Author Topic: ZerroAccess Trojans running amuck (Read 33853 times)

SuperDave · « **Reply #15 on:** December 03, 2012, 04:20:41 PM »

Quote

idk if it's relivent to anything we're doing now, but i haven't been able to run windows updater in like a year, i wasn't really worried about it cus i already have the service pack 2...

You can try Start, Control Panel, Security Center and click on Windows Update. You should get some information about your updates there or you can download and run MS Fix-it below.

Please download and run MS Fix-it from here.

Quote

also, my volume and battery level icons are gone from the task bar (i thought the battery icon may be because i need a new battery. my battery no longer holds a charge, prolly cus i used to keep it plugged in too much)...

You could try running Unhide below. A battery should be run down completely before charging. If not, it will develop a memory and will not fully charge. I keep my laptop plugged in all the time but each time I use the battery I make sure that I fully discharge the battery before plugging it back in.

Please download Unhide by Grinler from here and save it to your desktop.
Double click unhide.exe to run the tool.
It will take some time to go through all your files, so please be patient.
If this tool doesn´t fix the problem, please let me know.

Quote

also, i have both enternet explorer and google chrome, someone told me haveing multiple browsers, effects the way they work, is this true?

No, that's not true. I use multiple browsers on all my computers.
Please let me know how the update problem plays out?

brokemomof2 · « **Reply #16 on:** December 03, 2012, 08:32:27 PM »

windows update info:
last checked for updates 2/20/2012
showing 2 important updates
Failed to install
Error code: FFFFFFFE unknown error

ran fix, didn't help

windows could not search for new updates
Error code: 800004002 unknown error

ran unhide... made no visable difference

also, is there more i need to do for my virus problem or should it be all clear now?

SuperDave · « **Reply #17 on:** December 04, 2012, 12:18:53 PM »

Quote

also, is there more i need to do for my virus problem or should it be all clear now?

The infections left some damage. First of all, you should save all your important data to an external harddrive or DVD's. Then, try to run this.

x64 (64-bit) scan for Vista/7

Code:
Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[/list]

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
type exit and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

brokemomof2 · « **Reply #18 on:** December 05, 2012, 08:47:41 PM »

Sorry I took so long to reply, I had to find my flashdrive

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 05-12-2012 21:43:39
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe

HKLM-x32\...\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [304496 2009-03-17] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\mommy\...\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe [478720 2011-05-15] (Crossrider)
HKU\mommy\...\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [490880 2012-09-24] (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
3 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
3 Freemake Improver; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [82944 2012-03-15] (Freemake)
2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
3 MatSvc; "C:\Program Files\Microsoft Fix it Center\Matsvc.exe" [343856 2011-06-13] (Microsoft Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-04] (Alcatel-Lucent)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)
2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) =====================

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [310728 2012-09-07] ()
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [42696 2012-09-07] ()
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
2 PfFilter; \??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [36792 2011-03-16] (IObit Information Technology)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
1 Beep;

3 catchme; \??\C:\ComboFix\catchme.sys

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys

3 mfeavfk01;

3 MREMP50a64;

3 MREMPR5;

3 MRENDIS5;

3 MRESP50a64;

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-05 21:27 - 2012-12-05 21:27 - 00000000 ____D C:\FRST
2012-12-05 21:23 - 2012-12-05 21:23 - 00000714 ____A C:\Windows\setupact.log
2012-12-05 21:23 - 2012-12-05 21:23 - 00000000 ____A C:\Windows\setuperr.log
2012-12-03 20:58 - 2012-12-03 21:33 - 00002648 ____A C:\Users\mommy\Desktop\unhide.txt
2012-12-03 20:58 - 2012-12-03 20:58 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\mommy\Desktop\unhide.exe
2012-12-03 14:28 - 2012-12-03 14:28 - 00003640 ____A C:\Users\mommy\Desktop\ESET scan.txt cleaned.txt
2012-12-02 21:23 - 2012-12-03 12:36 - 00001838 ____A C:\scu.dat
2012-12-02 15:46 - 2012-12-02 15:46 - 00002843 ____A C:\Users\mommy\Desktop\ESET scan.txt
2012-12-01 07:05 - 2012-12-01 07:05 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-30 19:24 - 2012-11-30 19:24 - 00173119 ____A (Eric_71) C:\Users\mommy\Desktop\Rooter.exe
2012-11-30 19:21 - 2012-11-30 19:21 - 00002840 ____A C:\Users\mommy\Desktop\RKreport[1]_S_11302012_02d1921.txt
2012-11-30 19:18 - 2009-10-09 13:56 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-11-30 19:17 - 2012-11-30 19:20 - 00000000 ____D C:\Users\mommy\Desktop\RK_Quarantine
2012-11-30 19:17 - 2012-11-30 19:17 - 00752128 ____A C:\Users\mommy\Desktop\RogueKiller.exe
2012-11-30 15:59 - 2012-11-30 15:59 - 00022228 ____A C:\ComboFix.txt
2012-11-30 15:46 - 2012-12-05 21:30 - 00564244 ____A C:\Windows\WindowsUpdate.log
2012-11-30 14:45 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-30 14:45 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-30 14:45 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-30 13:56 - 2012-11-30 16:00 - 00000000 ____D C:\Qoobox
2012-11-30 13:56 - 2012-11-30 15:56 - 00000000 ____D C:\Windows\erdnt
2012-11-30 13:52 - 2012-11-30 13:52 - 05009213 ____R (Swearware) C:\Users\mommy\Desktop\ComboFix.exe
2012-11-30 13:02 - 2012-11-30 13:02 - 00012317 ____A C:\AdwCleaner[S1].txt
2012-11-30 13:01 - 2012-11-30 13:01 - 00013368 ____A C:\AdwCleaner[R2].txt
2012-11-25 20:46 - 2012-11-25 20:46 - 00659504 ____A (FUSENET) C:\Users\mommy\Downloads\GraboidVideoInstaller-3.58.exe
2012-11-25 18:24 - 2012-11-25 18:24 - 00009267 ____A C:\Users\mommy\Desktop\attach.txt
2012-11-25 18:24 - 2012-11-25 18:23 - 00018391 ____A C:\Users\mommy\Desktop\dds.txt
2012-11-25 18:08 - 2012-11-30 15:43 - 00662186 ____A C:\Windows\PFRO.log
2012-11-25 17:44 - 2012-11-25 17:44 - 00000959 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-25 17:44 - 2012-11-25 17:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-25 17:44 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-25 13:13 - 2012-11-25 13:14 - 00007878 ____A C:\AdwCleaner[R1].txt
2012-11-25 12:52 - 2012-11-25 12:52 - 00000781 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-25 12:52 - 2012-11-25 12:52 - 00000000 ____D C:\Program Files\CCleaner
2012-11-23 22:53 - 2012-11-23 22:53 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-11-23 22:53 - 2012-04-20 16:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2012-11-23 22:52 - 2012-11-24 00:01 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-23 22:52 - 2012-11-23 22:54 - 00000000 ____D C:\Program Files\McAfee
2012-11-23 22:52 - 2012-11-23 22:53 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-11-23 22:52 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files\McAfee.com
2012-11-23 22:52 - 2012-07-17 14:55 - 00069672 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-11-23 22:52 - 2012-07-17 14:51 - 00106112 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-11-23 22:52 - 2012-07-17 14:51 - 00010288 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-11-23 22:52 - 2012-07-17 14:49 - 00513456 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-11-23 22:52 - 2012-07-17 14:48 - 00300392 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-11-23 22:36 - 2012-11-24 01:53 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-23 22:36 - 2012-07-17 14:52 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-11-23 22:16 - 2012-11-23 22:16 - 00000000 ____A C:\asc_rdflag
2012-11-23 22:03 - 2012-11-23 22:03 - 00000000 ____D C:\mfe
2012-11-11 23:35 - 2012-11-11 23:35 - 00000000 ____D C:\Users\mommy\AppData\Roaming\McAfee
2012-11-11 21:42 - 2012-07-17 14:52 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe.0a03.deleteme

==================== One Month Modified Files and Folders =======

2012-12-05 21:30 - 2012-11-30 15:46 - 00564244 ____A C:\Windows\WindowsUpdate.log
2012-12-05 21:30 - 2006-11-02 07:42 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-05 21:30 - 2006-11-02 07:42 - 00000006 ____A C:\Windows\Tasks\SA.DAT
2012-12-05 21:30 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 21:30 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 21:29 - 2011-11-05 16:53 - 00000000 ____D C:\Program Files (x86)\Giraffic
2012-12-05 21:28 - 2010-05-19 12:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-05 21:27 - 2012-12-05 21:27 - 00000000 ____D C:\FRST
2012-12-05 21:26 - 2006-11-02 04:46 - 00703342 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-05 21:23 - 2012-12-05 21:23 - 00000714 ____A C:\Windows\setupact.log
2012-12-05 21:23 - 2012-12-05 21:23 - 00000000 ____A C:\Windows\setuperr.log
2012-12-05 20:49 - 2010-09-24 20:36 - 00028672 ____A C:\Users\mommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-05 20:39 - 2012-07-21 10:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-05 20:36 - 2010-05-19 12:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-03 21:33 - 2012-12-03 20:58 - 00002648 ____A C:\Users\mommy\Desktop\unhide.txt
2012-12-03 20:58 - 2012-12-03 20:58 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\mommy\Desktop\unhide.exe
2012-12-03 14:28 - 2012-12-03 14:28 - 00003640 ____A C:\Users\mommy\Desktop\ESET scan.txt cleaned.txt
2012-12-03 12:36 - 2012-12-02 21:23 - 00001838 ____A C:\scu.dat
2012-12-02 15:46 - 2012-12-02 15:46 - 00002843 ____A C:\Users\mommy\Desktop\ESET scan.txt
2012-12-01 07:05 - 2012-12-01 07:05 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-30 19:24 - 2012-11-30 19:24 - 00173119 ____A (Eric_71) C:\Users\mommy\Desktop\Rooter.exe
2012-11-30 19:21 - 2012-11-30 19:21 - 00002840 ____A C:\Users\mommy\Desktop\RKreport[1]_S_11302012_02d1921.txt
2012-11-30 19:20 - 2012-11-30 19:17 - 00000000 ____D C:\Users\mommy\Desktop\RK_Quarantine
2012-11-30 19:17 - 2012-11-30 19:17 - 00752128 ____A C:\Users\mommy\Desktop\RogueKiller.exe
2012-11-30 16:00 - 2012-11-30 13:56 - 00000000 ____D C:\Qoobox
2012-11-30 15:59 - 2012-11-30 15:59 - 00022228 ____A C:\ComboFix.txt
2012-11-30 15:59 - 2006-11-02 05:33 - 00000000 ___RD C:\users\Default
2012-11-30 15:56 - 2012-11-30 13:56 - 00000000 ____D C:\Windows\erdnt
2012-11-30 15:50 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-11-30 15:43 - 2012-11-25 18:08 - 00662186 ____A C:\Windows\PFRO.log
2012-11-30 15:39 - 2011-02-19 10:42 - 00000000 ____D C:\Program Files (x86)\Shop to Win 8
2012-11-30 13:52 - 2012-11-30 13:52 - 05009213 ____R (Swearware) C:\Users\mommy\Desktop\ComboFix.exe
2012-11-30 13:02 - 2012-11-30 13:02 - 00012317 ____A C:\AdwCleaner[S1].txt
2012-11-30 13:01 - 2012-11-30 13:01 - 00013368 ____A C:\AdwCleaner[R2].txt
2012-11-30 12:21 - 2011-03-07 17:02 - 00002036 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-11-25 20:46 - 2012-11-25 20:46 - 00659504 ____A (FUSENET) C:\Users\mommy\Downloads\GraboidVideoInstaller-3.58.exe
2012-11-25 18:24 - 2012-11-25 18:24 - 00009267 ____A C:\Users\mommy\Desktop\attach.txt
2012-11-25 18:23 - 2012-11-25 18:24 - 00018391 ____A C:\Users\mommy\Desktop\dds.txt
2012-11-25 17:44 - 2012-11-25 17:44 - 00000959 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-25 17:44 - 2012-11-25 17:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-25 13:14 - 2012-11-25 13:13 - 00007878 ____A C:\AdwCleaner[R1].txt
2012-11-25 13:08 - 2009-05-03 13:43 - 00000000 ____D C:\Windows\Panther
2012-11-25 12:52 - 2012-11-25 12:52 - 00000781 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-25 12:52 - 2012-11-25 12:52 - 00000000 ____D C:\Program Files\CCleaner
2012-11-24 01:53 - 2012-11-23 22:36 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-24 00:03 - 2011-10-05 17:21 - 00000000 ____D C:\Users\mommy\AppData\Local\WeatherBug
2012-11-24 00:01 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-23 22:54 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files\McAfee
2012-11-23 22:53 - 2012-11-23 22:53 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-11-23 22:53 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-11-23 22:52 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files\McAfee.com
2012-11-23 22:29 - 2012-04-04 18:19 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-23 22:29 - 2011-08-04 18:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-23 22:27 - 2009-05-02 22:56 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-23 22:16 - 2012-11-23 22:16 - 00000000 ____A C:\asc_rdflag
2012-11-23 22:16 - 2012-10-25 21:50 - 56311808 ____A C:\Windows\System32\config\COMPONENTS.iobit
2012-11-23 22:16 - 2010-05-19 13:28 - 00000000 ____D C:\users\mommy
2012-11-23 22:03 - 2012-11-23 22:03 - 00000000 ____D C:\mfe
2012-11-23 22:03 - 2006-11-02 07:25 - 00000749 ___RA C:\Windows\WindowsShell.Manifest
2012-11-23 22:03 - 2006-11-02 07:25 - 00000174 __ASH C:\Users\Public\desktop.ini
2012-11-23 22:03 - 2006-11-02 07:25 - 00000174 __ASH C:\users\desktop.ini
2012-11-23 22:03 - 2006-11-02 07:25 - 00000174 __ASH C:\Program Files (x86)\desktop.ini
2012-11-23 21:59 - 2010-07-06 23:21 - 00000000 ____D C:\Users\mommy\AppData\Roaming\IObit
2012-11-11 23:35 - 2012-11-11 23:35 - 00000000 ____D C:\Users\mommy\AppData\Roaming\McAfee
2012-11-11 21:58 - 2011-08-21 12:38 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-11-11 21:52 - 2012-03-20 13:13 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-11-11 17:51 - 2011-11-07 20:19 - 00000000 ____D C:\Windows\Minidump

ZeroAccess:
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-05 12:29:00
Restore point made on: 2012-10-28 21:26:39
Restore point made on: 2012-11-11 21:51:24
Restore point made on: 2012-11-11 21:54:18
Restore point made on: 2012-11-13 22:21:13
Restore point made on: 2012-11-30 12:22:01
Restore point made on: 2012-12-03 15:43:29
Restore point made on: 2012-12-03 20:30:26
Restore point made on: 2012-12-04 10:00:16
Restore point made on: 2012-12-05 20:31:57

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3963.04 MB
Available physical RAM: 3416.82 MB
Total Pagefile: 3714.9 MB
Available Pagefile: 3387.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:183.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS
4 Drive f: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 492 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI100343V0F NTFS Partition 286 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 492 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT Removable 492 MB Healthy

=========================================================

Last Boot: 2012-11-30 15:56

====================

SuperDave · « **Reply #19 on:** December 06, 2012, 01:20:02 PM »

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
ZeroAccess:
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
****************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply.

brokemomof2 · « **Reply #20 on:** December 06, 2012, 09:05:19 PM »

i went fast, don't really know what else to say bout it, but heres the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-06 22:02:21 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227} moved successfully.
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L not found.
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U not found.

==== End of Fixlog ====

brokemomof2 · « **Reply #21 on:** December 06, 2012, 09:17:43 PM »

ok here's the other log

and i'd like to so say, u just don't know how greatful i am that u take time out to help ppl like me who can't afford to pay a professional, u are a God Send!

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-06 22:15:38
-----------------------------
22:15:38.849 OS Version: Windows x64 6.0.6002 Service Pack 2
22:15:38.849 Number of processors: 2 586 0x170A
22:15:38.849 ComputerName: MOMMY-PC UserName: mommy
22:15:39.910 Initialize success
22:16:29.008 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:16:29.024 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
22:16:29.024 Device \Driver\iaStor -> MajorFunction fffffa80051d95e8
22:16:29.024 Disk 0 MBR read successfully
22:16:29.024 Disk 0 MBR scan
22:16:29.039 Disk 0 Windows VISTA default MBR code
22:16:29.055 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:16:29.070 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293256 MB offset 3074048
22:16:29.102 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10488 MB offset 603662336
22:16:29.148 Disk 0 scanning C:\Windows\system32\drivers
22:16:36.106 Service scanning
22:16:54.015 Modules scanning
22:16:54.015 Disk 0 trace - called modules:
22:16:54.030 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys >>UNKNOWN [0xfffffa80051d95e8]<<hal.dll
22:16:54.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d93790]
22:16:54.046 3 CLASSPNP.SYS[fffffa60012f1c33] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004d91060]
22:16:54.046 5 thpdrv.sys[fffffa6001285c8d] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c6b050]
22:16:54.062 \Driver\iaStor[0xfffffa8005185510] -> IRP_MJ_CREATE -> 0xfffffa80051d95e8
22:16:54.062 Scan finished successfully
22:22:29.649 Disk 0 MBR has been saved successfully to "C:\Users\mommy\Desktop\MBR.dat"
22:22:29.649 The log file has been saved successfully to "C:\Users\mommy\Desktop\aswMBRscanlog.txt"

SuperDave · « **Reply #22 on:** December 07, 2012, 12:57:53 PM »

Quote

u just don't know how greatful i am that u take time out to help ppl like me who can't afford to pay a professional, u are a God Send!

All the we ask is that you do something similiar for someone else.
Can you please try getting your updates again?

brokemomof2 · « **Reply #23 on:** December 07, 2012, 02:23:08 PM »

still getting error code: 80004002 unknown error

SuperDave · « **Reply #24 on:** December 07, 2012, 07:15:04 PM »

I'm going to consult with a colleague about this.

brokemomof2 · « **Reply #25 on:** December 08, 2012, 03:29:27 PM »

ok i'll be keeping my eyes open for your next post, ty

SuperDave · « **Reply #26 on:** December 12, 2012, 12:00:01 PM »

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

******************************************************
Please try your Windows update to see if it works. If it doesn't, please try this bat file below.

Copy and paste the text in the code box below into Notepad.
In Notepad go to File > Save as, choose to save it to your desktop and name it event.bat
Now double click the event.bat file you just created and let it finish.
(Note: Your computer will re-boot after you run this bat file.)

Code: [Select]

Sc config bits binpath=”%systemroot%\system32\svchost.exe –k netsvcs“ Sc config bits depend = RpcSs EventSystem
Sc config bits start=delayed-auto
Sc config bits type=interact
Sc config bits error=normal
Sc config bits obj=LocalSystem
Sc privs bits privileges=SeCreateGlobalPrivilege/SeImpersonatePrivilege/SeTcbPrivilege/SeAssignPrimaryTokenPrivilege/SeIncreateQuotaPrivilege
Sc sidtype bits type= unrestricted
Sc failure bits reset= 86400 actions=restart/60000/restart/120000
pause
Sc stop bits
pause
Sc start bits
pause
shutdown /t 120 /r /c "finish resetting BITS"

brokemomof2 · « **Reply #27 on:** December 13, 2012, 08:51:55 PM »

there are two of these (one from the first scan and one from the second wich came out clean) i will post both for u...

first scan

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.13.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
mommy :: MOMMY-PC [administrator]

12/13/2012 8:48:55 PM
mbar-log-2012-12-13 (20-48-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30055
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2592 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_42_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_625142076_user.mbam (Forged physical sector) -> Delete on reboot.
C:\Windows\System32\services.exe (Rootkit.0Access.S) -> Delete on reboot.
C:\Windows\assembly\GAC_32\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

second scan

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.13.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
mommy :: MOMMY-PC [administrator]

12/13/2012 9:29:07 PM
mbar-log-2012-12-13 (21-29-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32025
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4155551744, free: 2752372736

------------ Kernel report ------------
12/13/2012 20:33:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\mferkdet.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80058e9060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004c4d050
Lower Device Driver Name: Unknown
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.13.11
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80058e9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80058e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80058e9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80058e8060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8004c4d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: Unknown
------------ End ----------
Upper DeviceData: 0xfffff880130f03f0, 0xfffffa80058e9060, 0xfffffa8004520790
Lower DeviceData: 0xfffff880111df0e0, 0xfffffa8004c4d050, 0xfffffa80044fb6e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
MBR buffers are not equal
MBR is forged! [4333f673a96dbe57f4d0023e55e5303d]
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3664E4A

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 42 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]
Changing partition to empty and not active. New active partition is 1 on drive 0 ...

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 600588288
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 603662336 Numsec = 21479424
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-41-625122448-625142448)...
Sector 625142076 --> [Forged physical sector]
Sector 625142077 --> [Forged physical sector]
Sector 625142078 --> [Forged physical sector]
Sector 625142079 --> [Forged physical sector]
Sector 625142080 --> [Forged physical sector]
Sector 625142081 --> [Forged physical sector]
Sector 625142082 --> [Forged physical sector]
Sector 625142083 --> [Forged physical sector]
Sector 625142084 --> [Forged physical sector]
Sector 625142085 --> [Forged physical sector]
Sector 625142086 --> [Forged physical sector]
Sector 625142087 --> [Forged physical sector]
Sector 625142088 --> [Forged physical sector]
Sector 625142089 --> [Forged physical sector]
Sector 625142090 --> [Forged physical sector]
Sector 625142091 --> [Forged physical sector]
Sector 625142092 --> [Forged physical sector]
Sector 625142093 --> [Forged physical sector]
Sector 625142094 --> [Forged physical sector]
Sector 625142095 --> [Forged physical sector]
Sector 625142096 --> [Forged physical sector]
Sector 625142097 --> [Forged physical sector]
Sector 625142098 --> [Forged physical sector]
Sector 625142099 --> [Forged physical sector]
Sector 625142100 --> [Forged physical sector]
Sector 625142101 --> [Forged physical sector]
Sector 625142102 --> [Forged physical sector]
Sector 625142103 --> [Forged physical sector]
Sector 625142104 --> [Forged physical sector]
Sector 625142105 --> [Forged physical sector]
Sector 625142106 --> [Forged physical sector]
Sector 625142107 --> [Forged physical sector]
Sector 625142108 --> [Forged physical sector]
Sector 625142109 --> [Forged physical sector]
Sector 625142110 --> [Forged physical sector]
Sector 625142111 --> [Forged physical sector]
Sector 625142112 --> [Forged physical sector]
Sector 625142113 --> [Forged physical sector]
Sector 625142114 --> [Forged physical sector]
Sector 625142115 --> [Forged physical sector]
Sector 625142116 --> [Forged physical sector]
Sector 625142117 --> [Forged physical sector]
Sector 625142118 --> [Forged physical sector]
Sector 625142119 --> [Forged physical sector]
Sector 625142120 --> [Forged physical sector]
Sector 625142121 --> [Forged physical sector]
Sector 625142122 --> [Forged physical sector]
Sector 625142123 --> [Forged physical sector]
Sector 625142124 --> [Forged physical sector]
Sector 625142125 --> [Forged physical sector]
Sector 625142126 --> [Forged physical sector]
Sector 625142127 --> [Forged physical sector]
Sector 625142128 --> [Forged physical sector]
Sector 625142129 --> [Forged physical sector]
Sector 625142130 --> [Forged physical sector]
Sector 625142131 --> [Forged physical sector]
Sector 625142132 --> [Forged physical sector]
Sector 625142133 --> [Forged physical sector]
Sector 625142134 --> [Forged physical sector]
Sector 625142135 --> [Forged physical sector]
Sector 625142136 --> [Forged physical sector]
Sector 625142137 --> [Forged physical sector]
Sector 625142138 --> [Forged physical sector]
Sector 625142139 --> [Forged physical sector]
Sector 625142140 --> [Forged physical sector]
Sector 625142141 --> [Forged physical sector]
Sector 625142142 --> [Forged physical sector]
Sector 625142143 --> [Forged physical sector]
Sector 625142144 --> [Forged physical sector]
Sector 625142145 --> [Forged physical sector]
Sector 625142146 --> [Forged physical sector]
Sector 625142147 --> [Forged physical sector]
Sector 625142148 --> [Forged physical sector]
Sector 625142149 --> [Forged physical sector]
Sector 625142150 --> [Forged physical sector]
Sector 625142151 --> [Forged physical sector]
Sector 625142152 --> [Forged physical sector]
Sector 625142153 --> [Forged physical sector]
Sector 625142154 --> [Forged physical sector]
Sector 625142155 --> [Forged physical sector]
Sector 625142156 --> [Forged physical sector]
Sector 625142157 --> [Forged physical sector]
Sector 625142158 --> [Forged physical sector]
Sector 625142159 --> [Forged physical sector]
Sector 625142160 --> [Forged physical sector]
Sector 625142161 --> [Forged physical sector]
Sector 625142162 --> [Forged physical sector]
Sector 625142163 --> [Forged physical sector]
Sector 625142164 --> [Forged physical sector]
Sector 625142165 --> [Forged physical sector]
Sector 625142166 --> [Forged physical sector]
Sector 625142167 --> [Forged physical sector]
Sector 625142168 --> [Forged physical sector]
Sector 625142169 --> [Forged physical sector]
Sector 625142170 --> [Forged physical sector]
Sector 625142171 --> [Forged physical sector]
Sector 625142172 --> [Forged physical sector]
Sector 625142173 --> [Forged physical sector]
Sector 625142174 --> [Forged physical sector]
Sector 625142175 --> [Forged physical sector]
Sector 625142176 --> [Forged physical sector]
Sector 625142177 --> [Forged physical sector]
Sector 625142178 --> [Forged physical sector]
Sector 625142179 --> [Forged physical sector]
Sector 625142180 --> [Forged physical sector]
Sector 625142181 --> [Forged physical sector]
Sector 625142182 --> [Forged physical sector]
Sector 625142183 --> [Forged physical sector]
Sector 625142184 --> [Forged physical sector]
Sector 625142185 --> [Forged physical sector]
Sector 625142186 --> [Forged physical sector]
Sector 625142187 --> [Forged physical sector]
Sector 625142188 --> [Forged physical sector]
Sector 625142189 --> [Forged physical sector]
Sector 625142190 --> [Forged physical sector]
Sector 625142191 --> [Forged physical sector]
Sector 625142192 --> [Forged physical sector]
Sector 625142193 --> [Forged physical sector]
Sector 625142194 --> [Forged physical sector]
Sector 625142195 --> [Forged physical sector]
Sector 625142196 --> [Forged physical sector]
Sector 625142197 --> [Forged physical sector]
Sector 625142198 --> [Forged physical sector]
Sector 625142199 --> [Forged physical sector]
Sector 625142200 --> [Forged physical sector]
Sector 625142201 --> [Forged physical sector]
Sector 625142202 --> [Forged physical sector]
Sector 625142203 --> [Forged physical sector]
Sector 625142204 --> [Forged physical sector]
Sector 625142205 --> [Forged physical sector]
Sector 625142206 --> [Forged physical sector]
Sector 625142207 --> [Forged physical sector]
Sector 625142208 --> [Forged physical sector]
Sector 625142209 --> [Forged physical sector]
Sector 625142210 --> [Forged physical sector]
Sector 625142211 --> [Forged physical sector]
Sector 625142212 --> [Forged physical sector]
Sector 625142213 --> [Forged physical sector]
Sector 625142214 --> [Forged physical sector]
Sector 625142215 --> [Forged physical sector]
Sector 625142216 --> [Forged physical sector]
Sector 625142217 --> [Forged physical sector]
Sector 625142218 --> [Forged physical sector]
Sector 625142219 --> [Forged physical sector]
Sector 625142220 --> [Forged physical sector]
Sector 625142221 --> [Forged physical sector]
Sector 625142222 --> [Forged physical sector]
Sector 625142223 --> [Forged physical sector]
Sector 625142224 --> [Forged physical sector]
Sector 625142225 --> [Forged physical sector]
Sector 625142226 --> [Forged physical sector]
Sector 625142227 --> [Forged physical sector]
Sector 625142228 --> [Forged physical sector]
Sector 625142229 --> [Forged physical sector]
Sector 625142230 --> [Forged physical sector]
Sector 625142231 --> [Forged physical sector]
Sector 625142232 --> [Forged physical sector]
Sector 625142233 --> [Forged physical sector]
Sector 625142234 --> [Forged physical sector]
Sector 625142235 --> [Forged physical sector]
Sector 625142236 --> [Forged physical sector]
Sector 625142237 --> [Forged physical sector]
Sector 625142238 --> [Forged physical sector]
Sector 625142239 --> [Forged physical sector]
Sector 625142240 --> [Forged physical sector]
Sector 625142241 --> [Forged physical sector]
Sector 625142242 --> [Forged physical sector]
Sector 625142243 --> [Forged physical sector]
Sector 625142244 --> [Forged physical sector]
Sector 625142245 --> [Forged physical sector]
Sector 625142246 --> [Forged physical sector]
Sector 625142247 --> [Forged physical sector]
Sector 625142248 --> [Forged physical sector]
Sector 625142249 --> [Forged physical sector]
Sector 625142250 --> [Forged physical sector]
Sector 625142251 --> [Forged physical sector]
Sector 625142252 --> [Forged physical sector]
Sector 625142253 --> [Forged physical sector]
Sector 625142254 --> [Forged physical sector]
Sector 625142255 --> [Forged physical sector]
Sector 625142256 --> [Forged physical sector]
Sector 625142257 --> [Forged physical sector]
Sector 625142258 --> [Forged physical sector]
Sector 625142259 --> [Forged physical sector]
Sector 625142260 --> [Forged physical sector]
Sector 625142261 --> [Forged physical sector]
Sector 625142262 --> [Forged physical sector]
Sector 625142263 --> [Forged physical sector]
Sector 625142264 --> [Forged physical sector]
Sector 625142265 --> [Forged physical sector]
Sector 625142266 --> [Forged physical sector]
Sector 625142267 --> [Forged physical sector]
Sector 625142268 --> [Forged physical sector]
Sector 625142269 --> [Forged physical sector]
Sector 625142270 --> [Forged physical sector]
Sector 625142271 --> [Forged physical sector]
Sector 625142272 --> [Forged physical sector]
Sector 625142273 --> [Forged physical sector]
Sector 625142274 --> [Forged physical sector]
Sector 625142275 --> [Forged physical sector]
Sector 625142276 --> [Forged physical sector]
Sector 625142277 --> [Forged physical sector]
Sector 625142278 --> [Forged physical sector]
Sector 625142279 --> [Forged physical sector]
Sector 625142280 --> [Forged physical sector]
Sector 625142281 --> [Forged physical sector]
Sector 625142282 --> [Forged physical sector]
Sector 625142283 --> [Forged physical sector]
Sector 625142284 --> [Forged physical sector]
Sector 625142285 --> [Forged physical sector]
Sector 625142286 --> [Forged physical sector]
Sector 625142287 --> [Forged physical sector]
Sector 625142288 --> [Forged physical sector]
Sector 625142289 --> [Forged physical sector]
Sector 625142290 --> [Forged physical sector]
Sector 625142291 --> [Forged physical sector]
Sector 625142292 --> [Forged physical sector]
Sector 625142293 --> [Forged physical sector]
Sector 625142294 --> [Forged physical sector]
Sector 625142295 --> [Forged physical sector]
Sector 625142296 --> [Forged physical sector]
Sector 625142297 --> [Forged physical sector]
Sector 625142298 --> [Forged physical sector]
Sector 625142299 --> [Forged physical sector]
Sector 625142300 --> [Forged physical sector]
Sector 625142301 --> [Forged physical sector]
Sector 625142302 --> [Forged physical sector]
Sector 625142303 --> [Forged physical sector]
Sector 625142304 --> [Forged physical sector]
Sector 625142305 --> [Forged physical sector]
Sector 625142306 --> [Forged physical sector]
Sector 625142307 --> [Forged physical sector]
Sector 625142308 --> [Forged physical sector]
Sector 625142309 --> [Forged physical sector]
Sector 625142310 --> [Forged physical sector]
Sector 625142311 --> [Forged physical sector]
Sector 625142312 --> [Forged physical sector]
Sector 625142313 --> [Forged physical sector]
Sector 625142314 --> [Forged physical sector]
Sector 625142315 --> [Forged physical sector]
Sector 625142316 --> [Forged physical sector]
Sector 625142317 --> [Forged physical sector]
Sector 625142318 --> [Forged physical sector]
Sector 625142319 --> [Forged physical sector]
Sector 625142320 --> [Forged physical sector]
Sector 625142321 --> [Forged physical sector]
Sector 625142322 --> [Forged physical sector]
Sector 625142323 --> [Forged physical sector]
Sector 625142324 --> [Forged physical sector]
Sector 625142325 --> [Forged physical sector]
Sector 625142326 --> [Forged physical sector]
Sector 625142327 --> [Forged physical sector]
Sector 625142328 --> [Forged physical sector]
Sector 625142329 --> [Forged physical sector]
Sector 625142330 --> [Forged physical sector]
Sector 625142331 --> [Forged physical sector]
Sector 625142332 --> [Forged physical sector]
Sector 625142333 --> [Forged physical sector]
Sector 625142334 --> [Forged physical sector]
Sector 625142335 --> [Forged physical sector]
Sector 625142336 --> [Forged physical sector]
Sector 625142337 --> [Forged physical sector]
Sector 625142338 --> [Forged physical sector]
Sector 625142339 --> [Forged physical sector]
Sector 625142340 --> [Forged physical sector]
Sector 625142341 --> [Forged physical sector]
Sector 625142342 --> [Forged physical sector]
Sector 625142343 --> [Forged physical sector]
Sector 625142344 --> [Forged physical sector]
Sector 625142345 --> [Forged physical sector]
Sector 625142346 --> [Forged physical sector]
Sector 625142347 --> [Forged physical sector]
Sector 625142348 --> [Forged physical sector]
Sector 625142349 --> [Forged physical sector]
Sector 625142350 --> [Forged physical sector]
Sector 625142351 --> [Forged physical sector]
Sector 625142352 --> [Forged physical sector]
Sector 625142353 --> [Forged physical sector]
Sector 625142354 --> [Forged physical sector]
Sector 625142355 --> [Forged physical sector]
Sector 625142356 --> [Forged physical sector]
Sector 625142357 --> [Forged physical sector]
Sector 625142358 --> [Forged physical sector]
Sector 625142359 --> [Forged physical sector]
Sector 625142360 --> [Forged physical sector]
Sector 625142361 --> [Forged physical sector]
Sector 625142362 --> [Forged physical sector]
Sector 625142363 --> [Forged physical sector]
Sector 625142364 --> [Forged physical sector]
Sector 625142365 --> [Forged physical sector]
Sector 625142366 --> [Forged physical sector]
Sector 625142367 --> [Forged physical sector]
Sector 625142368 --> [Forged physical sector]
Sector 625142369 --> [Forged physical sector]
Sector 625142370 --> [Forged physical sector]
Sector 625142371 --> [Forged physical sector]
Sector 625142372 --> [Forged physical sector]
Sector 625142373 --> [Forged physical sector]
Sector 625142374 --> [Forged physical sector]
Sector 625142375 --> [Forged physical sector]
Sector 625142376 --> [Forged physical sector]
Sector 625142377 --> [Forged physical sector]
Sector 625142378 --> [Forged physical sector]
Sector 625142379 --> [Forged physical sector]
Sector 625142380 --> [Forged physical sector]
Sector 625142381 --> [Forged physical sector]
Sector 625142382 --> [Forged physical sector]
Sector 625142383 --> [Forged physical sector]
Sector 625142384 --> [Forged physical sector]
Sector 625142385 --> [Forged physical sector]
Sector 625142386 --> [Forged physical sector]
Sector 625142387 --> [Forged physical sector]
Sector 625142388 --> [Forged physical sector]
Sector 625142389 --> [Forged physical sector]
Sector 625142390 --> [Forged physical sector]
Sector 625142391 --> [Forged physical sector]
Sector 625142392 --> [Forged physical sector]
Sector 625142393 --> [Forged physical sector]
Sector 625142394 --> [Forged physical sector]
Sector 625142395 --> [Forged physical sector]
Sector 625142396 --> [Forged physical sector]
Sector 625142397 --> [Forged physical sector]
Sector 625142398 --> [Forged physical sector]
Sector 625142399 --> [Forged physical sector]
Sector 625142400 --> [Forged physical sector]
Sector 625142401 --> [Forged physical sector]
Sector 625142402 --> [Forged physical sector]
Sector 625142403 --> [Forged physical sector]
Sector 625142404 --> [Forged physical sector]
Sector 625142405 --> [Forged physical sector]
Sector 625142406 --> [Forged physical sector]
Sector 625142407 --> [Forged physical sector]
Sector 625142408 --> [Forged physical sector]
Sector 625142409 --> [Forged physical sector]
Sector 625142410 --> [Forged physical sector]
Sector 625142411 --> [Forged physical sector]
Sector 625142412 --> [Forged physical sector]
Sector 625142413 --> [Forged physical sector]
Sector 625142414 --> [Forged physical sector]
Sector 625142415 --> [Forged physical sector]
Sector 625142416 --> [Forged physical sector]
Sector 625142417 --> [Forged physical sector]
Sector 625142418 --> [Forged physical sector]
Sector 625142419 --> [Forged physical sector]
Sector 625142420 --> [Forged physical sector]
Sector 625142421 --> [Forged physical sector]
Sector 625142422 --> [Forged physical sector]
Sector 625142423 --> [Forged physical sector]

brokemomof2 · « **Reply #28 on:** December 13, 2012, 09:35:28 PM »

update still didn't work right after first the fix, then ran the notepad thing and still not working... alse keep getting message every time i restart saying "ArcSoft Connect Daemon has stopped working" this has been happening for a couple months now, forgot to mention that part til now cus my other issues overshadowed it especially since i haven't noticed it effecting me and i don't even know what that is for...

SuperDave · « **Reply #29 on:** December 14, 2012, 07:25:44 PM »

Quote

ArcSoft Connect Daemon has stopped working

Arcsoft is a photp editing program. Check to see if you can uninstall it.
I'll be back with some more information about the update problem.

Computer Hope Forum

News:

Author Topic: ZerroAccess Trojans running amuck (Read 33853 times)

SuperDave

Re: ZerroAccess Trojans running amuck

brokemomof2

Re: ZerroAccess Trojans running amuck

SuperDave

Re: ZerroAccess Trojans running amuck

brokemomof2

Re: ZerroAccess Trojans running amuck

SuperDave

Re: ZerroAccess Trojans running amuck

brokemomof2

Re: ZerroAccess Trojans running amuck

brokemomof2

Re: ZerroAccess Trojans running amuck

SuperDave

Re: ZerroAccess Trojans running amuck

brokemomof2

Re: ZerroAccess Trojans running amuck

SuperDave

Re: ZerroAccess Trojans running amuck

brokemomof2

Re: ZerroAccess Trojans running amuck

SuperDave

Re: ZerroAccess Trojans running amuck

brokemomof2

Re: ZerroAccess Trojans running amuck

brokemomof2

Re: ZerroAccess Trojans running amuck

SuperDave

Re: ZerroAccess Trojans running amuck