Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unusual traffic from computer network

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Unusual traffic from computer network

Unread postby zeax.ikim » April 2nd, 2012, 9:08 pm

systemlook.log
____________________________________________________________________________________________________________

SystemLook 30.07.11 by jpshortstuff
Log created at 12:00 on 02/04/2012 by Kim
Administrator - Elevation successful

========== filefind ==========

Searching for "OSO.exe"
No files found.

Searching for "Iexplores.exe"
No files found.

Searching for "System32.exe"
No files found.

Searching for "ie.exe"
No files found.

Searching for "tn0k.exe"
No files found.

Searching for "ntdelect.com"
No files found.

Searching for "infrom.exe"
No files found.

Searching for "tfk8.exe"
No files found.

Searching for "Setup.exe"
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe --a--c- 165888 bytes [17:18 12/07/2006] [09:23 27/11/2000] 53021A8286C2BF09A35937DAE78E18D5
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\setup.exe --a--c- 116688 bytes [17:14 12/07/2006] [03:10 18/04/2004] DD11E8FED01AC201C24C7DF5F786ADF5
C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe --a--c- 168448 bytes [07:21 14/08/2006] [12:03 04/09/2001] FB6674A519505CC93E28CF600BBC23A3
C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe --a--c- 116880 bytes [07:25 22/10/2008] [02:55 11/11/2003] CAFB55AA463C6DF8802122838D50D2BB
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe --a--c- 116880 bytes [17:17 12/07/2006] [06:31 24/04/2006] CAFB55AA463C6DF8802122838D50D2BB
C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\Setup.exe --a--c- 168448 bytes [13:19 17/08/2006] [05:03 05/09/2001] FB6674A519505CC93E28CF600BBC23A3
C:\Program Files\InstallShield Installation Information\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\Setup.exe --a--c- 168448 bytes [13:22 17/08/2006] [02:00 05/09/2001] FB6674A519505CC93E28CF600BBC23A3
C:\Program Files\Western Digital\My Book Essential Tools\Setup.exe --a--c- 212992 bytes [12:30 09/07/2008] [02:02 26/06/2007] 29426860FCCD6E778D879DA13FF746AC
C:\Program Files\Western Digital\My Book Essential Tools\Diagnostics\Setup.exe --a--c- 5558677 bytes [12:30 09/07/2008] [00:19 31/01/2007] 9CC52E1EB29C62CAF3FCA66A129BDAB2
C:\Program Files\Western Digital\My Book Essential Tools\MemBackup\Setup.exe --a--c- 52225952 bytes [12:30 09/07/2008] [07:33 13/07/2007] 2F52FB259A3F5AADFB5D73320E3BB7C8
C:\Program Files\Western Digital\My Book Essential Tools\MemSync\Setup.exe --a--c- 52836656 bytes [12:30 09/07/2008] [23:50 06/07/2007] 63F7000CAFA452445AC07399DA20F62D
C:\WINDOWS\$NtServicePackUninstall$\setup.exe -----c- 23040 bytes [21:26 25/08/2008] [10:00 04/08/2004] C861F40822FB4FCAF6E82FB79E82F337
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe --a--c- 269304 bytes [08:47 29/07/2008] [08:47 29/07/2008] D69997274BB90D26092E24DD2F7165EE
C:\WINDOWS\ServicePackFiles\i386\setup.exe -----c- 23040 bytes [21:11 25/08/2008] [00:12 14/04/2008] 759A1524C60DA113B43C5A13B5FD39AC
C:\WINDOWS\system32\setup.exe --a--c- 23040 bytes [10:00 04/08/2004] [00:12 14/04/2008] 759A1524C60DA113B43C5A13B5FD39AC

Searching for "AutoRun"
No files found.

Searching for "Auto&Play"
No files found.

-= EOF =-
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm
Advertisement
Register to Remove

Re: Unusual traffic from computer network

Unread postby zeax.ikim » April 2nd, 2012, 9:11 pm

aswMBR.log
_____________________________________________________________________________________________________________

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-02 12:26:10
-----------------------------
12:26:10.706 OS Version: Windows 5.1.2600 Service Pack 3
12:26:10.706 Number of processors: 2 586 0xE08
12:26:10.706 ComputerName: IKIM UserName: Kim
12:29:01.737 Initialze error 0 - driver not loaded
12:47:31.190 AVAST engine defs: 12040101
12:48:48.378 Service scanning
12:49:00.628 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
12:49:00.674 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
12:49:00.940 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
12:49:00.956 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:49:14.987 Service TSP C:\WINDOWS\system32\drivers\klif.sys **LOCKED** 5
12:49:19.924 Modules scanning
12:49:19.924 Disk 0 trace - called modules:
12:49:19.940
12:49:23.221 AVAST engine scan C:\WINDOWS
12:49:45.362 AVAST engine scan C:\WINDOWS\system32
12:53:55.549 AVAST engine scan C:\WINDOWS\system32\drivers
12:54:20.159 AVAST engine scan C:\Documents and Settings\Kim
13:15:41.799 AVAST engine scan C:\Documents and Settings\All Users
13:20:34.534 Scan finished successfully
14:00:46.331 The log file has been saved successfully to "C:\Documents and Settings\Kim\Desktop\aswMBR.txt"
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby zeax.ikim » April 2nd, 2012, 10:55 pm

eset log
____________________________________________________________________________________________________________

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=08a14ca1a417db42bef7c249abeba5ce
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-03 02:49:46
# local_time=2012-04-03 12:49:46 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 455020 455020 0 0
# compatibility_mode=1024 16777215 100 0 74519705 74519705 0 0
# compatibility_mode=1280 16777191 100 0 2624423 2624423 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=94885
# found=1
# cleaned=0
# scan_time=5742
C:\_OTL\MovedFiles\03262012_110846\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby zeax.ikim » April 2nd, 2012, 11:05 pm

Hi Maxi,

The Eset scanning took a while =) but is finally done.

Also my Kaspersky trial version was due ytd. I'm afraid my computer has no protection atm. Kindly advice.

Thank you very much. Best regards.
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby zeax.ikim » April 2nd, 2012, 11:15 pm

Hi Maxi,

I also noticed that a program AVP.exe always pop up on my Task Manager prompting to end program when i shut off/ restart my computer. I don't see any icon on my taskbar and I have never open the program. Kindly advice.

Thank you again :)
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby maxi » April 3rd, 2012, 9:00 am

Hi zeax.ikim,

Below are two good free anti-virus programs. You should pick one of them and download it to your desktop.


Once you have downloaded a new Antivirus installer, go to Add/Remove Programs in the Control Panel and Uninstall Kaspersky.
Restart your computer.
Then double click the new Antivirus installer. When the installation is complete, allow it to update itself, scan, and remove anything it wants.


When you are finished with installing and scanning with your new AV please follow the instructions below.



MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Double click on MBRCheck.exe to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby zeax.ikim » April 3rd, 2012, 11:44 pm

Thank you Maxi for your very kind and prompt reply.

I have installed Microsoft Security Essentials. Scan was clean =)

Please find the following log as per requested.
___________________________________________________________________________________________________________

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7717000 cercsr6.sys
0xF74A8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7488000 fltmgr.sys
0xF7476000 sr.sys
0xF7667000 PxHelp20.sys
0xF7870000 KSecDD.sys
0xF785D000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7830000 NDIS.sys
0xF796D000 Mup.sys
0xF771F000 BTHidMgr.sys
0xBA7CC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7577000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA7C8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB937E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB936A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9342000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB91E5000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB91C1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77FF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7567000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7557000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB91AD000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7807000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF7547000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB9161000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB955C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9C9A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9C92000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB954C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB953C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB952C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB913E000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9C8A000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA7B4000 \SystemRoot\system32\DRIVERS\fsvga.sys
0xBA3DC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB94CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9127000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7537000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7527000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB9C82000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9116000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7517000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB9C7A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB9C72000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7507000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79C9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB90B8000 \SystemRoot\system32\DRIVERS\update.sys
0xBA071000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9C6A000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7446000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8B20000 \SystemRoot\system32\drivers\sthda.sys
0xA8AFC000 \SystemRoot\system32\drivers\portcls.sys
0xBA013000 \SystemRoot\system32\drivers\drmk.sys
0xA8ACA000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA89CD000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA891D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7767000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9FF3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79EF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA7E8000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA8476000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF79AD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA8321000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7787000 \SystemRoot\System32\drivers\vga.sys
0xF79B1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7797000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB90A8000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA81C3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA816A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA811A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA80F4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9094000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA80D2000 \SystemRoot\System32\drivers\afd.sys
0xB951C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB950C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB94DC000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF779F000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xA80A7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8037000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA033000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8911000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xA5997000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA45EE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA5B0B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA4A10000 \SystemRoot\System32\drivers\Dxapi.sys
0xA5717000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AA6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF159000 \SystemRoot\System32\ATMFD.DLL
0xA7F63000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA86C8000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA5874000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA4A00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA44C1000 \SystemRoot\system32\drivers\wdmaud.sys
0xA5FB5000 \SystemRoot\system32\drivers\sysaudio.sys
0xA4236000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA3FED000 \SystemRoot\System32\Drivers\HTTP.sys
0xA42AB000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xA3E55000 \SystemRoot\system32\DRIVERS\srv.sys
0xA3FD9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7777000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA335F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
0 System Idle Process
4 System
776 C:\WINDOWS\system32\smss.exe
844 csrss.exe
868 C:\WINDOWS\system32\winlogon.exe
912 C:\WINDOWS\system32\services.exe
924 C:\WINDOWS\system32\lsass.exe
1088 C:\WINDOWS\system32\svchost.exe
1156 svchost.exe
1312 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1384 C:\WINDOWS\system32\svchost.exe
1452 C:\WINDOWS\system32\svchost.exe
1528 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1572 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1604 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1768 svchost.exe
1872 svchost.exe
132 C:\WINDOWS\system32\spoolsv.exe
1056 C:\WINDOWS\explorer.exe
1840 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
1892 C:\Program Files\Logitech\QuickCam\Quickcam.exe
1924 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1952 C:\Program Files\QuickTime\QTTask.exe
1964 C:\Program Files\iTunes\iTunesHelper.exe
220 C:\Program Files\Microsoft Security Client\msseces.exe
332 C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
188 C:\WINDOWS\system32\ctfmon.exe
444 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
496 C:\Program Files\PPStream\PPSAP.exe
520 C:\Program Files\Windows Media Player\wmpnscfg.exe
628 svchost.exe
664 C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
684 C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe
700 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1680 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
1736 C:\WINDOWS\system32\svchost.exe
2088 C:\Program Files\Java\jre6\bin\jqs.exe
2232 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2360 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2500 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2556 C:\WINDOWS\system32\tcpsvcs.exe
2612 C:\WINDOWS\system32\svchost.exe
3076 wmpnetwk.exe
512 C:\Program Files\iPod\bin\iPodService.exe
2536 alg.exe
2936 C:\WINDOWS\system32\wuauclt.exe
2736 C:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
3468 C:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
3652 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
1120 C:\WINDOWS\system32\conime.exe
1824 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
5212 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
6036 C:\Program Files\Internet Explorer\iexplore.exe
1336 C:\Program Files\Internet Explorer\iexplore.exe
4460 C:\Documents and Settings\Kim\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`0398d800 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541060G9SA00, Rev: MB3OC60R

Size Device Name MBR Status
--------------------------------------------
54 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby maxi » April 4th, 2012, 11:07 am

Hi zeax.ikim,

Please run mbrCheck again.

At "Found non-standard or infected MBR".
Enter 'Y' and hit ENTER for more options.
At "Options"
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice", type 1and hit "Enter".
At "Enter the physical disk number to fix (0-99, -1 to cancel):" Enter 0 for drive C:
At "Enter filename to dump to:" Type "mbr-dump.dat" and press Enter
At "Enter the physical disk number to fix (0-99, -1 to cancel):" Enter -1
At the next prompt, press ENTER.
A file mbr-dump.dat will be produced on the desktop.



Please go to http://www.virustotal.com click on 'Choose file', and send the following file for analysis:
mbr-dump.dat (It will be on your desktop)

After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here for me. Don't copy the page, just post the address from its URL bar.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby askey127 » April 9th, 2012, 1:16 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware