|
#16
January 27th, 2012, 07:16 PM
|
|||
|
|||
|
Here is the aswMBR.txt - Notepad
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software Run date: 2012-01-27 13:30:37 ----------------------------- 13:30:37.384 OS Version: Windows 5.1.2600 Service Pack 3 13:30:37.384 Number of processors: 2 586 0xF0B 13:30:37.384 ComputerName: ABE UserName: 13:30:38.352 Initialize success 13:31:13.087 AVAST engine defs: 12012700 13:31:38.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 13:31:38.118 Disk 0 Vendor: WDC_WD2000JS-00MHB0 02.01C03 Size: 190782MB BusType: 3 13:31:38.134 Disk 0 MBR read successfully 13:31:38.134 Disk 0 MBR scan 13:31:38.165 Disk 0 Windows VISTA default MBR code 13:31:38.165 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset 63 13:31:38.165 Disk 0 scanning sectors +390700800 13:31:38.212 Disk 0 scanning C:\WINDOWS\system32\drivers 13:31:47.571 Service scanning 13:31:48.118 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5 13:31:48.118 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5 13:31:48.118 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5 13:31:48.118 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5 13:31:48.696 Modules scanning 13:32:17.837 Disk 0 trace - called modules: 13:32:17.868 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 13:32:18.165 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae37ab8] 13:32:18.165 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000079[0x8ae59f18] 13:32:18.165 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8ae78940] 13:32:18.556 AVAST engine scan C:\WINDOWS 13:32:30.509 AVAST engine scan C:\WINDOWS\system32 13:34:38.493 AVAST engine scan C:\WINDOWS\system32\drivers 13:34:55.368 AVAST engine scan C:\Documents and Settings\SHAHINIAN 13:58:05.540 AVAST engine scan C:\Documents and Settings\All Users 14:03:45.884 Scan finished successfully 14:08:34.134 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SHAHINIAN\Desktop\MBR.dat" 14:08:34.134 The log file has been saved successfully to "C:\Documents and Settings\SHAHINIAN\Desktop\aswMBR.txt" \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\ VirusTool address: https://www.virustotal.com/file/56e6...is/1327691482/ 
|
|
#17
January 27th, 2012, 09:13 PM
|
|||
|
|||
|
Quote:
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\5ca8c050-21f81fb9 a variant of Win32/Kryptik.ZHA trojan C:\Qoobox\Quarantine\C\Documents and Settings\SHAHINIAN\Application Data\0F60498E18424578FC73D2E6AF3A2604\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application C:\Qoobox\Quarantine\C\Documents and Settings\SHAHINIAN\Application Data\0F60498E18424578FC73D2E6AF3A2604\local.ini.vi r Win32/Adware.AntimalwareDoctor.AE.Gen application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0110827.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0111827.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0111841.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0112827.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0112841.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0113827.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0113841.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0114827.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP100\A0114841.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0115827.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0115841.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0116827.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0116841.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0116845.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0116859.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0117845.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP101\A0117865.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP102\A0117906.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0118845.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0118859.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0119845.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0119859.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0120845.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0120859.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0121845.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0121859.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122845.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122859.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122863.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122877.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122879.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP103\A0122893.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP104\A0122899.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP104\A0122913.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP105\A0123899.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP105\A0124540.sys a variant of Win32/Rootkit.Kryptik.HW trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP105\a0124579.exe a variant of Win32/Adware.HotBar.H application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0019809.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0020714.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0021714.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0022714.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP49\A0023714.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP50\A0024714.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP52\A0024882.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP53\A0024897.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP53\A0025897.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP53\A0026897.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP54\A0027897.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP54\A0028897.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP54\A0029897.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP54\A0030897.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP55\A0031897.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP57\A0032384.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP57\A0033374.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP57\A0034374.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP58\A0034557.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP60\A0035376.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP60\A0036374.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP60\A0036384.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP61\A0036460.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP62\A0037460.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP62\A0038457.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP63\A0039457.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP63\A0040458.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP63\A0041458.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP63\A0042457.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP64\A0042601.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP65\A0042639.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP66\A0043457.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP66\A0044457.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP66\A0045457.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP67\A0045470.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP67\A0046470.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP67\A0047473.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP68\A0048470.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP68\A0049470.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP69\A0049511.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP69\A0050511.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP70\A0050547.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP70\A0050558.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP70\A0051558.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP71\A0051678.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP71\A0052559.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP71\A0053558.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP72\A0053626.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP72\A0054626.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP72\A0055627.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP72\A0056626.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP74\A0057626.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP75\A0057638.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP76\A0057644.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP76\A0058638.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0058713.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0059638.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0059649.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0059660.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0059673.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0060673.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0060684.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP77\A0060695.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0060706.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0060717.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0061717.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0061725.exe a variant of Win32/Kryptik.WSK trojan C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP78\A0061736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP80\A0061927.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP81\A0062060.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0062742.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0063736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0064736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0065736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0066736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0067736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP82\A0068736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0069736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0070736.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0070747.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0071747.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP83\A0072747.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP84\A0072764.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP84\A0072775.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP84\A0073775.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP85\A0073796.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP86\A0073907.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP87\A0074776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP87\A0075776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP87\A0076776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP88\A0076903.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP88\A0077776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP89\A0077777.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP89\A0078776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP90\A0079776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP90\A0080776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP90\A0081776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP91\A0081777.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP91\A0082776.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP91\A0082789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP91\A0083789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP92\A0083816.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP92\A0084789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0084796.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0085789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0086789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0087789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0089788.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP93\A0090789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP94\A0091789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP94\A0092789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP94\A0093789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP95\A0093791.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP95\A0094789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP95\A0095789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP95\A0096789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0097789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0098789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0099789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0100789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0101789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0102789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0103789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0104789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0105789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0106789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0107789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0108789.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP96\A0108802.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP97\A0108816.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP97\A0109816.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP98\A0109837.exe a variant of Win32/HackKMS.A application C:\System Volume Information\_restore{A698A5C7-C9D1-416F-AD55-CDDA570B7F06}\RP99\A0109850.exe a variant of Win32/HackKMS.A application C:\WINDOWS\Temp\p9pl1743884564326087037.tmp a variant of Win32/Kryptik.ZIK trojan \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\ You like my way of ending the text? 
|
|
#18
January 28th, 2012, 04:15 AM
|
||||
|
||||
|
There is no doubt as to where the text has ended.
 The ESET scan shows taht most of those items are in Restore Points, or in ComboFix Qoobox..we will take care of those shortly. What is puzzling is that aswMBR is showing: Windows VISTA default MBR code Isn't this machine running Microsoft Windows XP Home Edition? Can you provide any info on this? Also, please provide an update as to whether you are sill having malware problems. Thanks.
|
|
#19
January 28th, 2012, 04:45 AM
|
|||
|
|||
|
Yes, I'm running Windows XP Home Edition :\
But I have this problem where, at random times, my computer freezes up and automatically gives me a half of a second blue screen and restarts my computer. And I'm just tolerating this problem currently. I seem to be having this problem for about 5 months and counting...  this problem is why i've downloaded Norton, and it doesn't seem to be any help. One of the times i performed a "Full System Scan", on Norton Internet Security, brought up 'Trojan.Zeroaccess!kmem' and that's when I came here since Norton pointed out it needed to be manually deleted, or resolved. When I do another Full System Scan, the Trojan.Zeroaccess!kmem doesn't come up again. : \ I'm performing another one and I'll get you the latest report from the scan.
|
|
#20
January 28th, 2012, 07:39 PM
|
|||
|
|||
|
This is what i got yesterday night, Jan 27 2012:
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Scan Statistics: Scan Time: 772 seconds Scan Targets: Entire computer Counts: Total items scanned: 199,012 - Files & Directories: 187,244 - Registry Entries: 475 - Processes & Start-up Items: 3,395 - Network & Browser Items: 7,889 - Other: 5 - Trusted Files: 4,433 - Skipped Files: 89,464 Total security risks detected: 0 Total items resolved: 0 Total items that require attention: 0 Resolved Threats: No risks have been resolved Unresolved Threats: No unresolved risks \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\ and this is what i got today while using the internet: Scan Statistics: Scan Time: 281 seconds Scan Targets: Entire computer Counts: Total items scanned: 149,893 - Files & Directories: 137,876 - Registry Entries: 475 - Processes & Start-up Items: 3,580 - Network & Browser Items: 7,953 - Other: 5 - Trusted Files: 4,477 - Skipped Files: 109,176 Total security risks detected: 8 Total items resolved: 8 Total items that require attention: 0 Resolved Threats: 8 Tracking Cookies Type: Anomaly Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy) Categories: Tracking Cookies Status: Fully Resolved ----------- 8 Tracking Cookies .doubleclick.net - Deleted .apmebf.com - Deleted .fastclick.net - Deleted .quantserve.com - Deleted .rubiconproject.com - Deleted .pixel.rubiconproject.com - Deleted - Deleted - Deleted Unresolved Threats: No unresolved risks \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
|
|
#21
January 29th, 2012, 06:40 PM
|
||||
|
||||
|
Norton just found some cookies, no threats are showing.
You may also be having some sort of Hardware issue causing the following: Quote:
Please download TFC to your Desktop.
Now, download Security Check Save it to the Desktop. Double-click SecurityCheck.exe and follow the onscreen instructions (on the black screen) When done, a Notepad document opens automatically: checkup.txt Please post the contents of checkup.txt in your reply.
|
|
#22
January 30th, 2012, 06:48 PM
|
|||
|
|||
|
Finished !
Here's the status (checkup.txt), \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\ Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Kaspersky Anti-Virus 2012 Norton Internet Security ``````````````````````````````` Anti-malware/Other Utilities Check: Java(TM) 6 Update 20 Out of date Java installed! Adobe Flash Player 11.0.1.152 ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Kaspersky Lab Kaspersky Anti-Virus 2012 avp.exe ``````````End of Log```````````` Once i read "Windows firewall disabled!" I went to Control Panel, and then to Windows Security Center. I noticed my firewall was on, but then I saw a Recommendation, button in the text. I clicked on it and it said 'Clear the checkbox below to have Windows monitor the status of your firewall.' And I did it, Should I do the same for the Virus Protection?I should run the files, you gave me, every month? <--- That's awesome grammar, right there! Last edited by abelinkin1988; January 30th, 2012 at 07:02 PM.
|
|
#23
January 31st, 2012, 02:06 AM
|
||||
|
||||
|
Please take care of the following. It is a vulnerability that you cannot afford to have:
Out of date Java installed! Please verify the version of Java you have installed: http://www.java.com/en/download/installed.jsp If your version of Java is outdated, it needs to be updated to eliminate security vulnerabilities. When done, uninstall older versions: http://www.java.com/en/download/uninstall.jsp On: Quote:
Aren't you using Norton Internet Security for your AV and Firewall? Do you also have Kaspersky Anti-Virus 2012 installed? Having two AV programs runnning at the same time is counter-productive. Instead of more protection you end up with less. Please uninstall whichever program you decide not to use, and restart the computer. If you are using Norton Internet Security, with both an AV and a Firewall, hence, the reason why the Windows Firewall is turned off. On the option to 'Clear the checkbox below to have Windows monitor the status of your AntiVirus', do not know if that option is provided if you run Norton Internet Security. Norton products have a tendency to "do their own thing".
|
|
#24
February 2nd, 2012, 04:55 PM
|
|||
|
|||
|
Damn, my Norton is going to expire. Any advice for a replacement? : \ I don't believe in buying anti virus, so I hope you might know the best free security system.
|
|
#26
February 3rd, 2012, 09:04 PM
|
|||
|
|||
|
Well, I followed your advice to uninstalled it because I have Norton. Now when Norton expires, i should go where?
|
|
#27
February 4th, 2012, 01:39 AM
|
||||
|
||||
|
The following free AVs are available:
(You may find more doing a Google search.) Avast! Free: http://www.avast.com/free-antivirus-download Microsoft Security Essentials: http://www.microsoft.com/security/pc-security/mse.aspx Avira AntiVir: http://www.avira.com/en/avira-free-antivirus (Note - installs a version of the adware/spyware Ask Toolbar. Suggest you Uncheck this options when installing). Have used Avast! for years, without any problems. The search for a 'perfect' antivirus program has been going on for quite some time. The different programs have virus definitions that vary, and it seems as if most of the time AV programs are playing 'catch-up'. A virus is created, and the Antivirus then develops a definition for it. There is such a thing as heuristic analysis, but, viruses are constantly changing and evolving. The main thing to remember is not to run more than one AV. The following is quoted from quietman7, a well known Malware Analyst in the Security Forums: Quote:
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 06:39 PM.
