Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira Finds 150 Infections


  • This topic is locked This topic is locked
28 replies to this topic

#1 i_am_jim

i_am_jim

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 11 July 2013 - 08:59 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_37
Run by Becky at 8:36:02 on 2013-07-11
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1270.600 [GMT -5:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\AutoDetect.exe
C:\Program Files\FBackup 4\fbaSched.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uDefault_Page_URL = hxxp://www.msn.com
mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Ceedo AutoDetect] c:\docume~1\becky\locals~1\temp\AutoDetect.exe /active
uRun: [FBackup 4] "c:\program files\fbackup 4\FBackup.exe" /s
uRun: [FBackup Scheduler] "c:\program files\fbackup 4\fbaSched.exe"
uRunOnce: [Ceedo Repair] c:\docume~1\becky\locals~1\temp\AutoDetect.exe /drive= /repair /name= /id= /params=""
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348374635359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{426E2EB6-D911-4F10-9120-A8F0B7345F9A} : DHCPNameServer = 192.168.254.254
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\becky\application data\mozilla\firefox\profiles\1vnr985x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2010-08-20 03:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-17 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-17 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-17 66616]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-27 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-13 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-11-2 26120]
S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\seagate\sync\seasyncservices.exe" --> c:\program files\seagate\sync\SeaSyncServices.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-07-09 21:03:22 -------- d-----w- c:\documents and settings\becky\application data\Malwarebytes
2013-07-09 21:03:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-07-09 21:03:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-09 21:03:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-09 18:01:51 546 ----a-w- c:\documents and settings\becky\local settings\application data\wsr28zt32.dll
.
==================== Find3M  ====================
.
2013-07-11 13:21:47 556544 ----a-w- c:\windows\system32\alg.exe
2013-07-09 18:05:27 544256 ----a-w- c:\windows\system32\wupdmgr.exe
2013-07-09 18:05:14 598016 ----a-w- c:\windows\unvise32qt.exe
2013-07-09 18:05:02 638976 -c--a-w- c:\windows\system32\mshearts.exe
2013-07-09 18:04:37 544768 -c--a-w- c:\windows\system32\odbcad32.exe
2013-07-09 18:04:32 1712640 ----a-w- c:\windows\system32\ntbackup.exe
2013-07-09 18:04:30 945664 ----a-w- c:\windows\system32\wiaacmgr.exe
2013-07-09 18:04:27 650752 -c--a-w- c:\windows\system32\sndvol32.exe
2013-07-09 18:04:27 643584 -c--a-w- c:\windows\system32\sndrec32.exe
2013-07-09 18:04:26 523264 -c--a-w- c:\windows\system32\fxssend.exe
2013-07-09 18:04:25 741888 ----a-w- c:\windows\system32\fxscover.exe
2013-07-09 18:04:25 654848 -c--a-w- c:\windows\system32\fxsclnt.exe
2013-07-09 18:04:23 696320 -c--a-w- c:\windows\system32\accwiz.exe
2013-06-25 12:38:02 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2013-06-25 12:38:00 104 --sh--r- c:\windows\system32\DE319AC229.sys
2013-06-12 07:18:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 07:18:30 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-08 22:07:02 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 22:07:02 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 22:07:01 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-08 22:07:01 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-02 22:07:16 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-06-02 22:07:15 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-09-05 20:26:12 161720 -c--a-w- c:\program files\4jres.dll
.
============= FINISH:  8:38:36.53 ===============
 

Original post here  http://www.bleepingcomputer.com/forums/t/500578/avira-reports-over-150-infected-files/

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 16 July 2013 - 08:21 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, i_am_jim

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 16 July 2013 - 08:21 AM

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 16 July 2013 - 08:33 AM

I'm here



#5 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 16 July 2013 - 09:27 AM

09:10:26.0296 4256  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:10:26.0937 4256  ============================================================
09:10:26.0937 4256  Current date / time: 2013/07/16 09:10:26.0937
09:10:26.0937 4256  SystemInfo:
09:10:26.0937 4256  
09:10:26.0937 4256  OS Version: 5.1.2600 ServicePack: 3.0
09:10:26.0937 4256  Product type: Workstation
09:10:26.0937 4256  ComputerName: DBMNSB91
09:10:26.0937 4256  UserName: Betty
09:10:26.0937 4256  Windows directory: C:\WINDOWS
09:10:26.0937 4256  System windows directory: C:\WINDOWS
09:10:26.0937 4256  Processor architecture: Intel x86
09:10:26.0937 4256  Number of processors: 2
09:10:26.0937 4256  Page size: 0x1000
09:10:26.0937 4256  Boot type: Normal boot
09:10:26.0937 4256  ============================================================
09:10:30.0328 4256  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:10:30.0343 4256  ============================================================
09:10:30.0343 4256  \Device\Harddisk0\DR0:
09:10:30.0343 4256  MBR partitions:
09:10:30.0343 4256  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8BA61DB
09:10:30.0343 4256  ============================================================
09:10:30.0375 4256  C: <-> \Device\Harddisk0\DR0\Partition1
09:10:30.0375 4256  ============================================================
09:10:30.0375 4256  Initialize success
09:10:30.0375 4256  ============================================================
 

 

Attached Files


Edited by i_am_jim, 16 July 2013 - 09:42 AM.


#6 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 16 July 2013 - 09:28 AM

I added this while I can still reach the internet.  It appears the bug had disabled IE and Firefox



#7 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 16 July 2013 - 09:35 AM

deleted


Edited by i_am_jim, 16 July 2013 - 05:14 PM.


#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 16 July 2013 - 09:57 AM

I shall be waiting for aswMBR log :)

Do you have any difficulty in running it?

Edited by Conspire, 16 July 2013 - 10:04 AM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 16 July 2013 - 01:20 PM

No, I didn't have trouble running it.  I thought I had uploaded it, I must have uploaded the wrong thing.  I can't get hold of my sister-in-law right now.



#10 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 16 July 2013 - 05:09 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-16 09:32:10
-----------------------------
09:32:10.984    OS Version: Windows 5.1.2600 Service Pack 3
09:32:10.984    Number of processors: 2 586 0x409
09:32:10.984    ComputerName: DBMNSB91  UserName: Betty
09:32:11.953    Initialize success
09:32:49.062    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
09:32:49.062    Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 3
09:32:49.328    Disk 0 MBR read successfully
09:32:49.343    Disk 0 MBR scan
09:32:49.343    Disk 0 unknown MBR code
09:32:49.343    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       31 MB offset 63
09:32:49.359    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        71500 MB offset 64260
09:32:49.406    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     4753 MB offset 146496735
09:32:49.406    Disk 0 scanning sectors +156232125
09:32:49.625    Disk 0 scanning C:\WINDOWS\system32\drivers
09:33:10.109    Service scanning
09:33:30.593    Modules scanning
09:33:38.750    Disk 0 trace - called modules:
09:33:38.843    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 
09:33:39.625    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3c3ab8]
09:33:39.656    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a3bdd98]
09:33:39.687    Scan finished successfully
09:34:02.109    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Becky\Desktop\MBR.dat"
09:34:02.125    The log file has been saved successfully to "C:\Documents and Settings\Becky\Desktop\aswMBR.txt"


#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 16 July 2013 - 09:54 PM

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic %5BB%5DHow to disable your security applications[/b]

====================================================


Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 17 July 2013 - 09:00 AM

We get this

 

 

Attached Files



#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 17 July 2013 - 10:30 AM

Did you try downloading using the second link? See if the same thing happens?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 17 July 2013 - 11:05 AM

Finally got it to work

Attached Files



#15 i_am_jim

i_am_jim
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 17 July 2013 - 01:52 PM

Did you try downloading using the second link? See if the same thing happens?

Did you see I got it to work?  The file is in the previous message. 

 

I went to the original webpage and downloaded it there.


Edited by i_am_jim, 17 July 2013 - 01:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users