Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #16  
Old January 27th, 2012, 08:16 PM
abelinkin1988 abelinkin1988 is offline
New Member
 
Join Date: Jan 2012
Posts: 17
Here is the aswMBR.txt - Notepad


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-27 13:30:37
-----------------------------
13:30:37.384 OS Version: Windows 5.1.2600 Service Pack 3
13:30:37.384 Number of processors: 2 586 0xF0B
13:30:37.384 ComputerName: ABE UserName:
13:30:38.352 Initialize success
13:31:13.087 AVAST engine defs: 12012700
13:31:38.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
13:31:38.118 Disk 0 Vendor: WDC_WD2000JS-00MHB0 02.01C03 Size: 190782MB BusType: 3
13:31:38.134 Disk 0 MBR read successfully
13:31:38.134 Disk 0 MBR scan
13:31:38.165 Disk 0 Windows VISTA default MBR code
13:31:38.165 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset 63
13:31:38.165 Disk 0 scanning sectors +390700800
13:31:38.212 Disk 0 scanning C:\WINDOWS\system32\drivers
13:31:47.571 Service scanning
13:31:48.118 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
13:31:48.118 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
13:31:48.118 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
13:31:48.118 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
13:31:48.696 Modules scanning
13:32:17.837 Disk 0 trace - called modules:
13:32:17.868 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:32:18.165 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae37ab8]
13:32:18.165 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000079[0x8ae59f18]
13:32:18.165 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8ae78940]
13:32:18.556 AVAST engine scan C:\WINDOWS
13:32:30.509 AVAST engine scan C:\WINDOWS\system32
13:34:38.493 AVAST engine scan C:\WINDOWS\system32\drivers
13:34:55.368 AVAST engine scan C:\Documents and Settings\SHAHINIAN
13:58:05.540 AVAST engine scan C:\Documents and Settings\All Users
14:03:45.884 Scan finished successfully
14:08:34.134 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SHAHINIAN\Desktop\MBR.dat"
14:08:34.134 The log file has been saved successfully to "C:\Documents and Settings\SHAHINIAN\Desktop\aswMBR.txt"


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\

VirusTool address:
https://www.virustotal.com/file/56e6...is/1327691482/
Reply With Quote


  #17  
Old January 27th, 2012, 10:13 PM
abelinkin1988 abelinkin1988 is offline
New Member
 
Join Date: Jan 2012
Posts: 17
Quote:
Originally Posted by Aaflac View Post
Download ESET Online Scanner

Press the ESET Online Scanner download button
  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked.
  • Click Scan
  • Wait for the scan to finish
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your Desktop as: ESET Scan.

Please provide the contents of ESET Scan in your reply.
Here it is:

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\5ca8c050-21f81fb9 a variant of Win32/Kryptik.ZHA trojan
C:\Qoobox\Quarantine\C\Documents and Settings\SHAHINIAN\Application Data\0F60498E18424578FC73D2E6AF3A2604\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Qoobox\Quarantine\C\Documents and Settings\SHAHINIAN\Application Data\0F60498E18424578FC73D2E6AF3A2604\local.ini.vi r Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0110827.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0111827.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0111841.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0112827.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0112841.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0113827.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0113841.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0114827.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0114841.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0115827.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0115841.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0116827.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0116841.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0116845.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0116859.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0117845.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0117865.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP102\A0117906.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0118845.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0118859.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0119845.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0119859.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0120845.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0120859.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0121845.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0121859.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122845.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122859.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122863.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122877.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122879.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122893.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP104\A0122899.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP104\A0122913.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP105\A0123899.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP105\A0124540.sys a variant of Win32/Rootkit.Kryptik.HW trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP105\a0124579.exe a variant of Win32/Adware.HotBar.H application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0019809.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0020714.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0021714.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0022714.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0023714.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP50\A0024714.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP52\A0024882.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP53\A0024897.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP53\A0025897.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP53\A0026897.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP54\A0027897.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP54\A0028897.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP54\A0029897.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP54\A0030897.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP55\A0031897.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP57\A0032384.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP57\A0033374.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP57\A0034374.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP58\A0034557.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP60\A0035376.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP60\A0036374.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP60\A0036384.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP61\A0036460.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP62\A0037460.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP62\A0038457.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP63\A0039457.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP63\A0040458.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP63\A0041458.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP63\A0042457.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP64\A0042601.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP65\A0042639.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP66\A0043457.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP66\A0044457.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP66\A0045457.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP67\A0045470.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP67\A0046470.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP67\A0047473.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP68\A0048470.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP68\A0049470.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP69\A0049511.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP69\A0050511.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP70\A0050547.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP70\A0050558.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP70\A0051558.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP71\A0051678.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP71\A0052559.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP71\A0053558.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP72\A0053626.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP72\A0054626.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP72\A0055627.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP72\A0056626.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP74\A0057626.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP75\A0057638.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP76\A0057644.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP76\A0058638.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0058713.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0059638.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0059649.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0059660.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0059673.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0060673.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0060684.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0060695.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0060706.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0060717.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0061717.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0061725.exe a variant of Win32/Kryptik.WSK trojan
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0061736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP80\A0061927.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP81\A0062060.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0062742.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0063736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0064736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0065736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0066736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0067736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0068736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0069736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0070736.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0070747.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0071747.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0072747.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP84\A0072764.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP84\A0072775.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP84\A0073775.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP85\A0073796.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP86\A0073907.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP87\A0074776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP87\A0075776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP87\A0076776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP88\A0076903.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP88\A0077776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP89\A0077777.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP89\A0078776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP90\A0079776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP90\A0080776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP90\A0081776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP91\A0081777.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP91\A0082776.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP91\A0082789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP91\A0083789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP92\A0083816.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP92\A0084789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0084796.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0085789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0086789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0087789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0089788.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0090789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP94\A0091789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP94\A0092789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP94\A0093789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP95\A0093791.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP95\A0094789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP95\A0095789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP95\A0096789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0097789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0098789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0099789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0100789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0101789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0102789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0103789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0104789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0105789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0106789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0107789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0108789.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0108802.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP97\A0108816.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP97\A0109816.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP98\A0109837.exe a variant of Win32/HackKMS.A application
C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP99\A0109850.exe a variant of Win32/HackKMS.A application
C:\WINDOWS\Temp\p9pl1743884564326087037.tmp a variant of Win32/Kryptik.ZIK trojan

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\
You like my way of ending the text?
Reply With Quote
  #18  
Old January 28th, 2012, 05:15 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
There is no doubt as to where the text has ended.

The ESET scan shows taht most of those items are in Restore Points, or in ComboFix Qoobox..we will take care of those shortly.


What is puzzling is that aswMBR is showing:
Windows VISTA default MBR code

Isn't this machine running Microsoft Windows XP Home Edition?

Can you provide any info on this?

Also, please provide an update as to whether you are sill having malware problems.

Thanks.
Reply With Quote
  #19  
Old January 28th, 2012, 05:45 AM
abelinkin1988 abelinkin1988 is offline
New Member
 
Join Date: Jan 2012
Posts: 17
Yes, I'm running Windows XP Home Edition :\

But I have this problem where, at random times, my computer freezes up and automatically gives me a half of a second blue screen and restarts my computer. And I'm just tolerating this problem currently. I seem to be having this problem for about 5 months and counting... this problem is why i've downloaded Norton, and it doesn't seem to be any help. One of the times i performed a "Full System Scan", on Norton Internet Security, brought up 'Trojan.Zeroaccess!kmem' and that's when I came here since Norton pointed out it needed to be manually deleted, or resolved.

When I do another Full System Scan, the Trojan.Zeroaccess!kmem doesn't come up again. : \
I'm performing another one and I'll get you the latest report from the scan.
Reply With Quote
  #20  
Old January 28th, 2012, 08:39 PM
abelinkin1988 abelinkin1988 is offline
New Member
 
Join Date: Jan 2012
Posts: 17
This is what i got yesterday night, Jan 27 2012:

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Scan Statistics:
Scan Time: 772 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 199,012
- Files & Directories: 187,244
- Registry Entries: 475
- Processes & Start-up Items: 3,395
- Network & Browser Items: 7,889
- Other: 5
- Trusted Files: 4,433
- Skipped Files: 89,464

Total security risks detected: 0
Total items resolved: 0
Total items that require attention: 0

Resolved Threats:
No risks have been resolved

Unresolved Threats:
No unresolved risks

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\

and this is what i got today while using the internet:

Scan Statistics:
Scan Time: 281 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 149,893
- Files & Directories: 137,876
- Registry Entries: 475
- Processes & Start-up Items: 3,580
- Network & Browser Items: 7,953
- Other: 5
- Trusted Files: 4,477
- Skipped Files: 109,176

Total security risks detected: 8
Total items resolved: 8
Total items that require attention: 0

Resolved Threats:
8 Tracking Cookies
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Tracking Cookies
Status: Fully Resolved
-----------
8 Tracking Cookies
.doubleclick.net - Deleted
.apmebf.com - Deleted
.fastclick.net - Deleted
.quantserve.com - Deleted
.rubiconproject.com - Deleted
.pixel.rubiconproject.com - Deleted
- Deleted
- Deleted




Unresolved Threats:
No unresolved risks

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Reply With Quote
  #21  
Old January 29th, 2012, 07:40 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Norton just found some cookies, no threats are showing.

You may also be having some sort of Hardware issue causing the following:

Quote:
...at random times, my computer freezes up and automatically gives me a half of a second blue screen and restarts my computer...
Let's press on with some more cleaning...
Please download TFC to your Desktop.
  • Save any work in progress!! TFC closes open applications and removes unsaved work!! Close all windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.



Now, download Security Check

Save it to the Desktop.
Double-click SecurityCheck.exe and follow the onscreen instructions (on the black screen)
When done, a Notepad document opens automatically: checkup.txt

Please post the contents of checkup.txt in your reply.
Reply With Quote
  #22  
Old January 30th, 2012, 07:48 PM
abelinkin1988 abelinkin1988 is offline
New Member
 
Join Date: Jan 2012
Posts: 17
Finished !

Here's the status (checkup.txt),

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
Kaspersky Anti-Virus 2012
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 20
Out of date Java installed!
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Kaspersky Lab Kaspersky Anti-Virus 2012 avp.exe
``````````End of Log````````````

Once i read "Windows firewall disabled!" I went to Control Panel, and then to Windows Security Center. I noticed my firewall was on, but then I saw a Recommendation, button in the text. I clicked on it and it said 'Clear the checkbox below to have Windows monitor the status of your firewall.' And I did it, Should I do the same for the Virus Protection?


I should run the files, you gave me, every month? <--- That's awesome grammar, right there!

Last edited by abelinkin1988; January 30th, 2012 at 08:02 PM.
Reply With Quote
  #23  
Old January 31st, 2012, 03:06 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Please take care of the following. It is a vulnerability that you cannot afford to have:

Out of date Java installed!
Please verify the version of Java you have installed:
http://www.java.com/en/download/installed.jsp

If your version of Java is outdated, it needs to be updated to eliminate security vulnerabilities.
When done, uninstall older versions:
http://www.java.com/en/download/uninstall.jsp



On:
Quote:
Once i read "Windows firewall disabled!" I went to Control Panel, and then to Windows Security Center.
I noticed my firewall was on, but then I saw a Recommendation, button in the text.
I clicked on it and it said 'Clear the checkbox below to have Windows monitor the status of your firewall.'
And I did it, Should I do the same for the Virus Protection?

Aren't you using Norton Internet Security for your AV and Firewall?

Do you also have Kaspersky Anti-Virus 2012 installed?

Having two AV programs runnning at the same time is counter-productive. Instead of more protection you end up with less.
Please uninstall whichever program you decide not to use, and restart the computer.

If you are using Norton Internet Security, with both an AV and a Firewall, hence, the reason why the Windows Firewall is turned off.

On the option to 'Clear the checkbox below to have Windows monitor the status of your AntiVirus', do not know if that option is provided if you run Norton Internet Security. Norton products have a tendency to "do their own thing".
Reply With Quote
  #24  
Old February 2nd, 2012, 05:55 PM
abelinkin1988 abelinkin1988 is offline
New Member
 
Join Date: Jan 2012
Posts: 17
Damn, my Norton is going to expire. Any advice for a replacement? : \ I don't believe in buying anti virus, so I hope you might know the best free security system.
Reply With Quote
  #25  
Old February 3rd, 2012, 04:17 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
What is the status of Kaspersky Anti-Virus 2012 ?
It shows as installed.

Can provide you with some free AV links, but please clarify what goes on with the above.
Reply With Quote
  #26  
Old February 3rd, 2012, 10:04 PM
abelinkin1988 abelinkin1988 is offline
New Member
 
Join Date: Jan 2012
Posts: 17
Well, I followed your advice to uninstalled it because I have Norton. Now when Norton expires, i should go where?
Reply With Quote
  #27  
Old February 4th, 2012, 02:39 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
The following free AVs are available:
(You may find more doing a Google search.)

Avast! Free: http://www.avast.com/free-antivirus-download

Microsoft Security Essentials: http://www.microsoft.com/security/pc-security/mse.aspx

Avira AntiVir: http://www.avira.com/en/avira-free-antivirus
(Note - installs a version of the adware/spyware Ask Toolbar. Suggest you Uncheck this options when installing).

Have used Avast! for years, without any problems.

The search for a 'perfect' antivirus program has been going on for quite some time. The different programs have virus definitions that vary, and it seems as if most of the time AV programs are playing 'catch-up'. A virus is created, and the Antivirus then develops a definition for it. There is such a thing as heuristic analysis, but, viruses are constantly changing and evolving.

The main thing to remember is not to run more than one AV.
The following is quoted from quietman7, a well known Malware Analyst in the Security Forums:
Quote:
Each anti-virus will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to a "False Positive". If one finds a virus and then the other also finds the same virus, both programs will be competing over exclusive rights on dealing with that virus. Each anti-virus will attempt to remove the offending file and quarantine it. If one finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a virus has been found when that is not the case.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:15 AM.