TechSpot

Virus job... help needed

Inactive
By SledgeProne
Aug 10, 2012
  1. Malwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.09.12
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Ed :: HOME-PC [administrator]
    Protection: Enabled
    8/9/2012 8:10:08 PM
    mbam-log-2012-08-09 (20-10-08).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 228264
    Time elapsed: 4 minute(s), 44 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    ===============================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-09 20:20:59
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD800JD-55MUA1 rev.10.01E01
    Running: 4l5owe5q.exe; Driver: C:\DOCUME~1\Ed\LOCALS~1\Temp\kxtdipow.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 89D8B39B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89D8B39B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89D8B39B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89D8B39B
    Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD800JD-55MUA1______________________10.01E01#5&16368115&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    ---- EOF - GMER 1.0.15 ----
    ===================================
     
  2. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
    Run by Ed at 20:23:16 on 2012-08-09
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1434 [GMT -7:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\American Systems\Print Screen\prtsc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
    C:\WINDOWS\System32\igfxsrvc.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    ============== Pseudo HJT Report ===============
     
  3. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    .
    uStart Page = hxxp://www.att.net/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80118
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80118
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
    TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File
    TB: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
    TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [FixCleaner] c:\program files\fixcleaner\FixCleaner.exe -boot
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Print Screen] c:\program files\american systems\print screen\prtsc.exe /m
    mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\ed\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
     
  4. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet k series\bin\hpoorn07.exe
    uPolicies-explorer: NoThumbnailCache = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: att.net
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com\clientapps
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072946965718
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1072946978468
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-10 655944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-10 22344]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-23 250056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
    .
    =============== Created Last 30 ================
    .
    2012-08-10 00:32:38 -------- d-----w- c:\documents and settings\ed\local settings\application data\Identities
    2012-08-09 04:55:39 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-08-08 06:39:05 -------- d-----w- c:\documents and settings\ed\local settings\application data\Sun
    2012-08-08 02:03:46 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-08 02:03:46 687544 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-08 02:03:46 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-08 02:03:36 -------- d-----w- c:\program files\Oracle
    .
    ==================== Find3M ====================
    .
    2012-08-09 05:06:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-08-03 05:31:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-03 05:31:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800JD-55MUA1 rev.10.01E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D8B555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d917b0]; MOV EAX, [0x89d9182c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DCDAB8]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89E369E8]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DCFD98]
    \Driver\atapi[0x89D9EA08] -> IRP_MJ_CREATE -> 0x89D8B555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD800JD-55MUA1______________________10.01E01#5&16368115&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x89D8B39B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 20:24:25.48 ===============
     
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.att.net/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80118
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80118
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
    TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File
    TB: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
    TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [FixCleaner] c:\program files\fixcleaner\FixCleaner.exe -boot
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Print Screen] c:\program files\american systems\print screen\prtsc.exe /m
    mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\ed\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet k series\bin\hpoorn07.exe
    uPolicies-explorer: NoThumbnailCache = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: att.net
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com\clientapps
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072946965718
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1072946978468
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-10 655944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-10 22344]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-23 250056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
    .
    =============== Created Last 30 ================
    .
    2012-08-10 00:32:38 -------- d-----w- c:\documents and settings\ed\local settings\application data\Identities
    2012-08-09 04:55:39 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-08-08 06:39:05 -------- d-----w- c:\documents and settings\ed\local settings\application data\Sun
    2012-08-08 02:03:46 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-08 02:03:46 687544 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-08 02:03:46 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-08 02:03:36 -------- d-----w- c:\program files\Oracle
    .
    ==================== Find3M ====================
    .
    2012-08-09 05:06:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-08-03 05:31:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-03 05:31:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800JD-55MUA1 rev.10.01E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D8B555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d917b0]; MOV EAX, [0x89d9182c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DCDAB8]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89E369E8]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DCFD98]
    \Driver\atapi[0x89D9EA08] -> IRP_MJ_CREATE -> 0x89D8B555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD800JD-55MUA1______________________10.01E01#5&16368115&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x89D8B39B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 20:24:25.48 ===============
     
  5. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/1/2004 12:32:02 AM
    System Uptime: 8/9/2012 8:06:14 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | D945GCNL
    Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | LGA 775 | 2394/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 50.886 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP981: 5/11/2012 7:03:40 PM - System Checkpoint
    RP982: 5/12/2012 7:10:52 PM - System Checkpoint
    RP983: 5/13/2012 7:28:20 PM - System Checkpoint
    RP984: 5/14/2012 7:36:11 PM - System Checkpoint
    RP985: 5/15/2012 8:25:09 PM - System Checkpoint
    RP986: 5/16/2012 9:49:56 PM - System Checkpoint
    RP987: 5/18/2012 6:42:38 AM - System Checkpoint
    RP988: 5/19/2012 12:37:51 PM - System Checkpoint
    RP989: 5/20/2012 1:21:22 PM - System Checkpoint
    RP990: 5/23/2012 7:27:53 PM - System Checkpoint
    RP991: 5/24/2012 8:17:58 PM - System Checkpoint
    RP992: 5/26/2012 9:09:22 AM - System Checkpoint
    RP993: 5/27/2012 11:53:44 AM - System Checkpoint
    RP994: 5/28/2012 12:22:08 PM - System Checkpoint
    RP995: 5/29/2012 5:55:04 PM - System Checkpoint
    RP996: 5/30/2012 6:42:20 PM - System Checkpoint
    RP997: 5/31/2012 6:44:32 PM - System Checkpoint
    RP998: 6/1/2012 7:38:21 PM - System Checkpoint
    RP999: 6/2/2012 8:09:00 PM - System Checkpoint
    RP1000: 6/4/2012 8:05:28 PM - System Checkpoint
    RP1001: 6/5/2012 8:55:38 PM - System Checkpoint
    RP1002: 6/7/2012 6:16:34 AM - System Checkpoint
    RP1003: 6/10/2012 6:04:27 PM - System Checkpoint
    RP1004: 6/11/2012 7:54:43 PM - System Checkpoint
    RP1005: 6/13/2012 5:25:01 AM - System Checkpoint
    RP1006: 6/14/2012 6:16:06 AM - System Checkpoint
    RP1007: 6/15/2012 8:05:48 PM - System Checkpoint
    RP1008: 6/16/2012 8:06:47 PM - System Checkpoint
    RP1009: 6/17/2012 8:43:36 PM - System Checkpoint
    RP1010: 6/19/2012 8:27:04 PM - System Checkpoint
    RP1011: 6/20/2012 8:58:16 PM - System Checkpoint
    RP1012: 6/22/2012 6:21:08 AM - System Checkpoint
    RP1013: 6/24/2012 12:16:12 PM - System Checkpoint
    RP1014: 6/25/2012 7:23:47 PM - System Checkpoint
    RP1015: 6/26/2012 7:56:43 PM - System Checkpoint
    RP1016: 6/27/2012 8:06:47 PM - System Checkpoint
    RP1017: 6/29/2012 6:24:08 AM - System Checkpoint
    RP1018: 6/30/2012 6:32:30 PM - System Checkpoint
    RP1019: 7/1/2012 6:38:43 PM - System Checkpoint
    RP1020: 7/2/2012 6:40:46 PM - System Checkpoint
    RP1021: 7/3/2012 9:05:21 PM - System Checkpoint
    RP1022: 7/4/2012 11:47:28 PM - System Checkpoint
    RP1023: 7/6/2012 5:44:46 AM - System Checkpoint
    RP1024: 7/7/2012 12:16:10 PM - System Checkpoint
    RP1025: 7/8/2012 3:28:52 PM - System Checkpoint
    RP1026: 7/9/2012 4:13:20 PM - System Checkpoint
    RP1027: 7/10/2012 6:36:07 PM - System Checkpoint
    RP1028: 7/11/2012 6:46:13 PM - System Checkpoint
    RP1029: 7/12/2012 7:57:04 PM - System Checkpoint
    RP1030: 7/13/2012 8:08:37 PM - System Checkpoint
    RP1031: 7/14/2012 8:44:54 PM - System Checkpoint
    RP1032: 7/15/2012 9:05:41 PM - System Checkpoint
    RP1033: 7/16/2012 9:47:05 PM - System Checkpoint
    RP1034: 7/17/2012 10:26:39 PM - System Checkpoint
    RP1035: 7/19/2012 4:40:42 AM - System Checkpoint
    RP1036: 7/20/2012 11:05:25 AM - System Checkpoint
    RP1037: 7/21/2012 12:16:12 PM - System Checkpoint
    RP1038: 7/22/2012 1:10:18 PM - System Checkpoint
    RP1039: 7/23/2012 1:18:12 PM - System Checkpoint
    RP1040: 7/24/2012 9:26:46 PM - System Checkpoint
    RP1041: 7/26/2012 12:17:37 AM - System Checkpoint
    RP1042: 7/27/2012 5:47:13 AM - System Checkpoint
    RP1043: 7/28/2012 9:36:59 AM - System Checkpoint
    RP1044: 7/29/2012 6:44:15 PM - System Checkpoint
    RP1045: 7/30/2012 7:56:34 PM - System Checkpoint
    RP1046: 7/31/2012 8:36:53 PM - System Checkpoint
    RP1047: 8/2/2012 6:13:31 AM - System Checkpoint
    RP1048: 8/3/2012 11:48:04 AM - System Checkpoint
    RP1049: 8/3/2012 7:05:28 PM - Removed Security Update for CAPICOM (KB931906)
    RP1050: 8/4/2012 7:16:58 PM - System Checkpoint
    RP1051: 8/5/2012 7:55:57 PM - System Checkpoint
    RP1052: 8/6/2012 8:30:19 PM - System Checkpoint
    RP1053: 8/7/2012 6:28:17 PM - Installed FixCleaner
    RP1054: 8/7/2012 6:40:12 PM - Before Cleaning
    RP1055: 8/7/2012 7:03:09 PM - Installed Java(TM) 7 Update 5
    RP1056: 8/7/2012 7:03:34 PM - Installed JavaFX 2.1.1
    RP1057: 8/7/2012 7:06:44 PM - Before Updating
    RP1058: 8/7/2012 7:12:15 PM - Before Updating
    RP1059: 8/7/2012 7:25:57 PM - Before Updating
    RP1060: 8/7/2012 11:05:55 PM - Before Updating
    RP1061: 8/7/2012 11:25:31 PM - Before Updating
    RP1062: 8/9/2012 6:26:31 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Yahoo! Internet Mail
    ATT-AACE
    att.net Toolbar
    Bonjour
    CCleaner
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    Data Fax SoftModem with SmartCP
    Defraggler
    FixCleaner
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp instant support
    hp officejet k series
    Intel(R) Graphics Media Accelerator Driver
    Internet Explorer (Enable DEP)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 17
    Java(TM) 6 Update 4
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MobileMe Control Panel
    MSN Toolbar
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    OpenOffice.org 2.4
    Print Screen
    QuickTime
    QuickTime 3.0
    Realtek High Definition Audio Driver
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Spelling Dictionaries Support For Adobe Reader 9
    Su-Doku Quest
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinZip
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/8/2012 9:44:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    8/8/2012 8:42:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm
    8/8/2012 8:41:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/7/2012 7:29:52 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    8/5/2012 11:00:10 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    8/5/2012 10:58:20 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================

    Please excuse the use of four posts to submit these logs. All attempts of lengthier text, via the infected machine, were denied. Eventually, it became futile.
     
  6. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    System intermittantly hangs at various points during bootup sequence into normal, or Safe Mode.
    Experiences frequent redirects, and continuous freezing of both Safari and IE.
    Will attempt to install A\V, as system was without. Trend Micro Housecall scan found two trojans, and fixed. Problems however quickly returned, while consequently a subsequent scan, found no new infection.
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Sounds like quite a MBR infection...

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.