GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

View previous topic View next topic Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on Wed Oct 20, 2010 1:43 am

Here's the MBRCheck log! Also, McAfee ran its automatic scan today and it said it found a virus but then when I looked at the security report there was no virus and instead it only cited 1 Potentially Unwanted Program, though it wouldn't show which (it now says 4 viruses have been found since the very first scan way back when we first downloaded it and then when I click to see more details it just says there were 0 viruses but 3 trojans and 1 potentially unwanted program).

Since I still have GooredFix and OTL on the Desktop, do you think McAfee might just be showing one of them as a "virus"? We have not used this computer at all for anything other than what you have asked us to do since we began this whole process, so it was weird to see there was a virus out of nowhere.

----------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7A89000 \WINDOWS\system32\KDCOM.DLL
0xF7999000 \WINDOWS\system32\BOOTVID.dll
0xF753A000 ACPI.sys
0xF7A8B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7529000 pci.sys
0xF7589000 isapnp.sys
0xF799D000 ACPIEC.sys
0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF79A1000 compbatt.sys
0xF79A5000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B52000 pciide.sys
0xF7809000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A8D000 aliide.sys
0xF7A8F000 intelide.sys
0xF7A91000 toside.sys
0xF7A93000 viaide.sys
0xF7A95000 cmdide.sys
0xF750B000 pcmcia.sys
0xF7599000 MountMgr.sys
0xF74EC000 ftdisk.sys
0xF7811000 PartMgr.sys
0xF75A9000 VolSnap.sys
0xF79A9000 cpqarray.sys
0xF74D4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74BC000 atapi.sys
0xF79AD000 aha154x.sys
0xF7819000 sparrow.sys
0xF79B1000 symc810.sys
0xF75B9000 aic78xx.sys
0xF79B5000 dac960nt.sys
0xF75C9000 ql10wnt.sys
0xF79B9000 amsint.sys
0xF7821000 asc.sys
0xF79BD000 asc3550.sys
0xF7829000 mraid35x.sys
0xF7831000 i2omp.sys
0xF79C1000 ini910u.sys
0xF75D9000 ql1240.sys
0xF75E9000 aic78u2.sys
0xF7839000 symc8xx.sys
0xF7841000 sym_hi.sys
0xF7849000 sym_u3.sys
0xF7851000 ABP480N5.SYS
0xF7859000 asc3350p.sys
0xF7A97000 cd20xrnt.sys
0xF75F9000 ultra.sys
0xF74A3000 adpu160m.sys
0xF7861000 dpti2o.sys

Agustina
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-09-19
OS : Vista
Points : 26662
# Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on Wed Oct 20, 2010 11:25 pm

Hello.
I think the may have have been cut off, please make sure you post it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on Wed Oct 20, 2010 11:43 pm

Sorry about that! For some reason, that's all it gave me, so I ran it again and the new log did have more information. Crossing my fingers that there's nothing wrong anymore!

P.S: I think I figured out the whole Firefox stopping automatic redirections. Apparently, that option (showing when it stops automatic redirects) was checked on the computer we're working on but not on the other ones in our house, so that's why it seemed like only this one was doing that.

--------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7A49000 \WINDOWS\system32\KDCOM.DLL
0xF7959000 \WINDOWS\system32\BOOTVID.dll
0xF74FA000 ACPI.sys
0xF7A4B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74E9000 pci.sys
0xF7549000 isapnp.sys
0xF795D000 ACPIEC.sys
0xF7B11000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7961000 compbatt.sys
0xF7965000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B12000 pciide.sys
0xF77C9000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A4D000 aliide.sys
0xF7A4F000 intelide.sys
0xF7A51000 toside.sys
0xF7A53000 viaide.sys
0xF7A55000 cmdide.sys
0xF74CB000 pcmcia.sys
0xF7559000 MountMgr.sys
0xF74AC000 ftdisk.sys
0xF77D1000 PartMgr.sys
0xF7569000 VolSnap.sys
0xF7969000 cpqarray.sys
0xF7494000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF747C000 atapi.sys
0xF796D000 aha154x.sys
0xF77D9000 sparrow.sys
0xF7971000 symc810.sys
0xF7579000 aic78xx.sys
0xF7975000 dac960nt.sys
0xF7589000 ql10wnt.sys
0xF7979000 amsint.sys
0xF77E1000 asc.sys
0xF797D000 asc3550.sys
0xF77E9000 mraid35x.sys
0xF77F1000 i2omp.sys
0xF7981000 ini910u.sys
0xF7599000 ql1240.sys
0xF75A9000 aic78u2.sys
0xF77F9000 symc8xx.sys
0xF7801000 sym_hi.sys
0xF7809000 sym_u3.sys
0xF7811000 ABP480N5.SYS
0xF7819000 asc3350p.sys
0xF7A57000 cd20xrnt.sys
0xF75B9000 ultra.sys
0xF7463000 adpu160m.sys
0xF7821000 dpti2o.sys
0xF75C9000 ql1080.sys
0xF75D9000 ql1280.sys
0xF75E9000 ql12160.sys
0xF7829000 perc2.sys
0xF7A59000 perc2hib.sys
0xF7831000 hpn.sys
0xF7985000 cbidf2k.sys
0xF7437000 dac2w2k.sys
0xF75F9000 disk.sys
0xF7609000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7417000 fltmgr.sys
0xF7405000 sr.sys
0xF73A8000 mfehidk.sys
0xF7619000 PxHelp20.sys
0xF7391000 KSecDD.sys
0xF737E000 WudfPf.sys
0xF72F1000 Ntfs.sys
0xF72C4000 NDIS.sys
0xF7629000 sisagp.sys
0xF7639000 viaagp.sys
0xF7649000 ohci1394.sys
0xF7659000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72AA000 Mup.sys
0xF7669000 agp440.sys
0xF7679000 alim1541.sys
0xF7689000 amdagp.sys
0xF7699000 agpCPQ.sys
0xF6CFD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF66F7000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF66E3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7919000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF66BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7921000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6664000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6CDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7929000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6638000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A8F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7931000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6CCD000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7939000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF6CBD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76F9000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6615000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7941000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF65D2000 \SystemRoot\system32\drivers\camchal.sys
0xF658A000 \SystemRoot\system32\drivers\camcaud.sys
0xF6566000 \SystemRoot\system32\drivers\portcls.sys
0xF7709000 \SystemRoot\system32\drivers\drmk.sys
0xF653D000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF642E000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6395000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7949000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71C2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7BBF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6381000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF7719000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71BA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF636A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7729000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7739000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7951000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6359000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7749000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6335000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF62EA000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7841000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7859000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7769000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xF7779000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A93000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6264000 \SystemRoot\system32\DRIVERS\update.sys
0xF671A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7789000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE1A4000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEE186000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF77A9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A31000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE0D3000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xF7BB1000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7BB4000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7A9B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BB5000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A9D000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7869000 \SystemRoot\System32\drivers\vga.sys
0xF7A9F000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AA1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7871000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7879000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A41000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE0A0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE047000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE034000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEE00E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDFE6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF725A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDFC4000 \SystemRoot\System32\drivers\afd.sys
0xF724A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDF99000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDF29000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF722A000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDE8D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDE75000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A71000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF62CE000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78F9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C88000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDD51000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDAD8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xED968000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDA90000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEDEE9000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xED29B000 \SystemRoot\System32\Drivers\HTTP.sys
0xED4AC000 \SystemRoot\system32\drivers\cfwids.sys
0xED0CD000 \SystemRoot\system32\drivers\mfeapfk.sys
0xED1B3000 \SystemRoot\system32\drivers\mfebopk.sys
0xECFD1000 \SystemRoot\system32\drivers\wdmaud.sys
0xED5B8000 \SystemRoot\system32\drivers\sysaudio.sys
0xECEA5000
0xECF10000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
900 C:\WINDOWS\system32\smss.exe
956 csrss.exe
980 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1036 C:\WINDOWS\system32\lsass.exe
1200 C:\WINDOWS\system32\svchost.exe
1296 svchost.exe
1336 C:\WINDOWS\system32\svchost.exe
1376 C:\WINDOWS\system32\svchost.exe
1424 svchost.exe
1504 svchost.exe
1856 C:\WINDOWS\system32\spoolsv.exe
1964 svchost.exe
1996 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2008 C:\Program Files\Bonjour\mDNSResponder.exe
2028 C:\WINDOWS\system32\CTSVCCDA.EXE
524 C:\Program Files\Java\jre6\bin\jqs.exe
612 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

Agustina
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-09-19
OS : Vista
Points : 26662
# Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on Fri Oct 22, 2010 12:19 am

Hello.
Try attaching the log please, it got cut off again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on Fri Oct 22, 2010 12:43 am

Sorry about that! I don't know why it kept happening but I think I FINALLY got it this time, hopefully. I'm concerned about the last part... I hope it's fixable. Sad tearing

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7A49000 \WINDOWS\system32\KDCOM.DLL
0xF7959000 \WINDOWS\system32\BOOTVID.dll
0xF74FA000 ACPI.sys
0xF7A4B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74E9000 pci.sys
0xF7549000 isapnp.sys
0xF795D000 ACPIEC.sys
0xF7B11000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7961000 compbatt.sys
0xF7965000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B12000 pciide.sys
0xF77C9000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A4D000 aliide.sys
0xF7A4F000 intelide.sys
0xF7A51000 toside.sys
0xF7A53000 viaide.sys
0xF7A55000 cmdide.sys
0xF74CB000 pcmcia.sys
0xF7559000 MountMgr.sys
0xF74AC000 ftdisk.sys
0xF77D1000 PartMgr.sys
0xF7569000 VolSnap.sys
0xF7969000 cpqarray.sys
0xF7494000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF747C000 atapi.sys
0xF796D000 aha154x.sys
0xF77D9000 sparrow.sys
0xF7971000 symc810.sys
0xF7579000 aic78xx.sys
0xF7975000 dac960nt.sys
0xF7589000 ql10wnt.sys
0xF7979000 amsint.sys
0xF77E1000 asc.sys
0xF797D000 asc3550.sys
0xF77E9000 mraid35x.sys
0xF77F1000 i2omp.sys
0xF7981000 ini910u.sys
0xF7599000 ql1240.sys
0xF75A9000 aic78u2.sys
0xF77F9000 symc8xx.sys
0xF7801000 sym_hi.sys
0xF7809000 sym_u3.sys
0xF7811000 ABP480N5.SYS
0xF7819000 asc3350p.sys
0xF7A57000 cd20xrnt.sys
0xF75B9000 ultra.sys
0xF7463000 adpu160m.sys
0xF7821000 dpti2o.sys
0xF75C9000 ql1080.sys
0xF75D9000 ql1280.sys
0xF75E9000 ql12160.sys
0xF7829000 perc2.sys
0xF7A59000 perc2hib.sys
0xF7831000 hpn.sys
0xF7985000 cbidf2k.sys
0xF7437000 dac2w2k.sys
0xF75F9000 disk.sys
0xF7609000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7417000 fltmgr.sys
0xF7405000 sr.sys
0xF73A8000 mfehidk.sys
0xF7619000 PxHelp20.sys
0xF7391000 KSecDD.sys
0xF737E000 WudfPf.sys
0xF72F1000 Ntfs.sys
0xF72C4000 NDIS.sys
0xF7629000 sisagp.sys
0xF7639000 viaagp.sys
0xF7649000 ohci1394.sys
0xF7659000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72AA000 Mup.sys
0xF7669000 agp440.sys
0xF7679000 alim1541.sys
0xF7689000 amdagp.sys
0xF7699000 agpCPQ.sys
0xF6D53000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6642000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF662E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78E9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF660A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF65AF000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6D43000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78F9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6583000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A89000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7901000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6D33000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7909000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF6D23000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6D13000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6560000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7911000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF651D000 \SystemRoot\system32\drivers\camchal.sys
0xF64D5000 \SystemRoot\system32\drivers\camcaud.sys
0xF64B1000 \SystemRoot\system32\drivers\portcls.sys
0xF6D03000 \SystemRoot\system32\drivers\drmk.sys
0xF6488000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6379000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF62E0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7921000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71CA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7BB4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF62CC000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF6CF3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF62B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6CE3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7929000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF62A4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7709000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6280000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6235000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7931000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7939000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7729000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xF7739000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A97000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF61AF000 \SystemRoot\system32\DRIVERS\update.sys
0xF666D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7749000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE117000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEE0F9000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF7769000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A29000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE01E000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xF7BA1000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7BA2000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7A9D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BA5000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7949000 \SystemRoot\System32\drivers\vga.sys
0xF7AA1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AA3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7951000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7841000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A35000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDFEB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDF92000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDF7F000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEDF59000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDF31000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77B9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDE97000 \SystemRoot\System32\drivers\afd.sys
0xF729A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDE6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDDFC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF727A000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDDD8000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDDC0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A73000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF621D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7919000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C56000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDCA0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDA23000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xED8B3000 \SystemRoot\system32\DRIVERS\srv.sys
0xED9FB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEDEE1000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xED3F2000 \SystemRoot\system32\drivers\wdmaud.sys
0xED503000 \SystemRoot\system32\drivers\sysaudio.sys
0xECCFA000 \SystemRoot\System32\Drivers\HTTP.sys
0xECDE3000 \SystemRoot\system32\drivers\cfwids.sys
0xECC6C000 \SystemRoot\system32\drivers\mfeapfk.sys
0xECD63000 \SystemRoot\system32\drivers\mfebopk.sys
0xEDD08000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEBE24000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
908 C:\WINDOWS\system32\smss.exe
964 csrss.exe
988 C:\WINDOWS\system32\winlogon.exe
1032 C:\WINDOWS\system32\services.exe
1044 C:\WINDOWS\system32\lsass.exe
1208 C:\WINDOWS\system32\svchost.exe
1300 svchost.exe
1340 C:\WINDOWS\system32\svchost.exe
1380 C:\WINDOWS\system32\svchost.exe
1436 svchost.exe
1508 svchost.exe
1860 C:\WINDOWS\system32\spoolsv.exe
1964 svchost.exe
1996 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2008 C:\Program Files\Bonjour\mDNSResponder.exe
2028 C:\WINDOWS\system32\CTSVCCDA.EXE
388 C:\Program Files\Java\jre6\bin\jqs.exe
536 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
700 C:\WINDOWS\system32\mfevtps.exe
804 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
1688 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
220 C:\WINDOWS\system32\svchost.exe
252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
660 C:\WINDOWS\system32\svchost.exe
856 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
1228 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
244 C:\WINDOWS\system32\wuauclt.exe
2936 C:\WINDOWS\explorer.exe
3380 alg.exe
3612 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3748 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3792 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3860 C:\Program Files\Digital Media Reader\shwicon2k.exe
3868 C:\WINDOWS\system32\igfxtray.exe
3880 C:\WINDOWS\system32\hkcmd.exe
3888 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3896 C:\Program Files\QuickTime\QTTask.exe
3528 C:\Program Files\iTunes\iTunesHelper.exe
3244 C:\Program Files\McAfee.com\Agent\mcagent.exe
3492 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
3196 C:\Program Files\Messenger\msmsgs.exe
3824 C:\Program Files\McAfee Online Backup\MOBKstat.exe
3372 C:\Program Files\iPod\bin\iPodService.exe
3764 C:\Program Files\Mozilla Firefox\firefox.exe
3024 C:\Documents and Settings\Wilfredo\Desktop\MBRCheck.exe
416 C:\WINDOWS\system32\notepad.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`e2031a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HTS421280H9AT00, Rev: HA3OA70G

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E5086C2D0EC55D3A4046281BC5165E3048A0F1DA


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Agustina
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-09-19
OS : Vista
Points : 26662
# Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on Fri Oct 22, 2010 11:55 pm

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on Sat Oct 23, 2010 4:53 am

Here's the log for the TDSSKiller scan! It said no threats were found, so I hope that's what this log shows. *crossing fingers!* Thanks again!

-----------------------------------

2010/10/23 00:48:48.0750 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 00:48:48.0750 ================================================================================
2010/10/23 00:48:48.0750 SystemInfo:
2010/10/23 00:48:48.0750
2010/10/23 00:48:48.0750 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/23 00:48:48.0750 Product type: Workstation
2010/10/23 00:48:48.0750 ComputerName: GATEWAY
2010/10/23 00:48:48.0750 UserName: Wilfredo
2010/10/23 00:48:48.0750 Windows directory: C:\WINDOWS
2010/10/23 00:48:48.0750 System windows directory: C:\WINDOWS
2010/10/23 00:48:48.0750 Processor architecture: Intel x86
2010/10/23 00:48:48.0750 Number of processors: 2
2010/10/23 00:48:48.0750 Page size: 0x1000
2010/10/23 00:48:48.0750 Boot type: Normal boot
2010/10/23 00:48:48.0750 ================================================================================
2010/10/23 00:48:49.0875 Initialize success
2010/10/23 00:48:57.0625 ================================================================================
2010/10/23 00:48:57.0625 Scan started
2010/10/23 00:48:57.0625 Mode: Manual;
2010/10/23 00:48:57.0625 ================================================================================
2010/10/23 00:49:03.0203 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/23 00:49:03.0687 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/23 00:49:03.0718 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/23 00:49:03.0781 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/23 00:49:04.0031 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/23 00:49:04.0265 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/23 00:49:04.0343 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/23 00:49:04.0390 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/23 00:49:04.0453 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/23 00:49:04.0828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/23 00:49:05.0046 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/23 00:49:05.0421 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/23 00:49:05.0656 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/23 00:49:05.0734 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/23 00:49:05.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/23 00:49:06.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/23 00:49:06.0234 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/23 00:49:06.0437 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/23 00:49:06.0734 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/23 00:49:07.0031 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/23 00:49:07.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/23 00:49:07.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/23 00:49:07.0406 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/23 00:49:07.0500 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/10/23 00:49:07.0718 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/23 00:49:08.0125 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/23 00:49:08.0265 CAMCAUD (631fb586a927969147d706c8e09babb3) C:\WINDOWS\system32\drivers\camcaud.sys
2010/10/23 00:49:08.0484 CAMCHALA (d0331a53dcfd06d9fa33dfe1d4393c2b) C:\WINDOWS\system32\drivers\camchal.sys
2010/10/23 00:49:09.0109 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/23 00:49:09.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/23 00:49:09.0218 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/23 00:49:09.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/23 00:49:09.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/23 00:49:09.0750 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/10/23 00:49:10.0234 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/10/23 00:49:10.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/23 00:49:10.0718 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/10/23 00:49:11.0125 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/23 00:49:11.0343 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/23 00:49:11.0390 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/23 00:49:11.0453 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/23 00:49:11.0546 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/23 00:49:11.0593 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/23 00:49:11.0875 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/23 00:49:12.0109 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/23 00:49:12.0203 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/23 00:49:12.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/23 00:49:12.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/23 00:49:12.0562 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/23 00:49:12.0609 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/23 00:49:12.0718 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2010/10/23 00:49:13.0062 EMCFILT (3fb7b6b029db71435101adce5f5e09fc) C:\WINDOWS\System32\Drivers\EMcFilt.sys
2010/10/23 00:49:13.0296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/23 00:49:13.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/23 00:49:13.0421 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/23 00:49:13.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/23 00:49:13.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/23 00:49:13.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/23 00:49:14.0187 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/23 00:49:14.0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/23 00:49:15.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/23 00:49:16.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/23 00:49:16.0437 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/23 00:49:17.0234 HSFHWICH (2d9f10d6e7baa20c4526ce6a16444581) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/10/23 00:49:18.0296 HSF_DP (2d566a7f0b4c54b417ac637cb608444b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/23 00:49:19.0015 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/23 00:49:19.0218 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/23 00:49:19.0562 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/23 00:49:20.0062 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/23 00:49:20.0796 ialm (50d909fdaf6df35b04c6b6a4bcb6d675) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/23 00:49:21.0593 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/23 00:49:22.0953 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/23 00:49:23.0515 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/23 00:49:23.0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/23 00:49:23.0765 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/23 00:49:24.0062 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/23 00:49:24.0390 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/23 00:49:24.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/23 00:49:24.0781 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/23 00:49:24.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/23 00:49:25.0250 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/23 00:49:25.0453 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/23 00:49:25.0734 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/23 00:49:25.0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/23 00:49:26.0187 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/23 00:49:26.0828 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/10/23 00:49:27.0843 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/23 00:49:28.0578 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/23 00:49:29.0437 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/10/23 00:49:30.0203 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/23 00:49:31.0031 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/23 00:49:31.0515 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/23 00:49:31.0953 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/10/23 00:49:32.0562 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/10/23 00:49:33.0078 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/10/23 00:49:33.0890 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/10/23 00:49:34.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/23 00:49:34.0843 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2010/10/23 00:49:36.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/23 00:49:36.0578 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/23 00:49:36.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/23 00:49:37.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/23 00:49:37.0140 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/23 00:49:37.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/23 00:49:38.0062 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/23 00:49:38.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/23 00:49:38.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/23 00:49:38.0828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/23 00:49:39.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/23 00:49:39.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/23 00:49:39.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/23 00:49:39.0375 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2010/10/23 00:49:39.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/23 00:49:39.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/23 00:49:40.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/23 00:49:40.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/23 00:49:40.0140 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/23 00:49:40.0203 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/23 00:49:40.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/23 00:49:40.0640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/23 00:49:40.0734 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/23 00:49:40.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/23 00:49:41.0187 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/23 00:49:41.0343 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/23 00:49:41.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/23 00:49:41.0921 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/23 00:49:42.0015 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/23 00:49:42.0078 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/10/23 00:49:42.0140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/23 00:49:42.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/23 00:49:42.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/23 00:49:42.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/23 00:49:42.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/23 00:49:42.0843 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/23 00:49:42.0937 Pcouffin (e35bbe95051ce765b874ae5419e49e1d) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2010/10/23 00:49:43.0453 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/23 00:49:43.0890 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/23 00:49:44.0031 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/23 00:49:44.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/23 00:49:44.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/23 00:49:44.0203 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/23 00:49:44.0265 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/23 00:49:44.0312 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/23 00:49:44.0359 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/23 00:49:44.0421 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/23 00:49:44.0484 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/23 00:49:44.0625 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/23 00:49:44.0781 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/23 00:49:45.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/23 00:49:45.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/23 00:49:45.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/23 00:49:45.0546 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/23 00:49:45.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/23 00:49:45.0718 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/23 00:49:46.0015 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/23 00:49:46.0640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/23 00:49:46.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/23 00:49:47.0031 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/23 00:49:47.0187 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/23 00:49:47.0312 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/23 00:49:47.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/23 00:49:47.0484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/23 00:49:47.0703 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/23 00:49:47.0843 StreamDispatcher (3e5aa17e13fba9969d17b5455bde8efd) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2010/10/23 00:49:48.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/23 00:49:48.0828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/23 00:49:48.0921 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/23 00:49:49.0468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/23 00:49:49.0875 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/23 00:49:50.0000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/23 00:49:50.0437 SynTP (b6396adc5b0aa50e20e7a7169843af59) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/23 00:49:50.0875 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/23 00:49:51.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/23 00:49:51.0218 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/23 00:49:51.0281 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/23 00:49:51.0437 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/23 00:49:51.0625 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/23 00:49:51.0718 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/23 00:49:51.0781 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/23 00:49:52.0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/23 00:49:52.0468 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/23 00:49:53.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/23 00:49:53.0156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/23 00:49:53.0250 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/23 00:49:53.0312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/23 00:49:53.0390 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/23 00:49:53.0453 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/23 00:49:53.0687 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/23 00:49:53.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/23 00:49:53.0828 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/23 00:49:53.0875 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/23 00:49:53.0906 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/23 00:49:53.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/23 00:49:54.0078 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2010/10/23 00:49:54.0765 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/23 00:49:54.0890 winachsf (88a5f20c6c221e50f01c00d8235db8c4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/23 00:49:55.0437 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/23 00:49:55.0531 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/23 00:49:55.0562 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/23 00:49:55.0671 {6080A529-897E-4629-A488-ABA0C29B635E} (1a301c3c65a3d119803fbac5ab65897f) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/10/23 00:49:56.0046 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (4afee4b1625d5146b16526e48953d7a6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/10/23 00:49:56.0234 ================================================================================
2010/10/23 00:49:56.0234 Scan finished
2010/10/23 00:49:56.0234 ================================================================================

Agustina
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-09-19
OS : Vista
Points : 26662
# Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on Mon Oct 25, 2010 6:57 pm

Bump, I think.

Agustina
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-09-19
OS : Vista
Points : 26662
# Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on Tue Oct 26, 2010 12:01 am

Hello.

Please reboot your computer, when prompted with a new menu that lists this:



Select the Recovery Console option. Next, enter option 1 for your OS.



When prompted with C:\Windows>, type in "fixmbr" without the quote marks. You may be prompted with a yes/no warning, if so enter yes.

Next, type exit and reboot your machine.



Next, please re-run MBRCheck and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on Tue Oct 26, 2010 12:23 am

I hope it didn't get cut off this time... Also, about the Western Digital thing that shows up towards the end, my dad got a My Passport external hard drive recently and I guess he installed it even though I wanted him to wait till we were done. :/ He probably wanted to back up his pictures and music before we did anything else.

-----------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 175):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7A89000 \WINDOWS\system32\KDCOM.DLL
0xF7999000 \WINDOWS\system32\BOOTVID.dll
0xF753A000 ACPI.sys
0xF7A8B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7529000 pci.sys
0xF7589000 isapnp.sys
0xF799D000 ACPIEC.sys
0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF79A1000 compbatt.sys
0xF79A5000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B52000 pciide.sys
0xF7809000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A8D000 aliide.sys
0xF7A8F000 intelide.sys
0xF7A91000 toside.sys
0xF7A93000 viaide.sys
0xF7A95000 cmdide.sys
0xF750B000 pcmcia.sys
0xF7599000 MountMgr.sys
0xF74EC000 ftdisk.sys
0xF7811000 PartMgr.sys
0xF75A9000 VolSnap.sys
0xF79A9000 cpqarray.sys
0xF74D4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74BC000 atapi.sys
0xF79AD000 aha154x.sys
0xF7819000 sparrow.sys
0xF79B1000 symc810.sys
0xF75B9000 aic78xx.sys
0xF79B5000 dac960nt.sys
0xF75C9000 ql10wnt.sys
0xF79B9000 amsint.sys
0xF7821000 asc.sys
0xF79BD000 asc3550.sys
0xF7829000 mraid35x.sys
0xF7831000 i2omp.sys
0xF79C1000 ini910u.sys
0xF75D9000 ql1240.sys
0xF75E9000 aic78u2.sys
0xF7839000 symc8xx.sys
0xF7841000 sym_hi.sys
0xF7849000 sym_u3.sys
0xF7851000 ABP480N5.SYS
0xF7859000 asc3350p.sys
0xF7A97000 cd20xrnt.sys
0xF75F9000 ultra.sys
0xF74A3000 adpu160m.sys
0xF7861000 dpti2o.sys
0xF7609000 ql1080.sys
0xF7619000 ql1280.sys
0xF7629000 ql12160.sys
0xF7869000 perc2.sys
0xF7A99000 perc2hib.sys
0xF7871000 hpn.sys
0xF79C5000 cbidf2k.sys
0xF7477000 dac2w2k.sys
0xF7639000 disk.sys
0xF7649000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7457000 fltmgr.sys
0xF7445000 sr.sys
0xF73E8000 mfehidk.sys
0xF7659000 PxHelp20.sys
0xF73D1000 KSecDD.sys
0xF73BE000 WudfPf.sys
0xF7331000 Ntfs.sys
0xF7304000 NDIS.sys
0xF7669000 sisagp.sys
0xF7679000 viaagp.sys
0xF7689000 ohci1394.sys
0xF7699000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72EA000 Mup.sys
0xF76A9000 agp440.sys
0xF76B9000 alim1541.sys
0xF76C9000 amdagp.sys
0xF76D9000 agpCPQ.sys
0xF724A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6756000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6742000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7951000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF671E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7959000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF66C3000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6EA0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7961000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6697000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AB7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7969000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6E90000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7971000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF6E80000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6E70000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6674000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7979000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF6631000 \SystemRoot\system32\drivers\camchal.sys
0xF65E9000 \SystemRoot\system32\drivers\camcaud.sys
0xF65C5000 \SystemRoot\system32\drivers\portcls.sys
0xF6E60000 \SystemRoot\system32\drivers\drmk.sys
0xF659C000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF648D000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF63F4000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7981000 \SystemRoot\System32\Drivers\Modem.SYS
0xF721E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7BCD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF63E0000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF6E50000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7216000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF63C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6E40000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6E30000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7989000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF63B8000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6E20000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6394000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6349000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7991000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7881000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6E10000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xF7729000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7ABB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF62C3000 \SystemRoot\system32\DRIVERS\update.sys
0xF71DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7739000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE203000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEE1E5000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF7759000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6771000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE132000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xF7B62000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7B5E000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7ABF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B60000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AC1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78A1000 \SystemRoot\System32\drivers\vga.sys
0xF7AC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78A9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78B1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF676D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE0FF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE0A6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE093000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEE06D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE045000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7769000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDFFB000 \SystemRoot\System32\drivers\afd.sys
0xF7779000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDFD0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDF60000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7799000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDEEC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDED4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AD5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6335000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78C1000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C12000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDDB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDB37000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xED9C7000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDA6B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7911000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xED20A000 \SystemRoot\System32\Drivers\HTTP.sys
0xED182000 \SystemRoot\system32\drivers\cfwids.sys
0xED0DD000 \SystemRoot\system32\drivers\wdmaud.sys
0xF72BA000 \SystemRoot\system32\drivers\sysaudio.sys
0xED3D3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
900 C:\WINDOWS\system32\smss.exe
956 csrss.exe
980 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1036 C:\WINDOWS\system32\lsass.exe
1196 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1328 C:\WINDOWS\system32\svchost.exe
1368 C:\WINDOWS\system32\svchost.exe
1416 svchost.exe
1460 svchost.exe
1872 C:\WINDOWS\system32\spoolsv.exe
1948 svchost.exe
1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1992 C:\Program Files\Bonjour\mDNSResponder.exe
2012 C:\WINDOWS\system32\CTSVCCDA.EXE
388 C:\Program Files\Java\jre6\bin\jqs.exe
412 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
548 C:\WINDOWS\system32\mfevtps.exe
572 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
1160 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
1472 C:\WINDOWS\system32\svchost.exe
1412 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
1556 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
1900 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
1040 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1204 C:\WINDOWS\system32\svchost.exe
1468 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
2100 C:\WINDOWS\system32\wuauclt.exe
2116 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
3080 alg.exe
2360 C:\WINDOWS\system32\svchost.exe
2472 C:\WINDOWS\explorer.exe
2784 C:\WINDOWS\system32\rundll32.exe
4032 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
812 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
208 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
860 C:\Program Files\Digital Media Reader\shwicon2k.exe
924 C:\WINDOWS\system32\igfxtray.exe
1236 C:\WINDOWS\system32\hkcmd.exe
1252 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2180 C:\Program Files\QuickTime\QTTask.exe
2144 C:\Program Files\iTunes\iTunesHelper.exe
2352 C:\Program Files\McAfee.com\Agent\mcagent.exe
2416 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2468 C:\Program Files\Messenger\msmsgs.exe
2780 C:\Program Files\McAfee Online Backup\MOBKstat.exe
2876 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
1788 C:\Program Files\iPod\bin\iPodService.exe
2788 C:\Documents and Settings\Wilfredo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`e2031a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HTS421280H9AT00, Rev: HA3OA70G

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Agustina
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-09-19
OS : Vista
Points : 26662
# Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on Tue Oct 26, 2010 12:35 am

Heh, that killed the MBR infection. Don't worry about the external, it's fine.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on Thu Oct 28, 2010 3:17 am

Sorry about the delay! The ESET online scanner kept getting stuck on those PDF files I mentioned before and never got past 46%, so I had to wait for my dad to go through them and either delete them or store them somewhere else so the scan could complete.

Anyway, the scan FINALLY finished all the way through but I made the mistake of asking it to uninstall the files at the end and so I can't find the log for the scan. Sad tearing BUT it did say "No threats found"! It didn't find any infected files or anything and so it didn't have to quarantine or delete anything. YAAAY! Does that mean it's over?

Once again, thank you so much for your help!

Agustina
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-09-19
OS : Vista
Points : 26662
# Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on Fri Oct 29, 2010 5:12 pm

Hello.
Should be good now, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on Sat Oct 30, 2010 12:52 am

YAAAY! Thank you so much! That is a relief. The computer is running the same as it always has before this whole thing (way slower than our other ones but maybe it's just cause it's old?), so I think it's okay? HOORAY~!

Agustina
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-09-19
OS : Vista
Points : 26662
# Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on Sat Oct 30, 2010 11:16 pm

Your slowness is caused by really bad hardware, your log showed you have 512mb of RAM, when really a computer nowadays needs at the very least 1.5gb to work as a decent speed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum