4.6.2.117 20120528 2012-05-28 0.00 -
F-Secure 7.02.73807 2012.05.29.03 2012-05-29 0.00 -
Fortinet 4.3.392 15.620 2012-05-30 0.14 -
GData 22.5117 20120531 2012-05-31 5.50 -
ViRobot 20120530 2012.05.30 2012-05-30 0.41 -
Ikarus T3.1.32.20.0 2012.05.29.81335 2012-05-29 0.00 -
JiangMin 13.0.900 2012.05.31 2012-05-31 2.17 -
Kaspersky 5.5.10 2012.05.29 2012-05-29 0.00 -
KingSoft 2009.2.5.15 2012.5.30.9 2012-05-30 0.87 -
McAfee 5400.1158 6725 2012-05-28 0.00 -
Microsoft 1.8403 2012.05.31 2012-05-31 3.44 -
NOD32 3.0.21 7170 2012-05-26 0.00 -
Panda 9.05.01 2012.05.29 2012-05-29 0.80 -
Trend Micro 9.500-1005 9.150.01 2012-05-29 0.00 -
Quick Heal 11.00 2012.05.30 2012-05-30 0.95 -
Rising 20.0 24.12.03.01 2012-05-31 0.47 -
Sophos 3.31.1 4.77 2012-05-29 0.00 -
Sunbelt 3.9.2538.2 11989 2012-05-30 0.79 -
Symantec 1.3.0.24 20120528.002 2012-05-28 0.00 -
nProtect 20120530.01 11391488 2012-05-30 1.60 -
The Hacker 6.8.0.0 v00026 2012-05-30 1.80 -
VBA32 3.12.16.4 20120528.0806 2012-05-28 0.00 -
VirusBuster 5.5.0.2 14.2.93.0/8842878 2012-05-28 0.00 -

the link for this scan is:
http://r.virscan.org/report/4d236289256326c3a75f5d9b06e4423d.html

#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:39 AM

Posted 01 June 2012 - 12:20 AM

To get rid of any remnants that other programs may have not picked up, let's run the ESET Online Scanner:

One more time, please disable your AntiVirus program and any AntiSpyware programs while performing the scan. It will preclude conflicts, and speeds up scan time.

For information on how to disable protective programs, refer to this info.

Since you are using Windows Vista , go to the Start button, look for the Internet Explorer browser icon, right-click it, and select 'Run as administrator'

In the IE browser address bar, copy paste the following 'http' address:
http://www.eset.com/us/online-scanner

Press the ESET Online Scanner button
  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked/unchecked
  • Click: Scan
  • Wait for the scan to finish...it may take a while.
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your Desktop as: ESET Scan.

Please provide the contents of the ESET Scan in your reply.

Old duck...


#15 Gemini1

Gemini1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 06 June 2012 - 08:41 PM

Hello,

I was finally able to do the last scan, was having problems with the Internet explorere, every time I would open as administrator , it would not show as Not responding, and then my Internet connection would be lost.

The scan showed no threats found so there is no file to export or attach.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users