This topic is lockedAttached Files
-
events.txt 183.77KB
124 downloads
-
application.txt 183.1KB
121 downloads
Edited by Steviep, 31 December 2011 - 01:39 PM.
TR/ATRAPS. Gen2 Virus [Solved]
Started by
Steviep
, Dec 30 2011 01:51 PM
#31
Posted 31 December 2011 - 01:35 PM
Steviep
- Topic Starter
-
- Member
-
- 338 posts
Member
#32
Posted 31 December 2011 - 04:53 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
May be a bit on this as I need to do a bit deeper research
#33
Posted 31 December 2011 - 04:57 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Do you have access to another xp machine ?
If so we can export the registry entry for that to the sick one
If so we can export the registry entry for that to the sick one
#34
Posted 31 December 2011 - 05:06 PM
Steviep
- Topic Starter
-
- Member
-
- 338 posts
Member
Yes i do, my desktop
#35
Posted 31 December 2011 - 05:21 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK we could be cooking 
Could you open regedit on the good system and navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp
Right click the key and select Export
When the save dialogue opens save it to your desktop as dhcp
Copy this to the infected system desktop
Right click dhcp.reg and select merge
Check that the DHCP service is set to automatic start in the services part of administrative tools
Reboot and let me know the result
Could you open regedit on the good system and navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp
Right click the key and select Export
When the save dialogue opens save it to your desktop as dhcp
Copy this to the infected system desktop
Right click dhcp.reg and select merge
Check that the DHCP service is set to automatic start in the services part of administrative tools
Reboot and let me know the result
#36
Posted 31 December 2011 - 05:45 PM
Steviep
- Topic Starter
-
- Member
-
- 338 posts
Member
Hi,
Still the same I'm afraid acquiring network address and the DHCP Client is not started in services
Still the same I'm afraid acquiring network address and the DHCP Client is not started in services
#37
Posted 01 January 2012 - 05:11 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
'Tis definitely a mystery this one ...
OK lets now run all the tests for net connection in one fell swoop
Please copy all in the below quote box:
Save as type All Files to Desktop.
Once saved transfer to the infected computer's Desktop.
Click the file and post back the text file it produces please.
The text file will be located here: C:\MyNICDetails.txt
OK lets now run all the tests for net connection in one fell swoop
Please copy all in the below quote box:
Save in Notepad as "MyNICDetails.bat" with the quote marks.@echo off
echo Please post back the %SystemDrive%\MyNICDetails.txt on your next reply
echo.
echo CheckMyNIC by AdvancedSetup >%SystemDrive%\MyNICDetails.txt
echo ... >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc RPCSS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex RPCSS >>%SystemDrive%\MyNICDetails.txt
pause
Save as type All Files to Desktop.
Once saved transfer to the infected computer's Desktop.
Click the file and post back the text file it produces please.
The text file will be located here: C:\MyNICDetails.txt
#38
Posted 01 January 2012 - 07:52 AM
Steviep
- Topic Starter
-
- Member
-
- 338 posts
Member
Hi happy new year:0)
I've not tried your latest instructions yet as last night my anti virus threw up lots of viruses and it appears that my desktop pc is also infected. should i run your last instructions or would you like to see the anti virus log?
I've not tried your latest instructions yet as last night my anti virus threw up lots of viruses and it appears that my desktop pc is also infected. should i run your last instructions or would you like to see the anti virus log?
#39
Posted 01 January 2012 - 10:24 AM
Steviep
- Topic Starter
-
- Member
-
- 338 posts
Member
CheckMyNIC by AdvancedSetup
...
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 4
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES : IPSec
SERVICE_START_NAME :
SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : AFD
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 6
DISPLAY_NAME : NetBios over Tcpip
DEPENDENCIES : Tcpip
SERVICE_START_NAME :
SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 1
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1000
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 664
FLAGS : RUNS_IN_SYSTEM_PROCESS
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 5
DISPLAY_NAME : IPSEC driver
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 884
FLAGS :
...
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 4
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES : IPSec
SERVICE_START_NAME :
SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : AFD
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 6
DISPLAY_NAME : NetBios over Tcpip
DEPENDENCIES : Tcpip
SERVICE_START_NAME :
SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 1
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1000
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 664
FLAGS : RUNS_IN_SYSTEM_PROCESS
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 924
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 5
DISPLAY_NAME : IPSEC driver
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 884
FLAGS :
#40
Posted 01 January 2012 - 01:22 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
I would like to check out the MBR, could you run this and post the virus log please
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#41
Posted 01 January 2012 - 02:10 PM
Steviep
- Topic Starter
-
- Member
-
- 338 posts
Member
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-01 20:08:32
-----------------------------
20:08:32.937 OS Version: Windows 5.1.2600 Service Pack 3
20:08:32.937 Number of processors: 2 586 0x170A
20:08:32.937 ComputerName: E6400 UserName:
20:08:33.718 Initialize success
20:08:43.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:08:43.828 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 8
20:08:43.859 Disk 0 MBR read successfully
20:08:43.859 Disk 0 MBR scan
20:08:43.859 Disk 0 Windows XP default MBR code
20:08:43.859 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:08:43.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238425 MB offset 80325
20:08:43.875 Disk 0 scanning sectors +488376000
20:08:43.937 Disk 0 scanning C:\WINDOWS\system32\drivers
20:08:51.578 Service scanning
20:08:52.921 Modules scanning
20:08:59.046 Disk 0 trace - called modules:
20:08:59.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:08:59.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7da558]
20:08:59.078 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a7ef028]
20:08:59.078 Scan finished successfully
20:09:08.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gillian\Desktop\MBR.dat"
20:09:08.062 The log file has been saved successfully to "C:\Documents and Settings\Gillian\Desktop\aswMBR.txt"
Run date: 2012-01-01 20:08:32
-----------------------------
20:08:32.937 OS Version: Windows 5.1.2600 Service Pack 3
20:08:32.937 Number of processors: 2 586 0x170A
20:08:32.937 ComputerName: E6400 UserName:
20:08:33.718 Initialize success
20:08:43.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:08:43.828 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 8
20:08:43.859 Disk 0 MBR read successfully
20:08:43.859 Disk 0 MBR scan
20:08:43.859 Disk 0 Windows XP default MBR code
20:08:43.859 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:08:43.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238425 MB offset 80325
20:08:43.875 Disk 0 scanning sectors +488376000
20:08:43.937 Disk 0 scanning C:\WINDOWS\system32\drivers
20:08:51.578 Service scanning
20:08:52.921 Modules scanning
20:08:59.046 Disk 0 trace - called modules:
20:08:59.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:08:59.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7da558]
20:08:59.078 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a7ef028]
20:08:59.078 Scan finished successfully
20:09:08.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gillian\Desktop\MBR.dat"
20:09:08.062 The log file has been saved successfully to "C:\Documents and Settings\Gillian\Desktop\aswMBR.txt"
#42
Posted 01 January 2012 - 02:22 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Definitely a mystery as th eMBR shows OK, all the NIC services are correct
Could you post the virus log please
Could you post the virus log please
#43
Posted 01 January 2012 - 02:33 PM
Steviep
- Topic Starter
-
- Member
-
- 338 posts
Member
Avira Free Antivirus
Report file date: 01 January 2012 00:08
Scanning for 3000859 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : E6400
Version information:
BUILD.DAT : 12.0.0.872 41826 Bytes 15/12/2011 17:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25/10/2011 18:18:44
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23/09/2011 12:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 11/10/2011 14:00:17
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 08/12/2011 15:18:10
AVREG.DLL : 12.1.0.27 227536 Bytes 10/12/2011 23:49:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 16:51:17
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 16:51:17
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 16:51:17
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 16:51:17
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 16:51:17
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 16:51:17
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 16:51:17
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 16:51:17
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 16:51:17
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 16:51:17
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 16:51:17
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 16:51:17
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 16:51:17
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 16:51:17
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 16:51:17
VBASE017.VDF : 7.11.20.71 2048 Bytes 29/12/2011 16:51:17
VBASE018.VDF : 7.11.20.72 2048 Bytes 29/12/2011 16:51:17
VBASE019.VDF : 7.11.20.73 2048 Bytes 29/12/2011 16:51:17
VBASE020.VDF : 7.11.20.74 2048 Bytes 29/12/2011 16:51:17
VBASE021.VDF : 7.11.20.75 2048 Bytes 29/12/2011 16:51:17
VBASE022.VDF : 7.11.20.76 2048 Bytes 29/12/2011 16:51:17
VBASE023.VDF : 7.11.20.77 2048 Bytes 29/12/2011 16:51:17
VBASE024.VDF : 7.11.20.78 2048 Bytes 29/12/2011 16:51:17
VBASE025.VDF : 7.11.20.79 2048 Bytes 29/12/2011 16:51:17
VBASE026.VDF : 7.11.20.80 2048 Bytes 29/12/2011 16:51:17
VBASE027.VDF : 7.11.20.81 2048 Bytes 29/12/2011 16:51:17
VBASE028.VDF : 7.11.20.82 2048 Bytes 29/12/2011 16:51:17
VBASE029.VDF : 7.11.20.83 2048 Bytes 29/12/2011 16:51:17
VBASE030.VDF : 7.11.20.84 2048 Bytes 29/12/2011 16:51:17
VBASE031.VDF : 7.11.20.97 132608 Bytes 30/12/2011 16:51:17
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 25/10/2011 18:18:43
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 31/12/2011 16:51:17
AESCN.DLL : 8.1.7.2 127349 Bytes 01/09/2011 22:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 03/12/2011 11:46:41
AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 22:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13/12/2011 12:14:35
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 31/12/2011 16:51:17
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 31/12/2011 16:51:17
AEHELP.DLL : 8.1.18.0 254327 Bytes 25/10/2011 18:18:35
AEGEN.DLL : 8.1.5.17 405877 Bytes 10/12/2011 23:49:48
AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 22:46:01
AECORE.DLL : 8.1.24.3 201079 Bytes 31/12/2011 16:51:17
AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11/10/2011 14:00:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 11/10/2011 14:00:09
AVREP.DLL : 12.1.0.17 179408 Bytes 11/10/2011 14:00:09
AVARKT.DLL : 12.1.0.19 208848 Bytes 08/12/2011 15:17:59
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11/10/2011 14:00:08
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11/10/2011 14:00:22
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11/10/2011 14:00:10
NETNT.DLL : 12.1.0.17 17104 Bytes 11/10/2011 14:00:18
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 11/10/2011 14:00:31
RCTEXT.DLL : 12.1.1.16 96208 Bytes 31/12/2011 16:51:17
Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4eff9e22\guard_slideup.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Start of the scan: 01 January 2012 00:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AESTFltr.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.exe' - '1' Module(s) have been scanned
Scan process 'DiskDefrag.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162153.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162153.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '4cdb056b.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162173.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162173.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '544c2acc.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0163173.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0163173.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '06137024.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0163191.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0163191.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '60243fe6.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP358\A0163258.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP358\A0163258.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '25a012d8.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP358\A0163286.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP358\A0163286.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '5abb20b9.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP359\A0163310.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP359\A0163310.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '16030cf3.qua'.
End of the scan: 01 January 2012 00:09
Used time: 00:06 Minute(s)
The scan has been done completely.
0 Scanned directories
48 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
41 Files not concerned
0 Archives were scanned
0 Warnings
7 Notes
Report file date: 01 January 2012 00:08
Scanning for 3000859 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : E6400
Version information:
BUILD.DAT : 12.0.0.872 41826 Bytes 15/12/2011 17:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25/10/2011 18:18:44
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23/09/2011 12:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 11/10/2011 14:00:17
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 08/12/2011 15:18:10
AVREG.DLL : 12.1.0.27 227536 Bytes 10/12/2011 23:49:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 16:51:17
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 16:51:17
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 16:51:17
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 16:51:17
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 16:51:17
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 16:51:17
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 16:51:17
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 16:51:17
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 16:51:17
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 16:51:17
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 16:51:17
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 16:51:17
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 16:51:17
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 16:51:17
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 16:51:17
VBASE017.VDF : 7.11.20.71 2048 Bytes 29/12/2011 16:51:17
VBASE018.VDF : 7.11.20.72 2048 Bytes 29/12/2011 16:51:17
VBASE019.VDF : 7.11.20.73 2048 Bytes 29/12/2011 16:51:17
VBASE020.VDF : 7.11.20.74 2048 Bytes 29/12/2011 16:51:17
VBASE021.VDF : 7.11.20.75 2048 Bytes 29/12/2011 16:51:17
VBASE022.VDF : 7.11.20.76 2048 Bytes 29/12/2011 16:51:17
VBASE023.VDF : 7.11.20.77 2048 Bytes 29/12/2011 16:51:17
VBASE024.VDF : 7.11.20.78 2048 Bytes 29/12/2011 16:51:17
VBASE025.VDF : 7.11.20.79 2048 Bytes 29/12/2011 16:51:17
VBASE026.VDF : 7.11.20.80 2048 Bytes 29/12/2011 16:51:17
VBASE027.VDF : 7.11.20.81 2048 Bytes 29/12/2011 16:51:17
VBASE028.VDF : 7.11.20.82 2048 Bytes 29/12/2011 16:51:17
VBASE029.VDF : 7.11.20.83 2048 Bytes 29/12/2011 16:51:17
VBASE030.VDF : 7.11.20.84 2048 Bytes 29/12/2011 16:51:17
VBASE031.VDF : 7.11.20.97 132608 Bytes 30/12/2011 16:51:17
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 25/10/2011 18:18:43
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 31/12/2011 16:51:17
AESCN.DLL : 8.1.7.2 127349 Bytes 01/09/2011 22:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 03/12/2011 11:46:41
AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 22:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13/12/2011 12:14:35
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 31/12/2011 16:51:17
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 31/12/2011 16:51:17
AEHELP.DLL : 8.1.18.0 254327 Bytes 25/10/2011 18:18:35
AEGEN.DLL : 8.1.5.17 405877 Bytes 10/12/2011 23:49:48
AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 22:46:01
AECORE.DLL : 8.1.24.3 201079 Bytes 31/12/2011 16:51:17
AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11/10/2011 14:00:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 11/10/2011 14:00:09
AVREP.DLL : 12.1.0.17 179408 Bytes 11/10/2011 14:00:09
AVARKT.DLL : 12.1.0.19 208848 Bytes 08/12/2011 15:17:59
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11/10/2011 14:00:08
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11/10/2011 14:00:22
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11/10/2011 14:00:10
NETNT.DLL : 12.1.0.17 17104 Bytes 11/10/2011 14:00:18
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 11/10/2011 14:00:31
RCTEXT.DLL : 12.1.1.16 96208 Bytes 31/12/2011 16:51:17
Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4eff9e22\guard_slideup.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Start of the scan: 01 January 2012 00:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AESTFltr.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.exe' - '1' Module(s) have been scanned
Scan process 'DiskDefrag.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162153.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162153.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '4cdb056b.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162173.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162173.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '544c2acc.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0163173.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0163173.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '06137024.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0163191.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0163191.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '60243fe6.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP358\A0163258.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP358\A0163258.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '25a012d8.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP358\A0163286.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP358\A0163286.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '5abb20b9.qua'.
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP359\A0163310.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP359\A0163310.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '16030cf3.qua'.
End of the scan: 01 January 2012 00:09
Used time: 00:06 Minute(s)
The scan has been done completely.
0 Scanned directories
48 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
41 Files not concerned
0 Archives were scanned
0 Warnings
7 Notes
#44
Posted 01 January 2012 - 02:34 PM
Steviep
- Topic Starter
-
- Member
-
- 338 posts
Member
Avira Free Antivirus
Report file date: 01 January 2012 00:08
Scanning for 3000859 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : E6400
Version information:
BUILD.DAT : 12.0.0.872 41826 Bytes 15/12/2011 17:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25/10/2011 18:18:44
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23/09/2011 12:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 11/10/2011 14:00:17
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 08/12/2011 15:18:10
AVREG.DLL : 12.1.0.27 227536 Bytes 10/12/2011 23:49:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 16:51:17
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 16:51:17
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 16:51:17
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 16:51:17
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 16:51:17
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 16:51:17
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 16:51:17
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 16:51:17
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 16:51:17
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 16:51:17
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 16:51:17
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 16:51:17
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 16:51:17
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 16:51:17
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 16:51:17
VBASE017.VDF : 7.11.20.71 2048 Bytes 29/12/2011 16:51:17
VBASE018.VDF : 7.11.20.72 2048 Bytes 29/12/2011 16:51:17
VBASE019.VDF : 7.11.20.73 2048 Bytes 29/12/2011 16:51:17
VBASE020.VDF : 7.11.20.74 2048 Bytes 29/12/2011 16:51:17
VBASE021.VDF : 7.11.20.75 2048 Bytes 29/12/2011 16:51:17
VBASE022.VDF : 7.11.20.76 2048 Bytes 29/12/2011 16:51:17
VBASE023.VDF : 7.11.20.77 2048 Bytes 29/12/2011 16:51:17
VBASE024.VDF : 7.11.20.78 2048 Bytes 29/12/2011 16:51:17
VBASE025.VDF : 7.11.20.79 2048 Bytes 29/12/2011 16:51:17
VBASE026.VDF : 7.11.20.80 2048 Bytes 29/12/2011 16:51:17
VBASE027.VDF : 7.11.20.81 2048 Bytes 29/12/2011 16:51:17
VBASE028.VDF : 7.11.20.82 2048 Bytes 29/12/2011 16:51:17
VBASE029.VDF : 7.11.20.83 2048 Bytes 29/12/2011 16:51:17
VBASE030.VDF : 7.11.20.84 2048 Bytes 29/12/2011 16:51:17
VBASE031.VDF : 7.11.20.97 132608 Bytes 30/12/2011 16:51:17
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 25/10/2011 18:18:43
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 31/12/2011 16:51:17
AESCN.DLL : 8.1.7.2 127349 Bytes 01/09/2011 22:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 03/12/2011 11:46:41
AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 22:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13/12/2011 12:14:35
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 31/12/2011 16:51:17
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 31/12/2011 16:51:17
AEHELP.DLL : 8.1.18.0 254327 Bytes 25/10/2011 18:18:35
AEGEN.DLL : 8.1.5.17 405877 Bytes 10/12/2011 23:49:48
AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 22:46:01
AECORE.DLL : 8.1.24.3 201079 Bytes 31/12/2011 16:51:17
AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11/10/2011 14:00:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 11/10/2011 14:00:09
AVREP.DLL : 12.1.0.17 179408 Bytes 11/10/2011 14:00:09
AVARKT.DLL : 12.1.0.19 208848 Bytes 08/12/2011 15:17:59
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11/10/2011 14:00:08
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11/10/2011 14:00:22
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11/10/2011 14:00:10
NETNT.DLL : 12.1.0.17 17104 Bytes 11/10/2011 14:00:18
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 11/10/2011 14:00:31
RCTEXT.DLL : 12.1.1.16 96208 Bytes 31/12/2011 16:51:17
Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4eff9e22\guard_slideup.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Start of the scan: 01 January 2012 00:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AESTFltr.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.exe' - '1' Module(s) have been scanned
Scan process 'DiskDefrag.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162139.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162139.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '4cdb057c.qua'.
End of the scan: 01 January 2012 00:08
Used time: 00:09 Minute(s)
The scan has been done completely.
0 Scanned directories
42 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
41 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
Report file date: 01 January 2012 00:08
Scanning for 3000859 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : E6400
Version information:
BUILD.DAT : 12.0.0.872 41826 Bytes 15/12/2011 17:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25/10/2011 18:18:44
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23/09/2011 12:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 11/10/2011 14:00:17
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 08/12/2011 15:18:10
AVREG.DLL : 12.1.0.27 227536 Bytes 10/12/2011 23:49:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 16:51:17
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 16:51:17
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 16:51:17
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 16:51:17
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 16:51:17
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 16:51:17
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 16:51:17
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 16:51:17
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 16:51:17
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 16:51:17
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 16:51:17
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 16:51:17
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 16:51:17
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 16:51:17
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 16:51:17
VBASE017.VDF : 7.11.20.71 2048 Bytes 29/12/2011 16:51:17
VBASE018.VDF : 7.11.20.72 2048 Bytes 29/12/2011 16:51:17
VBASE019.VDF : 7.11.20.73 2048 Bytes 29/12/2011 16:51:17
VBASE020.VDF : 7.11.20.74 2048 Bytes 29/12/2011 16:51:17
VBASE021.VDF : 7.11.20.75 2048 Bytes 29/12/2011 16:51:17
VBASE022.VDF : 7.11.20.76 2048 Bytes 29/12/2011 16:51:17
VBASE023.VDF : 7.11.20.77 2048 Bytes 29/12/2011 16:51:17
VBASE024.VDF : 7.11.20.78 2048 Bytes 29/12/2011 16:51:17
VBASE025.VDF : 7.11.20.79 2048 Bytes 29/12/2011 16:51:17
VBASE026.VDF : 7.11.20.80 2048 Bytes 29/12/2011 16:51:17
VBASE027.VDF : 7.11.20.81 2048 Bytes 29/12/2011 16:51:17
VBASE028.VDF : 7.11.20.82 2048 Bytes 29/12/2011 16:51:17
VBASE029.VDF : 7.11.20.83 2048 Bytes 29/12/2011 16:51:17
VBASE030.VDF : 7.11.20.84 2048 Bytes 29/12/2011 16:51:17
VBASE031.VDF : 7.11.20.97 132608 Bytes 30/12/2011 16:51:17
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 25/10/2011 18:18:43
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 31/12/2011 16:51:17
AESCN.DLL : 8.1.7.2 127349 Bytes 01/09/2011 22:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 03/12/2011 11:46:41
AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 22:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13/12/2011 12:14:35
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 31/12/2011 16:51:17
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 31/12/2011 16:51:17
AEHELP.DLL : 8.1.18.0 254327 Bytes 25/10/2011 18:18:35
AEGEN.DLL : 8.1.5.17 405877 Bytes 10/12/2011 23:49:48
AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 22:46:01
AECORE.DLL : 8.1.24.3 201079 Bytes 31/12/2011 16:51:17
AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11/10/2011 14:00:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 11/10/2011 14:00:09
AVREP.DLL : 12.1.0.17 179408 Bytes 11/10/2011 14:00:09
AVARKT.DLL : 12.1.0.19 208848 Bytes 08/12/2011 15:17:59
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11/10/2011 14:00:08
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11/10/2011 14:00:22
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11/10/2011 14:00:10
NETNT.DLL : 12.1.0.17 17104 Bytes 11/10/2011 14:00:18
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 11/10/2011 14:00:31
RCTEXT.DLL : 12.1.1.16 96208 Bytes 31/12/2011 16:51:17
Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4eff9e22\guard_slideup.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Start of the scan: 01 January 2012 00:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AESTFltr.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.exe' - '1' Module(s) have been scanned
Scan process 'DiskDefrag.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162139.sys'
C:\System Volume Information\_restore{C0399D09-F54B-4A27-8EFA-E9D833C26B7C}\RP357\A0162139.sys
[DETECTION] Is the TR/Sirefef.IL Trojan
[NOTE] The file was moved to the quarantine directory under the name '4cdb057c.qua'.
End of the scan: 01 January 2012 00:08
Used time: 00:09 Minute(s)
The scan has been done completely.
0 Scanned directories
42 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
41 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
#45
Posted 01 January 2012 - 05:15 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Phew, they were all in system restore and so were of no consequence
However, it has put a possible thought into my head
Start the DHCP service
Then run this OTL fix, this will delete the old infected restore point and create a new one
After the reboot if DHCP is still not running then select the restore point that OTL is about to make and restore to that. The hope being that as the restore point was set with the service running that it will revert to that
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
However, it has put a possible thought into my head
Start the DHCP service
Then run this OTL fix, this will delete the old infected restore point and create a new one
After the reboot if DHCP is still not running then select the restore point that OTL is about to make and restore to that. The hope being that as the restore point was set with the service running that it will revert to that
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[purity]
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
