Starting on the 9th I've been bombarded with maliciousl url blocks which include :
URL:
http://37.220.36.44/x/Process: \\.\globalroot\systemroot\svchost.exe
Infection: URL:Mal
URL:
http://colexity777.com/x/Process: \\.\globalroot\systemroot\svchost.exe
Infection: URL:Mal
espeak911.com/x/
This is happening in tandem with having downloaded a driver for an old video capture card from 2004. the driver was from kworld.com. I have also gotten bsod with driver errors and others.
I don't know what is causing what but I do want to take care of this malicous url issue while my computer is running.
I read another post with the same issue and I followed the directions posted there to run aswMBR
here is the log:
11:03:05.744 ComputerName: xxxxx UserName: xxxxx
11:03:07.803 Initialize success
11:03:07.943 AVAST engine defs: 12082100
11:03:19.206 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:03:19.206 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
11:03:19.206 Device \Driver\atapi -> MajorFunction fffffa80069e05e8
11:03:19.269 Disk 0 MBR read successfully
11:03:19.269 Disk 0 MBR scan
11:03:19.284 Disk 0 Windows 7 default MBR code
11:03:19.284 Disk 0 MBR hidden
11:03:19.284 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
11:03:19.316 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
11:03:19.331 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595064 MB offset 31569920
11:03:19.425 Disk 0 scanning C:\Windows\system32\drivers
11:03:28.319 Service scanning
11:03:46.306 Modules scanning
11:03:46.306 Disk 0 trace - called modules:
11:03:46.306 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069e05e8]<<
11:03:46.306 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006279060]
11:03:46.306 3 CLASSPNP.SYS[fffff8800192343f] -> nt!IofCallDriver -> [0xfffffa8005bda520]
11:03:46.306 5 ACPI.sys[fffff88000f71781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bd6680]
11:03:46.306 \Driver\atapi[0xfffffa80062b8ac0] -> IRP_MJ_CREATE -> 0xfffffa80069e05e8
11:03:47.694 AVAST engine scan C:\Windows
11:04:02.296 AVAST engine scan C:\Windows\system32
11:07:16.102 AVAST engine scan C:\Windows\system32\drivers
11:08:02.214 AVAST engine scan C:\Users\Saint
11:24:59.624 AVAST engine scan C:\ProgramData
11:27:51.727 Scan finished successfully
11:34:21.998 Disk 0 MBR has been saved successfully to "C:\Users\Saint\Desktop\MBR.dat"
11:34:21.998 The log file has been saved successfully to "C:\Users\Saint\Desktop\aswMBR.txt"
Please advice.
Thanks!
