Jump to content

How to fix MaxSS MBR


xleyba
 Share

Recommended Posts

Hi

I have run RogueKiller on my Windows Vista and realized I have MaxSS on the MBR.

How can I fix it?

BTW, this is the RogueKiller report:

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Website: http://tigzy.geeksto...roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version

Started in : Normal mode

User : admin [Admin rights]

Mode : Scan -- Date : 10/14/2012 16:10:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++

--- User ---

[MBR] 5c318e80429f6a319f614981026157d6

[bSP] 9a7ae23684b95e5b88703db451deba14 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 106000 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 217090048 | Size: 370938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3250820AS +++++

--- User ---

[MBR] ca2ee6b531f45a031c38c71eb3d0c1d3

[bSP] da6db967f6ecc0e40eaa63a1e3efba76 : MaxSS MBR Code!

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1886737195 | Size: 798212 Mo

1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 1918986595 | Size: 884737 Mo

2 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 225735265 | Size: 0 Mo

3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2441084928 | Size: 22 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

Also, as suggested, I have run dds.com. This is the log:

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 10.1.0

Run by admin at 19:28:17 on 2012-10-14

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.3069.1536 [GMT 2:00]

.

.

============== Running Processes ================

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Windows\system32\CTsvcCDA.exe

C:\Program Files\DVBViewer\DVBVservice.exe

C:\Program Files\FileZilla Server\FileZilla Server.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\SmartSVN 6.6\bin\statuscached.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\OEM03Mon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Program Files\uTorrent\utorrent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Mozy\Stash\Stash.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\ehome\ehRecvr.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [WindowsWelcomeCenter] <no file>

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe

mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\admin\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\stash.lnk - c:\program files\mozy\stash\Stash.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Enviar página al dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

TCP: Interfaces\{4943133D-D311-40B0-A223-5055AE9CE4D9} : DHCPNameServer = 62.81.29.254 62.42.230.24

TCP: Interfaces\{51109162-C393-474C-8981-4AE4CF02603F} : NameServer = 208.67.222.222,208.67.220.220

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

Hosts: 1 2 7 . 0 . 0 . 1 l o c a l h o s t

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\oe5q9q1u.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Ba0be8b23-3910-41e8-89c0-b1955515f85f%7D&mid=9342a0bcfc7a47d08688d150383f87fb-0276129058c44fcd1cd39e269bbafe28a4ac4d9c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-10%2010%3A17%3A25&sap=ku&q=

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\users\admin\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\users\admin\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\admin\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - ExtSQL: 2012-10-14 15:04; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\admin\appdata\roaming\mozilla\firefox\profiles\oe5q9q1u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 27496]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-4-13 158512]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-4-13 91952]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 DVBVRecorder;DVBViewer Recording Service;c:\program files\dvbviewer\DVBVservice.exe [2010-11-1 590427]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374184]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-8-1 47640]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-14 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-9 676936]

R2 statuscached;SmartSVN Status Cache;c:\program files\smartsvn 6.6\bin\statuscached.exe [2011-1-26 216576]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-8-30 722528]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2010-10-31 1030784]

R3 LazerUsb;Lumanate Lazer USB;c:\windows\system32\drivers\LazerUsb.sys [2010-10-31 5734400]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-9 22856]

R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2010-10-30 141376]

R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2010-10-30 7424]

R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2010-10-30 235808]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2010-10-30 31616]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-4-3 104752]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-4-3 116016]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Servicio de Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-25 116648]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-6-21 80824]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-1-7 20032]

S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-25 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 115168]

S3 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys [2012-4-20 14848]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-1-11 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-1-11 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-1-11 136808]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-6-21 181432]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 SVNService;SVNService;c:\program files\svnservice\SVNService.exe [2011-2-27 24576]

.

=============== Created Last 30 ================

.

2012-10-14 08:41:59 -------- d-----w- c:\users\admin\appdata\roaming\avidemux

2012-10-14 08:41:42 -------- d-----w- c:\program files\Avidemux 2.6

2012-10-13 15:49:14 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-09-28 08:52:24 -------- d-----w- c:\program files\Mozy

2012-09-26 07:16:08 -------- d-s---w- C:\found.001

2012-09-24 08:25:55 -------- d-----w- C:\Courex

2012-09-17 07:39:45 -------- d-----w- C:\BigFishGamesCache

.

==================== Find3M ====================

.

2012-09-07 15:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-30 21:06:35 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-24 13:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-08-23 11:00:14 409600 ----a-w- c:\windows\system32\wrap_oal.dll

2012-08-23 11:00:14 114688 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-26 01:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-09-24 18:45:55 483328 ----a-w- c:\program files\putty.exe

.

============= FINISH: 19:28:42,84 ===============

Thanks in advance

J

Link to post
Share on other sites

Hello xleyba! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps. In both cases, you should repair your MBR, because even reinstall the operating system will not help.

Please post the content of Attach.txt .

Link to post
Share on other sites

Hi

Ok, I have no problems to reinstall the OS.

How can I fix the MBR?

Regards

J

Hello xleyba! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps. In both cases, you should repair your MBR, because even reinstall the operating system will not help.

Please post the content of Attach.txt .

Link to post
Share on other sites

Follow my instructions and we will fix it.

Hi Maniac

Thanks for your reply but: where are your instructions?

In your post I can see four links to generic recommendations and a message saying "Please post the content of Attach.txt ."

Am I missing something?

Regards

J

Link to post
Share on other sites

Yes, where is your Attach.txt content?

Hi

I am sorry but what do you expect on the attach.txt file?

Who should generate this file?

As I told you before, I could not see any instruction/procedure to generate such file.

I am sorry if it is my mistake but honestly I could not understand....

Regards

J

Link to post
Share on other sites

Hi

I am sorry but what do you expect on the attach.txt file?

Who should generate this file?

As I told you before, I could not see any instruction/procedure to generate such file.

I am sorry if it is my mistake but honestly I could not understand....

Regards

J

I saw other post from you and you have always posted your instructions after the backdoor warning. Seems it is not the case and you missed that part.

Please check it.

Thanks in advance

J

Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.