Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't remove Alueron>e


  • This topic is locked This topic is locked
20 replies to this topic

#1 mugwamp

mugwamp

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 03 March 2012 - 06:37 AM

Thank you for the help, here we go.

I followed your instructions, here are 'dds.txt' and 'attach.txt'. I ran 'gmer' twice each time it would hang at C:\io.sys. This is of gmer message from one of attempts.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-03 09:01:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000064 WDC_WD2500AAJS-00VTA0 rev.01.01B01
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\kgacakow.sys


---- Services - GMER 1.0.15 ----

Service C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{148A1751-7002-4AA5-B6DE-B56D4DC9477C}\MpKsl5e2ac602.sys (*** hidden *** ) [SYSTEM] MpKsl5e2ac602 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mike at 6:56:17 on 2012-03-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2644 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.net
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://att.net
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NUSB3MON] "c:\program files\western digital\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1324561695234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{18B8E33D-D658-47BD-BC90-F26A3D0C06D6} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl359119d7;MpKsl359119d7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6272d33b-aa47-41fe-9dd1-ac87ac740f5d}\MpKsl359119d7.sys [2012-3-2 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-23 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-23 20464]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]
RUnknown MpKsl0a97b506;MpKsl0a97b506; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-22 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-22 136176]
S3 vtdg46xx;vtdg46xx;\??\c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys --> c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [?]
.
=============== Created Last 30 ================
.
2012-03-02 23:44:28 -------- d-----w- c:\program files\ESET
2012-03-02 17:58:42 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6272d33b-aa47-41fe-9dd1-ac87ac740f5d}\MpKsl359119d7.sys
2012-03-02 17:01:26 -------- d-----w- c:\documents and settings\mike\application data\SUPERAntiSpyware.com
2012-03-02 17:00:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-02 17:00:51 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-02 15:42:12 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6272d33b-aa47-41fe-9dd1-ac87ac740f5d}\MpKsl0a97b506.sys
2012-03-02 12:04:18 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6272d33b-aa47-41fe-9dd1-ac87ac740f5d}\offreg.dll
2012-03-02 11:19:09 -------- d-----w- c:\program files\Windows Resource Kits
2012-03-01 22:09:43 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6272d33b-aa47-41fe-9dd1-ac87ac740f5d}\mpengine.dll
2012-03-01 22:07:42 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-28 18:14:29 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-28 17:21:45 181760 ----a-w- c:\windows\patchw32.dll
2012-02-28 17:18:41 53248 ------w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2012-02-28 17:18:41 126976 ------w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2012-02-28 17:18:40 114688 ------w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2012-02-28 17:18:27 -------- d-----w- c:\program files\McAfee UnInstaller 6.5 Demo English
2012-02-26 16:26:36 -------- d-sha-r- C:\cmdcons
2012-02-24 14:53:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 14:18:05 -------- d-----w- c:\documents and settings\mike\application data\TeamViewer
2012-02-24 11:22:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-24 11:22:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-23 18:21:08 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 12:37:47 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 12:37:47 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-02-20 19:20:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-13 23:13:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-13 23:13:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 18:50:40 501760 ----a-w- c:\windows\system32\Deutz Engine.scr
2011-12-22 18:50:40 501760 ----a-w- c:\windows\system32\Deutz Engine.exe
2011-12-21 23:35:00 4501 ----a-w- c:\windows\gdrv.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 6:57:05.39 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2011 4:49:16 PM
System Uptime: 3/2/2012 12:47:49 PM (18 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M61P-S3
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5600+ | Socket M2 | 2812/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 186.154 GiB free.
D: is FIXED (NTFS) - 439 GiB total, 424.062 GiB free.
E: is FIXED (NTFS) - 492 GiB total, 486.369 GiB free.
F: is CDROM (UDF)
G: is CDROM ()
I: is FIXED (NTFS) - 932 GiB total, 864.071 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Ralink Turbo Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&72ACDAA&0&3820
Manufacturer: Ralink Technology Corp.
Name: Ralink Turbo Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&72ACDAA&0&3820
Service: RT61
.
==== System Restore Points ===================
.
RP1: 3/2/2012 12:06:01 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3Dconnexion 3DxOffice
3Dconnexion 3DxWare
3Dconnexion Add-In for AutoCAD
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements
Adobe Reader X (10.1.2)
Adobe SVG Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
att.net Toolbar
AutoCAD 2000
AutoCAD 2000 Migration Assistance
Bicycle® Rummy
Bonjour
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot A1100 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CutePDF Writer 2.8
Dassault Systemes Software B03
Deutz Engine
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
ESET Online Scanner v3
ESPR320 Reference Guide
EVGA Display Driver
FormatFactory 2.80
Google Chrome
Google Earth
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
hp officejet g series
hp officejet g series - 2
iTunes
Java Auto Updater
Java™ 6 Update 30
Jigs@w Puzzle
Jigs@w Puzzle 2
LightScribe 1.4.136.1
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Minolta DiMAGE Scan Dual3 ver 1.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Essentials
NVIDIA Drivers
Photo Story 3 for Windows
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Video Driver
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
SureThing Express Labeler
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (3821b)
WebFldrs XP
Western Digital USB 3.0 Host Controller Driver
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
3/2/2012 7:14:32 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.737.0, AS: 1.121.737.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
3/2/2012 6:12:16 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.737.0, AS: 1.121.737.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
3/2/2012 6:00:15 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: MIKE-67563D2DED\Mike Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.737.0, AS: 1.121.737.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
3/2/2012 6:00:15 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: MIKE-67563D2DED\Mike Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.121.737.0, AS: 1.121.737.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
3/2/2012 12:58:29 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.737.0, AS: 1.121.737.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
3/2/2012 12:26:55 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.737.0, AS: 1.121.737.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
3/1/2012 5:30:20 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.737.0, AS: 1.121.737.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
3/1/2012 5:00:07 PM, error: Dhcp [1002] - The IP address lease 192.168.2.20 for the Network Card with network address 001A4D9B03E1 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
3/1/2012 11:17:46 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
3/1/2012 11:10:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips LUMDriver
2/28/2012 6:36:41 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.492.0, AS: 1.121.492.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/28/2012 4:11:03 PM, error: Print [6161] - The document Microsoft Word - Document1 owned by Mike failed to print on printer hp officejet g series. Data type: NT EMF 1.008. Size of the spool file in bytes: 5156. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\MIKE-67563D2DED. Win32 error code returned by the print processor: 259 (0x103).
2/28/2012 12:46:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.492.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80072efd Error description: A connection with the server could not be established
2/28/2012 12:46:44 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.492.0, AS: 1.121.492.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/27/2012 7:42:34 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.435.0, AS: 1.121.435.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/27/2012 7:26:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/27/2012 7:26:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/27/2012 7:24:05 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.435.0, AS: 1.121.435.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/27/2012 12:49:44 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.492.0, AS: 1.121.492.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/27/2012 10:20:53 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.435.0, AS: 1.121.435.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/26/2012 9:33:10 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: MIKE-67563D2DED\Mike Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.332.0, AS: 1.121.332.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/26/2012 9:33:10 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: MIKE-67563D2DED\Mike Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.121.332.0, AS: 1.121.332.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/26/2012 9:23:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.332.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
2/26/2012 9:23:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/26/2012 9:23:47 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
2/26/2012 9:16:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/26/2012 9:15:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec LUMDriver MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
2/26/2012 9:15:33 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/26/2012 9:15:33 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/26/2012 9:15:33 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/26/2012 9:15:33 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/26/2012 9:15:33 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/26/2012 9:15:33 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/26/2012 9:06:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.332.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
2/26/2012 9:05:30 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.332.0, AS: 1.121.332.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/26/2012 8:50:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec LUMDriver MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/26/2012 8:15:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/26/2012 12:47:10 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.435.0, AS: 1.121.435.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/26/2012 11:53:01 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.435.0, AS: 1.121.435.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/26/2012 11:33:38 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
2/26/2012 11:29:59 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.435.0, AS: 1.121.435.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
2/26/2012 11:29:17 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000185' while processing the file 'change.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/25/2012 7:36:38 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: MIKE-67563D2DED\Mike Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.121.332.0, AS: 1.121.332.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
.
==== End Of File ===========================


*Edit: Moved topic from Am I Infected? to the more appropriate forum and to merge posts. ~ Queen-Evie*

Edited by Queen-Evie, 03 March 2012 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 04 March 2012 - 02:12 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 04 March 2012 - 08:54 AM

Gringo
Thank you for helping me. I followed your instructions and ran COMBOFIX.
My computer runs well and the speed is fine. The only problem is that MICROSOFT SECURITY ESSENTIALS detects 'Trojan:DOS/Alureon.E' it says it either REMOVEs or QUARANTINES it, but it always comes right back.

ComboFix 12-03-03.02 - Mike 03/04/2012 8:19.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2992 [GMT -5:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 13:12 . 2012-02-08 03:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4C4B610-CD8C-4147-B87C-0F0CF3FC83AC}\mpengine.dll
2012-03-03 12:30 . 2012-02-08 03:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-02 23:44 . 2012-03-02 23:44 -------- d-----w- c:\program files\ESET
2012-03-02 17:01 . 2012-03-02 17:01 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2012-03-02 17:00 . 2012-03-02 17:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-02 17:00 . 2012-03-02 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-02 11:19 . 2012-03-02 11:19 -------- d-----w- c:\program files\Windows Resource Kits
2012-03-01 22:07 . 2012-03-01 22:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-28 18:14 . 2012-02-28 18:14 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-28 17:21 . 2001-03-30 19:24 181760 ----a-w- c:\windows\patchw32.dll
2012-02-28 17:18 . 2012-02-28 17:18 53248 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2012-02-28 17:18 . 2012-02-28 17:18 126976 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2012-02-28 17:18 . 2012-02-28 17:18 114688 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2012-02-28 17:18 . 2012-02-28 17:18 -------- d-----w- c:\program files\McAfee UnInstaller 6.5 Demo English
2012-02-26 13:09 . 2012-02-26 13:10 -------- d-----w- c:\documents and settings\Administrator
2012-02-24 14:53 . 2012-02-24 14:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 14:18 . 2012-02-24 14:18 -------- d-----w- c:\documents and settings\Mike\Application Data\TeamViewer
2012-02-24 11:22 . 2012-02-24 11:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-23 18:21 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 12:37 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 12:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 19:20 . 2012-01-21 13:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-13 23:13 . 2012-01-13 23:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-13 23:13 . 2012-01-13 23:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2007-07-27 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 18:50 . 2011-12-22 18:50 501760 ----a-w- c:\windows\system32\Deutz Engine.exe
2011-12-22 18:50 . 2011-12-22 18:50 501760 ----a-w- c:\windows\system32\Deutz Engine.scr
2011-12-21 23:35 . 2011-12-21 23:27 4501 ----a-w- c:\windows\gdrv.sys
2011-12-17 19:46 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-12-23 13:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-09-25 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"NUSB3MON"="c:\program files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 1.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 2.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start 3DxWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Start 3DxWare.lnk
backup=c:\windows\pss\Start 3DxWare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 23:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-03-07 13:49 8425472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-03-07 13:49 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-14 19:00 16050176 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 23:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [7/11/2003 7:22 AM 14912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/23/2011 8:31 AM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/23/2011 8:31 AM 20464]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [11/20/2009 7:15 PM 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [11/20/2009 7:15 PM 137728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2011 9:12 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2011 9:12 AM 136176]
S3 vtdg46xx;vtdg46xx;\??\c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys --> c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 14:12]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-22 14:12]
.
2012-03-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 08:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-04 08:25:52
ComboFix-quarantined-files.txt 2012-03-04 13:25
ComboFix2.txt 2012-03-01 16:35
.
Pre-Run: 199,440,261,120 bytes free
Post-Run: 199,445,278,720 bytes free
.
- - End Of File - - B23C1D64AB5F56D8D8AFAF4DAAE7182B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 04 March 2012 - 12:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 04 March 2012 - 02:39 PM

As per your instructions. Included is TDSS log. When i run 'aswMBR' it will not complete scan. It hangs approx at C:\Documents and Settings\Mike\My Documents\..........

One line in red is 13:52:18.093 DISK 0 PARTITION 2 **INFECTED** MBR:Alureon-K [rtk]


13:34:56.0718 2204 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
13:34:57.0234 2204 ============================================================
13:34:57.0234 2204 Current date / time: 2012/03/04 13:34:57.0234
13:34:57.0234 2204 SystemInfo:
13:34:57.0234 2204
13:34:57.0234 2204 OS Version: 5.1.2600 ServicePack: 3.0
13:34:57.0234 2204 Product type: Workstation
13:34:57.0234 2204 ComputerName: MIKE-67563D2DED
13:34:57.0234 2204 UserName: Mike
13:34:57.0234 2204 Windows directory: C:\WINDOWS
13:34:57.0234 2204 System windows directory: C:\WINDOWS
13:34:57.0234 2204 Processor architecture: Intel x86
13:34:57.0234 2204 Number of processors: 2
13:34:57.0234 2204 Page size: 0x1000
13:34:57.0234 2204 Boot type: Normal boot
13:34:57.0234 2204 ============================================================
13:34:57.0781 2204 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:34:57.0781 2204 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
13:34:57.0781 2204 \Device\Harddisk0\DR0:
13:34:57.0781 2204 MBR used
13:34:57.0781 2204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
13:34:57.0781 2204 \Device\Harddisk1\DR1:
13:34:57.0781 2204 MBR used
13:34:57.0781 2204 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36EE80E1
13:34:57.0781 2204 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x36EE815F, BlocksNum 0x3D81E861
13:34:58.0265 2204 Initialize success
13:34:58.0265 2204 ============================================================
13:35:03.0359 1484 ============================================================
13:35:03.0359 1484 Scan started
13:35:03.0359 1484 Mode: Manual;
13:35:03.0359 1484 ============================================================
13:35:03.0562 1484 Abiosdsk - ok
13:35:03.0578 1484 abp480n5 - ok
13:35:03.0640 1484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:35:03.0640 1484 ACPI - ok
13:35:03.0687 1484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:35:03.0687 1484 ACPIEC - ok
13:35:03.0687 1484 adpu160m - ok
13:35:03.0718 1484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:35:03.0718 1484 aec - ok
13:35:03.0765 1484 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:35:03.0781 1484 AFD - ok
13:35:03.0781 1484 Aha154x - ok
13:35:03.0796 1484 aic78u2 - ok
13:35:03.0796 1484 aic78xx - ok
13:35:03.0812 1484 AliIde - ok
13:35:03.0859 1484 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:35:03.0859 1484 AmdK8 - ok
13:35:03.0875 1484 amsint - ok
13:35:03.0890 1484 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:35:03.0890 1484 Arp1394 - ok
13:35:03.0890 1484 asc - ok
13:35:03.0890 1484 asc3350p - ok
13:35:03.0906 1484 asc3550 - ok
13:35:03.0921 1484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:35:03.0921 1484 AsyncMac - ok
13:35:03.0937 1484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:35:03.0937 1484 atapi - ok
13:35:03.0953 1484 Atdisk - ok
13:35:03.0984 1484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:35:03.0984 1484 Atmarpc - ok
13:35:04.0015 1484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:35:04.0015 1484 audstub - ok
13:35:04.0062 1484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:35:04.0078 1484 Beep - ok
13:35:04.0218 1484 catchme - ok
13:35:04.0250 1484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:35:04.0250 1484 cbidf2k - ok
13:35:04.0250 1484 cd20xrnt - ok
13:35:04.0281 1484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:35:04.0281 1484 Cdaudio - ok
13:35:04.0328 1484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:35:04.0328 1484 Cdfs - ok
13:35:04.0359 1484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:35:04.0359 1484 Cdrom - ok
13:35:04.0359 1484 Changer - ok
13:35:04.0375 1484 CmdIde - ok
13:35:04.0390 1484 Cpqarray - ok
13:35:04.0390 1484 dac2w2k - ok
13:35:04.0406 1484 dac960nt - ok
13:35:04.0453 1484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:35:04.0453 1484 Disk - ok
13:35:04.0484 1484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:35:04.0500 1484 dmboot - ok
13:35:04.0531 1484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:35:04.0531 1484 dmio - ok
13:35:04.0546 1484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:35:04.0546 1484 dmload - ok
13:35:04.0578 1484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:35:04.0578 1484 DMusic - ok
13:35:04.0593 1484 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
13:35:04.0593 1484 dot4 - ok
13:35:04.0625 1484 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
13:35:04.0625 1484 Dot4Print - ok
13:35:04.0640 1484 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
13:35:04.0640 1484 Dot4Scan - ok
13:35:04.0671 1484 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
13:35:04.0671 1484 dot4usb - ok
13:35:04.0671 1484 dpti2o - ok
13:35:04.0703 1484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:35:04.0703 1484 drmkaud - ok
13:35:04.0750 1484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:35:04.0750 1484 Fastfat - ok
13:35:04.0781 1484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:35:04.0781 1484 Fdc - ok
13:35:04.0828 1484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:35:04.0828 1484 Fips - ok
13:35:04.0843 1484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:35:04.0843 1484 Flpydisk - ok
13:35:04.0890 1484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:35:04.0890 1484 FltMgr - ok
13:35:04.0937 1484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:35:04.0937 1484 Fs_Rec - ok
13:35:04.0968 1484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:35:04.0968 1484 Ftdisk - ok
13:35:04.0984 1484 gdrv (ec2539f4c674bd9e1ac2187101ee77cc) C:\WINDOWS\gdrv.sys
13:35:05.0468 1484 gdrv - ok
13:35:05.0609 1484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:35:05.0609 1484 GEARAspiWDM - ok
13:35:05.0656 1484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:35:05.0656 1484 Gpc - ok
13:35:05.0718 1484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:35:05.0718 1484 HDAudBus - ok
13:35:05.0750 1484 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:35:05.0750 1484 hidusb - ok
13:35:05.0765 1484 hpn - ok
13:35:05.0812 1484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:35:05.0812 1484 HTTP - ok
13:35:05.0828 1484 i2omgmt - ok
13:35:05.0828 1484 i2omp - ok
13:35:05.0859 1484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:35:05.0859 1484 i8042prt - ok
13:35:05.0859 1484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:35:05.0875 1484 Imapi - ok
13:35:05.0875 1484 ini910u - ok
13:35:06.0000 1484 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:35:06.0015 1484 IntcAzAudAddService - ok
13:35:06.0015 1484 IntelIde - ok
13:35:06.0062 1484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:35:06.0062 1484 Ip6Fw - ok
13:35:06.0093 1484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:35:06.0093 1484 IpFilterDriver - ok
13:35:06.0125 1484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:35:06.0125 1484 IpInIp - ok
13:35:06.0140 1484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:35:06.0156 1484 IpNat - ok
13:35:06.0156 1484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:35:06.0156 1484 IPSec - ok
13:35:06.0187 1484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:35:06.0187 1484 IRENUM - ok
13:35:06.0218 1484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:35:06.0218 1484 isapnp - ok
13:35:06.0234 1484 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:35:06.0234 1484 Kbdclass - ok
13:35:06.0234 1484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:35:06.0234 1484 kbdhid - ok
13:35:06.0265 1484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:35:06.0265 1484 kmixer - ok
13:35:06.0312 1484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:35:06.0312 1484 KSecDD - ok
13:35:06.0328 1484 lbrtfdc - ok
13:35:06.0343 1484 LUMDriver (a83ca48076a3c43c3b71175095838d69) C:\WINDOWS\system32\drivers\LUMDriver.sys
13:35:06.0359 1484 LUMDriver - ok
13:35:06.0437 1484 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
13:35:06.0437 1484 MarvinBus - ok
13:35:06.0468 1484 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:35:06.0468 1484 MBAMProtector - ok
13:35:06.0500 1484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:35:06.0500 1484 mnmdd - ok
13:35:06.0546 1484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:35:06.0546 1484 Modem - ok
13:35:06.0593 1484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:35:06.0593 1484 Mouclass - ok
13:35:06.0640 1484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:35:06.0640 1484 mouhid - ok
13:35:06.0640 1484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:35:06.0640 1484 MountMgr - ok
13:35:06.0671 1484 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:35:06.0671 1484 MpFilter - ok
13:35:06.0765 1484 MpKsl5e7691b7 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CCCDFB40-B9E8-47FF-A50F-B1D777551252}\MpKsl5e7691b7.sys
13:35:06.0765 1484 MpKsl5e7691b7 - ok
13:35:06.0765 1484 mraid35x - ok
13:35:06.0781 1484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:35:06.0781 1484 MRxDAV - ok
13:35:06.0812 1484 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:35:06.0812 1484 MRxSmb - ok
13:35:06.0828 1484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:35:06.0828 1484 Msfs - ok
13:35:06.0859 1484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:35:06.0859 1484 MSKSSRV - ok
13:35:06.0875 1484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:35:06.0875 1484 MSPCLOCK - ok
13:35:06.0875 1484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:35:06.0875 1484 MSPQM - ok
13:35:06.0921 1484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:35:06.0921 1484 mssmbios - ok
13:35:06.0953 1484 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:35:06.0953 1484 Mup - ok
13:35:06.0984 1484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:35:06.0984 1484 NDIS - ok
13:35:07.0031 1484 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:35:07.0031 1484 NdisTapi - ok
13:35:07.0031 1484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:35:07.0046 1484 Ndisuio - ok
13:35:07.0046 1484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:35:07.0046 1484 NdisWan - ok
13:35:07.0078 1484 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:35:07.0078 1484 NDProxy - ok
13:35:07.0109 1484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:35:07.0109 1484 NetBIOS - ok
13:35:07.0140 1484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:35:07.0140 1484 NetBT - ok
13:35:07.0171 1484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:35:07.0171 1484 NIC1394 - ok
13:35:07.0187 1484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:35:07.0187 1484 Npfs - ok
13:35:07.0218 1484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:35:07.0234 1484 Ntfs - ok
13:35:07.0296 1484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:35:07.0296 1484 Null - ok
13:35:07.0328 1484 nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
13:35:07.0328 1484 nusb3hub - ok
13:35:07.0359 1484 nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
13:35:07.0359 1484 nusb3xhc - ok
13:35:07.0515 1484 nv (8c2ed5910513a56cf78bfd86d5d0894f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:35:07.0703 1484 nv - ok
13:35:07.0750 1484 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys
13:35:07.0750 1484 nvata - ok
13:35:07.0796 1484 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:35:07.0796 1484 NVENETFD - ok
13:35:07.0843 1484 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:35:07.0843 1484 nvnetbus - ok
13:35:07.0890 1484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:35:07.0890 1484 NwlnkFlt - ok
13:35:07.0890 1484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:35:07.0890 1484 NwlnkFwd - ok
13:35:07.0906 1484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:35:07.0906 1484 ohci1394 - ok
13:35:07.0953 1484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:35:07.0953 1484 Parport - ok
13:35:07.0953 1484 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:35:07.0953 1484 PartMgr - ok
13:35:08.0000 1484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:35:08.0000 1484 ParVdm - ok
13:35:08.0015 1484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:35:08.0015 1484 PCI - ok
13:35:08.0015 1484 PCIDump - ok
13:35:08.0031 1484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:35:08.0031 1484 PCIIde - ok
13:35:08.0062 1484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:35:08.0062 1484 Pcmcia - ok
13:35:08.0062 1484 PDCOMP - ok
13:35:08.0078 1484 PDFRAME - ok
13:35:08.0078 1484 PDRELI - ok
13:35:08.0093 1484 PDRFRAME - ok
13:35:08.0093 1484 perc2 - ok
13:35:08.0109 1484 perc2hib - ok
13:35:08.0156 1484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:35:08.0156 1484 PptpMiniport - ok
13:35:08.0171 1484 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:35:08.0171 1484 Processor - ok
13:35:08.0171 1484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:35:08.0171 1484 PSched - ok
13:35:08.0203 1484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:35:08.0203 1484 Ptilink - ok
13:35:08.0203 1484 ql1080 - ok
13:35:08.0218 1484 Ql10wnt - ok
13:35:08.0218 1484 ql12160 - ok
13:35:08.0234 1484 ql1240 - ok
13:35:08.0234 1484 ql1280 - ok
13:35:08.0265 1484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:35:08.0265 1484 RasAcd - ok
13:35:08.0281 1484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:35:08.0281 1484 Rasl2tp - ok
13:35:08.0296 1484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:35:08.0296 1484 RasPppoe - ok
13:35:08.0312 1484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:35:08.0312 1484 Raspti - ok
13:35:08.0343 1484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:35:08.0343 1484 Rdbss - ok
13:35:08.0359 1484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:35:08.0359 1484 RDPCDD - ok
13:35:08.0359 1484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:35:08.0375 1484 rdpdr - ok
13:35:08.0406 1484 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:35:08.0406 1484 RDPWD - ok
13:35:08.0421 1484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:35:08.0437 1484 redbook - ok
13:35:08.0484 1484 RT61 (b1a055f3b4cf2a60ada63009f157126c) C:\WINDOWS\system32\DRIVERS\RT61.sys
13:35:08.0500 1484 RT61 - ok
13:35:08.0625 1484 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:35:08.0625 1484 SASDIFSV - ok
13:35:08.0640 1484 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:35:08.0640 1484 SASKUTIL - ok
13:35:08.0671 1484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:35:08.0671 1484 Secdrv - ok
13:35:08.0703 1484 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:35:08.0703 1484 serenum - ok
13:35:08.0718 1484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:35:08.0718 1484 Serial - ok
13:35:08.0734 1484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:35:08.0734 1484 Sfloppy - ok
13:35:08.0750 1484 Simbad - ok
13:35:08.0750 1484 Sparrow - ok
13:35:08.0765 1484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:35:08.0765 1484 splitter - ok
13:35:08.0781 1484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:35:08.0781 1484 sr - ok
13:35:08.0812 1484 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:35:08.0828 1484 Srv - ok
13:35:08.0859 1484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:35:08.0859 1484 swenum - ok
13:35:08.0859 1484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:35:08.0859 1484 swmidi - ok
13:35:08.0875 1484 symc810 - ok
13:35:08.0875 1484 symc8xx - ok
13:35:08.0890 1484 sym_hi - ok
13:35:08.0890 1484 sym_u3 - ok
13:35:08.0906 1484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:35:08.0906 1484 sysaudio - ok
13:35:08.0968 1484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:35:08.0968 1484 Tcpip - ok
13:35:09.0000 1484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:35:09.0000 1484 TDPIPE - ok
13:35:09.0015 1484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:35:09.0015 1484 TDTCP - ok
13:35:09.0046 1484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:35:09.0046 1484 TermDD - ok
13:35:09.0046 1484 TosIde - ok
13:35:09.0062 1484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:35:09.0062 1484 Udfs - ok
13:35:09.0078 1484 ultra - ok
13:35:09.0109 1484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:35:09.0109 1484 Update - ok
13:35:09.0171 1484 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:35:09.0171 1484 USBAAPL - ok
13:35:09.0203 1484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:35:09.0203 1484 usbccgp - ok
13:35:09.0218 1484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:35:09.0218 1484 usbehci - ok
13:35:09.0234 1484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:35:09.0234 1484 usbhub - ok
13:35:09.0234 1484 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:35:09.0234 1484 usbohci - ok
13:35:09.0250 1484 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:35:09.0265 1484 usbprint - ok
13:35:09.0312 1484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:35:09.0312 1484 usbscan - ok
13:35:09.0343 1484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:35:09.0343 1484 USBSTOR - ok
13:35:09.0359 1484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:35:09.0359 1484 VgaSave - ok
13:35:09.0359 1484 ViaIde - ok
13:35:09.0375 1484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:35:09.0375 1484 VolSnap - ok
13:35:09.0453 1484 vtdg46xx - ok
13:35:09.0468 1484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:35:09.0468 1484 Wanarp - ok
13:35:09.0484 1484 WDICA - ok
13:35:09.0500 1484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:35:09.0500 1484 wdmaud - ok
13:35:09.0562 1484 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:35:09.0562 1484 WS2IFSL - ok
13:35:09.0609 1484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:35:09.0609 1484 WudfPf - ok
13:35:09.0609 1484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:35:09.0625 1484 WudfRd - ok
13:35:09.0671 1484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:35:09.0750 1484 \Device\Harddisk0\DR0 - ok
13:35:09.0750 1484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:35:09.0750 1484 \Device\Harddisk1\DR1 - ok
13:35:09.0750 1484 Boot (0x1200) (0e6a2ebe78d2f548a82e717d6616786a) \Device\Harddisk0\DR0\Partition0
13:35:09.0750 1484 \Device\Harddisk0\DR0\Partition0 - ok
13:35:09.0750 1484 Boot (0x1200) (f01cb1fcd2022f39ec9525d67a456214) \Device\Harddisk1\DR1\Partition0
13:35:09.0750 1484 \Device\Harddisk1\DR1\Partition0 - ok
13:35:09.0765 1484 Boot (0x1200) (f77d235bfc8336882b71a88965ddf96e) \Device\Harddisk1\DR1\Partition1
13:35:09.0765 1484 \Device\Harddisk1\DR1\Partition1 - ok
13:35:09.0765 1484 ============================================================
13:35:09.0765 1484 Scan finished
13:35:09.0765 1484 ============================================================
13:35:09.0765 0872 Detected object count: 0
13:35:09.0765 0872 Actual detected object count: 0
13:38:00.0234 3480 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 04 March 2012 - 02:54 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 04 March 2012 - 03:26 PM

Gringo

I ran FixTDSS, it completed and returned the message 'Backdoor, Tidserv has not been found on your computer'

I ran aswMBR, the result was the same it hung at C:\Documents and Settings\Mike

I have to reboot at that point the computer is nonresponsive.

mugwamp

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 04 March 2012 - 04:20 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 04 March 2012 - 04:47 PM

Gringo

As per your request

OTL logfile created on: 3/4/2012 4:41:18 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 84.39% Memory free
5.34 Gb Paging File | 4.97 Gb Available in Paging File | 93.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 185.63 Gb Free Space | 79.71% Space Free | Partition Type: NTFS
Drive D: | 439.45 Gb Total Space | 424.06 Gb Free Space | 96.50% Space Free | Partition Type: NTFS
Drive E: | 492.06 Gb Total Space | 486.37 Gb Free Space | 98.84% Space Free | Partition Type: NTFS
Drive F: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKE-67563D2DED | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe (AT&T Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Yahoo!\Companion\att\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (vtdg46xx) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nusb3xhc) -- C:\WINDOWS\system32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\WINDOWS\system32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (LUMDriver) -- C:\WINDOWS\system32\drivers\LUMDriver.sys (IBM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {0DB7AD7D-1411-49A0-A4E0-60ECE329F67A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0DB7AD7D-1411-49A0-A4E0-60ECE329F67A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.net
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\..\SearchScopes,DefaultScope = {1933B317-1B83-41B4-B271-93DA6EA140BA}
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\..\SearchScopes\{0DB7AD7D-1411-49A0-A4E0-60ECE329F67A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_enUS463
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\..\SearchScopes\{1933B317-1B83-41B4-B271-93DA6EA140BA}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\..\SearchScopes\{592672B5-C53C-4F88-AA71-3D5C45BC4CBC}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111222&iesrc={referrer:source}
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\..\SearchScopes\{79ACFCE0-5E9E-4C27-A598-3E963E68D178}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\

O1 HOSTS File: ([2012/02/26 09:25:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1229272821-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1324561695234 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18B8E33D-D658-47BD-BC90-F26A3D0C06D6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Gone Fishing.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Gone Fishing.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/21 16:47:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/21 12:26:21 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 16:39:10 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2012/03/04 15:00:43 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Mike\Desktop\FixTDSS.exe
[2012/03/04 14:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/03/04 13:31:51 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2012/03/04 08:28:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/04 08:18:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/04 08:18:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/04 08:18:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/04 08:18:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/04 08:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/04 08:13:19 | 004,425,722 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2012/03/03 07:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\gmer
[2012/03/03 06:54:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2012/03/02 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/02 12:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\SUPERAntiSpyware.com
[2012/03/02 12:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/02 12:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/02 12:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/02 11:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tdsskiller
[2012/03/02 06:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Resource Kit Tools
[2012/03/02 06:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/03/01 17:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/01 11:08:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/02/28 13:14:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/02/28 12:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee UnInstaller 6.5 Demo English
[2012/02/28 12:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Downloads
[2012/02/26 11:26:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/26 09:22:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/24 10:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/24 09:53:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/24 09:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\TeamViewer
[2012/02/23 13:21:08 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 16:39:18 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2012/03/04 16:22:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/04 15:24:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/04 15:20:06 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 15:19:54 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 15:19:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 15:00:49 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mike\Desktop\FixTDSS.exe
[2012/03/04 13:55:21 | 000,436,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/04 13:55:21 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/04 13:31:58 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2012/03/04 09:10:19 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Microsoft Office Excel 2003.lnk
[2012/03/04 09:09:35 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Microsoft Office Word 2003.lnk
[2012/03/04 08:13:33 | 004,425,722 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2012/03/03 07:02:11 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\gmer.zip
[2012/03/03 06:54:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2012/03/03 06:51:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mike\defogger_reenable
[2012/03/03 06:49:49 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Defogger.exe
[2012/03/02 12:00:56 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/02 11:42:23 | 002,044,252 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2012/03/02 11:35:02 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MiniToolBox.exe
[2012/03/02 07:02:31 | 000,000,462 | RHS- | M] () -- C:\boot.ini
[2012/03/01 17:08:10 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/02/28 12:22:31 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/02/27 08:09:25 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\WordPerfect.lnk
[2012/02/26 09:25:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/25 08:00:14 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Mike\default.pls
[2012/02/25 08:00:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/20 14:20:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/16 11:13:45 | 002,176,972 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\precisioncrosscutsled.pdf
[2012/02/15 13:06:52 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 09:24:21 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/15 09:22:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/06 08:43:09 | 012,844,579 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\PBC-Linear-Motion-Catalog.pdf
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/04 08:18:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/04 08:18:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/04 08:18:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/04 08:18:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/04 08:18:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/03 07:02:07 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\gmer.zip
[2012/03/03 06:51:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\defogger_reenable
[2012/03/03 06:49:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Defogger.exe
[2012/03/02 12:00:56 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/02 11:42:13 | 002,044,252 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2012/03/02 11:34:55 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MiniToolBox.exe
[2012/03/01 17:12:54 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/01 17:07:49 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/28 12:22:31 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/02/28 12:21:45 | 000,181,760 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2012/02/26 11:26:43 | 000,000,345 | ---- | C] () -- C:\Boot.bak
[2012/02/26 11:26:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/23 13:13:18 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/02/16 11:13:45 | 002,176,972 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\precisioncrosscutsled.pdf
[2012/02/15 07:37:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 07:37:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/06 08:43:09 | 012,844,579 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\PBC-Linear-Motion-Catalog.pdf
[2012/01/13 09:42:51 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/24 12:02:45 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 21:43:14 | 000,410,112 | ---- | C] () -- C:\WINDOWS\System32\DFORRT.DLL
[2011/12/22 21:43:13 | 000,416,768 | ---- | C] () -- C:\WINDOWS\System32\DFORMD.DLL
[2011/12/22 15:02:06 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/12/22 13:50:40 | 000,501,760 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.exe
[2011/12/22 12:29:47 | 000,046,080 | ---- | C] () -- C:\WINDOWS\tbuninst2.exe
[2011/12/22 12:22:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PFP120JPR.{PB
[2011/12/22 12:22:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PFP120JCM.{PB
[2011/12/22 11:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2011/12/22 11:21:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2011/12/22 10:33:04 | 000,032,200 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/12/22 10:33:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/12/22 10:33:03 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/12/22 10:33:03 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/12/22 10:30:10 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2011/12/22 10:29:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSPR320.ini
[2011/12/22 10:15:52 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2889.dll
[2011/12/22 10:15:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MFSIFLib2889.dll
[2011/12/22 09:59:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/22 09:06:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/22 08:17:08 | 000,000,051 | ---- | C] () -- C:\WINDOWS\X6475.INI
[2011/12/21 22:56:57 | 000,004,400 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2011/12/21 22:56:22 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2011/12/21 18:32:53 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/12/21 18:32:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/12/21 17:55:28 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2011/12/21 17:38:12 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/12/21 17:38:12 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/12/21 17:38:12 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/12/21 17:38:12 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/12/21 17:38:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/12/21 17:38:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/12/21 17:38:12 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/12/21 17:38:12 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/21 17:37:47 | 000,928,096 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2011/12/21 17:37:43 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/12/21 16:49:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/21 16:45:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/21 11:33:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/21 11:32:00 | 000,355,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 04 March 2012 - 04:52 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 04 March 2012 - 05:33 PM

Gringo

As you requested - The computer is responding well as it did all along. I just have MSE showing the red icon and reporting 'Alureon.E' as active.

Here is the results you wanted

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Mike\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mike
->Temp folder emptied: 66587144 bytes
->Temporary Internet Files folder emptied: 68467036 bytes
->Java cache emptied: 2217935 bytes
->Google Chrome cache emptied: 6334921 bytes
->Flash cache emptied: 8200766 bytes

User: NetworkService
->Temp folder emptied: 32066 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2411391 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 665021 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Mike
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mike
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.35.1 log created on 03042012_172345

Files\Folders moved on Reboot...
C:\Documents and Settings\Mike\Local Settings\Temp\~DF94B1.tmp moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\~DFECE7.tmp moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\Z4KSTL77\1616665570[1].htm moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\Z4KSTL77\aceUAC[1].htm moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\Z4KSTL77\page__pid__2620573[1].txt moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\Z4KSTL77\welcome[4].txt moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\U1L6HYBK\st[4] moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\U1L6HYBK\st[5] moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\NTNB1V1U\md[2].php moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\F5WMQUKE\iframe3[6].htm moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\F5WMQUKE\iframe3[7].htm moved successfully.

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 04 March 2012 - 08:44 PM

For x86 (x32) bit systems please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Note: The tool currently on Italian and English language operating systems gives a full log.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 05 March 2012 - 07:20 AM

Gringo

Good Morning - Here is the results of Listparts



ListParts by Farbar Version: 29-02-2012
Ran by Mike (administrator) on 05-03-2012 at 07:16:42
Windows XP (X86)
Running From: C:\Documents and Settings\Mike\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 3583.48 MB
Available physical RAM: 2806.48 MB
Total Pagefile: 5465.8 MB
Available Pagefile: 4856.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.18 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:232.88 GB) (Free:185.77 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: () (Fixed) (Total:439.45 GB) (Free:424.06 GB) NTFS
4 Drive e: () (Fixed) (Total:492.06 GB) (Free:486.37 GB) NTFS
5 Drive f: (Oblivion GOTY 1) (CDROM) (Total:4.16 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 932 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB
Partition 2 Unknown 9 MB 233 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 233 GB Healthy System (partition with boot components)
======================================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 439 GB 32 KB
Partition 2 Extended 492 GB 439 GB
Partition 3 Logical 492 GB 439 GB
======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 439 GB Healthy
======================================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 492 GB Healthy
======================================================================================================

****** End Of Log ******

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 05 March 2012 - 08:05 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 05 March 2012 - 11:25 AM

Gringo

Took awhile , but here is attchment of screenshot1. Puppy didn't put it on the usb drive. It put it on the D: drive. I'm not sure of myself, if this attachment isn't good enough please let me know. Once again - THANK YOU for the help.



Attached File  screenshot1.jpg   31.64KB   3 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users