Hello!
Today my computer has been infected: my browsing redirects via 100ksearches.com, my AVG has been neutered, and it really didn't want me to run OTL (it force closes and then locks the program, claiming I don't have permission to run it.)
Obviously with OTL closing before it can do anything, I can't add OTL logs here. I have run aswMBR and Security Check with no problems, however, and the logs are here:
aswMBR.txt
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-25 15:42:13
-----------------------------
15:42:13.989 OS Version: Windows 6.1.7600
15:42:13.990 Number of processors: 2 586 0x170A
15:42:13.991 ComputerName: LAPTOP-THE-3RD UserName: Jamie
15:42:15.318 Initialize success
15:44:48.443 AVAST engine defs: 11072500
15:45:19.005 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:45:19.010 Disk 0 Vendor: ST9160827AS 3.ADB Size: 152627MB BusType: 11
15:45:19.026 Disk 0 MBR read successfully
15:45:19.029 Disk 0 MBR scan
15:45:19.036 Disk 0 Windows 7 default MBR code
15:45:19.042 Disk 0 scanning sectors +312579760
15:45:19.126 Disk 0 scanning C:\Windows\system32\drivers
15:45:22.428 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-F [Drp]
15:45:35.304 Service scanning
15:45:36.962 Modules scanning
15:45:42.021 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
15:45:47.266 Disk 0 trace - called modules:
15:45:47.284 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xaddd1f00]<<
15:45:47.621 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8635b2e0]
15:45:47.627 3 CLASSPNP.SYS[8b5c459e] -> nt!IofCallDriver -> [0x85cc7ef8]
15:45:47.635 \Driver\02633880[0x85b85888] -> IRP_MJ_CREATE -> 0xaddd1f00
15:45:48.739 AVAST engine scan C:\Windows
15:45:51.943 AVAST engine scan C:\Windows\system32
15:48:42.235 AVAST engine scan C:\Windows\system32\drivers
15:48:45.294 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-F [Drp]
15:48:58.731 AVAST engine scan C:\Users\Jamie
16:04:42.546 AVAST engine scan C:\ProgramData
16:08:22.627 Scan finished successfully
16:08:49.269 Disk 0 MBR has been saved successfully to "C:\Users\Jamie\Desktop\MBR.dat"
16:08:49.278 The log file has been saved successfully to "C:\Users\Jamie\Desktop\aswMBR.txt"
checkup.txt
Results of screen317's Security Check version 0.99.17
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SpyNoMore 2.98
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 26
Java DB 10.6.2.1
Adobe Flash Player 10.3.181.26
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
Any assistance would be very gratefully recieved.
Thanks in advance!
Jamie
Today my computer has been infected: my browsing redirects via 100ksearches.com, my AVG has been neutered, and it really didn't want me to run OTL (it force closes and then locks the program, claiming I don't have permission to run it.)
Obviously with OTL closing before it can do anything, I can't add OTL logs here. I have run aswMBR and Security Check with no problems, however, and the logs are here:
aswMBR.txt
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-25 15:42:13
-----------------------------
15:42:13.989 OS Version: Windows 6.1.7600
15:42:13.990 Number of processors: 2 586 0x170A
15:42:13.991 ComputerName: LAPTOP-THE-3RD UserName: Jamie
15:42:15.318 Initialize success
15:44:48.443 AVAST engine defs: 11072500
15:45:19.005 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:45:19.010 Disk 0 Vendor: ST9160827AS 3.ADB Size: 152627MB BusType: 11
15:45:19.026 Disk 0 MBR read successfully
15:45:19.029 Disk 0 MBR scan
15:45:19.036 Disk 0 Windows 7 default MBR code
15:45:19.042 Disk 0 scanning sectors +312579760
15:45:19.126 Disk 0 scanning C:\Windows\system32\drivers
15:45:22.428 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-F [Drp]
15:45:35.304 Service scanning
15:45:36.962 Modules scanning
15:45:42.021 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
15:45:47.266 Disk 0 trace - called modules:
15:45:47.284 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xaddd1f00]<<
15:45:47.621 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8635b2e0]
15:45:47.627 3 CLASSPNP.SYS[8b5c459e] -> nt!IofCallDriver -> [0x85cc7ef8]
15:45:47.635 \Driver\02633880[0x85b85888] -> IRP_MJ_CREATE -> 0xaddd1f00
15:45:48.739 AVAST engine scan C:\Windows
15:45:51.943 AVAST engine scan C:\Windows\system32
15:48:42.235 AVAST engine scan C:\Windows\system32\drivers
15:48:45.294 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-F [Drp]
15:48:58.731 AVAST engine scan C:\Users\Jamie
16:04:42.546 AVAST engine scan C:\ProgramData
16:08:22.627 Scan finished successfully
16:08:49.269 Disk 0 MBR has been saved successfully to "C:\Users\Jamie\Desktop\MBR.dat"
16:08:49.278 The log file has been saved successfully to "C:\Users\Jamie\Desktop\aswMBR.txt"
checkup.txt
Results of screen317's Security Check version 0.99.17
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SpyNoMore 2.98
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 26
Java DB 10.6.2.1
Adobe Flash Player 10.3.181.26
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
Any assistance would be very gratefully recieved.
Thanks in advance!
Jamie