BleepingComputer.com: Seriously infected, is it really all gone?

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Seriously infected, is it really all gone? Trojan, Malware

#1 User is offline   Christine_R 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 16-July 10

Posted 24 December 2011 - 03:50 PM

I am running Windows XP with Microsoft Office 2003.

have a problem with something that invaded my home computer through my teenager's profile. She was savvy enough to run Microsoft Security Essentials but then turned off the computer and didn't tell me. When I logged on using my profile, with Admin rights, all heck broke loose. MSE identified Trojan: win32/sirefef.j and win32/alureon.fl but even after quarantine I still had System Fix overwhelming my computer with fake scans and alerts. Everything on start and my desktop was gone. I ran MBAM.exe once I figured out how to get back the Run box. MBAM found a bunch of rogue.fakeHDD and PUM.hijack.

I used the unhide.exe from this site to see everything again. My System Restore was completely dead in the water, not working, and all my restore points gone. I ran SFC/ scannow based on advice from another site as I can't find my original XP disk. I have a lot better functionality but I'm still missing Administrative Tools (not just from the Start but also the Control Panel). System Fix, while not popping up, was showing up on the task bar and I was able to stop it by going to All Users. My Office seems to be working fine after I ran a repair off of the original disk.

I've scanned with MSE and MBAM. Both indicate my computer is clean but I have a bunch of empty folders on the Start and can't find Administrative Tools. I'm scared to death to touch the Registry myself but can't seem to find a reliable tool. One site said do not delete temporary files, that is probably where the things in the empty folders were moved to, but how do I get them back to the right place (without somehow reactivating the malware if it's still lurking in my computer)?

I may be better with using a program to do the fixing that's needed because I am a computer chicken but what's a good program? I'm just scared if I touch the Registry I'm going to mess something up really bad.

Your advice would be greatly appreciated.

MBAM logged:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 8:38:57 PM
mbam-log-2011-12-19 (20-38-57).txt

Scan type: Quick scan
Objects scanned: 220046
Time elapsed: 25 minute(s), 58 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\documents and settings\all users\application data\kddbmaciksdmig.exe (Rogue.FakeHDD) -> 2308 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KDDBMACIkSDmIg.exe (Rogue.FakeHDD) -> Value: KDDBMACIkSDmIg.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\kddbmaciksdmig.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\Caitlin\local settings\temp\gijxfifpya90gt.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.

Unfortunately, I can't figure out how to download a log from MSE, which is what detected the Sirefef and Alureon trojans. I'm trying to get help off the Microsoft site and will revise this thread as soon as I figure it out.

This post has been edited by Christine_R: 25 December 2011 - 10:57 AM

#2 User is offline   Christine_R 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 16-July 10

Posted 25 December 2011 - 04:06 PM

Found a way to get the log going to C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support and I hope this is the correct log. There was another one with all the information too but it was 14.5 KB. Does this help?

2011-12-12T12:42:48.859Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-12T12:43:14.015Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
2011-12-12T12:47:01.109Z Service stopped with exit code 0x0
2011-12-12T17:26:54.578Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-12T17:27:16.421Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
2011-12-12T20:34:16.265Z Service stopped with exit code 0x0
2011-12-12T21:47:35.468Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-12T21:47:56.546Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
2011-12-13T00:52:46.593Z Service stopped with exit code 0x0
2011-12-14T00:20:42.656Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T00:21:04.875Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
2011-12-14T00:46:15.171Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
2011-12-14T01:49:53.859Z Service stopped with exit code 0x0
2011-12-14T01:55:40.109Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T01:55:56.796Z Service stopped with exit code 0x0
2011-12-14T03:59:34.343Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T03:59:55.562Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
2011-12-14T04:28:26.843Z Service stopped with exit code 0x0
2011-12-14T06:55:15.312Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T06:55:37.937Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
2011-12-14T08:02:30.156Z Service stopped with exit code 0x0
2011-12-14T14:25:01.109Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T14:25:21.468Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
2011-12-14T15:04:53.046Z Service stopped with exit code 0x0
2011-12-14T16:25:42.031Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T16:26:04.781Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
2011-12-14T16:28:46.484Z Service stopped with exit code 0x0
2011-12-14T16:29:35.718Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T16:29:51.218Z Service stopped with exit code 0x0
2011-12-14T16:30:45.828Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T16:31:08.187Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
2011-12-14T20:35:46.187Z Service stopped with exit code 0x0
2011-12-14T20:36:38.406Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T20:36:53.328Z Service stopped with exit code 0x0
2011-12-14T22:50:57.671Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-14T22:51:19.359Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
2011-12-14T22:52:10.531Z Service stopped with exit code 0x0
2011-12-15T07:14:40.750Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-15T07:14:59.515Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
2011-12-15T07:29:16.015Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1108.0 AV 1.117.1108.0
2011-12-15T07:56:50.546Z DETECTION TrojanDropper:Win32/Sirefef.B file:C:\Documents and Settings\Caitlin\Local Settings\temp\msimg32.dll
2011-12-15T07:57:36.593Z DETECTION Rogue:Win32/FakeRean file:C:\Documents and Settings\Caitlin\Local Settings\Application Data\okx.exe
2011-12-15T08:11:01.828Z Service stopped with exit code 0x0
2011-12-15T08:11:59.046Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-15T08:12:17.671Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1108.0 AV 1.117.1108.0
2011-12-15T08:25:07.531Z Service stopped with exit code 0x0
2011-12-15T14:17:07.515Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-15T14:17:31.265Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1108.0 AV 1.117.1108.0
2011-12-15T14:29:04.718Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1145.0 AV 1.117.1145.0
2011-12-15T15:09:13.703Z Service stopped with exit code 0x0
2011-12-16T06:04:26.781Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-16T06:04:50.718Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1145.0 AV 1.117.1145.0
2011-12-16T06:37:41.968Z Service stopped with exit code 0x0
2011-12-16T21:18:40.812Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-16T21:19:06.937Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1145.0 AV 1.117.1145.0
2011-12-16T21:36:39.140Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1215.0 AV 1.117.1215.0
2011-12-17T01:47:29.406Z Service stopped with exit code 0x0
2011-12-17T21:49:41.453Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-17T21:50:03.656Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1215.0 AV 1.117.1215.0
2011-12-17T22:01:37.140Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
2011-12-17T23:09:19.546Z Service stopped with exit code 0x0
2011-12-18T01:40:12.578Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-18T01:40:35.109Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
2011-12-18T02:01:25.765Z Service stopped with exit code 0x0
2011-12-18T05:36:48.437Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-18T05:37:10.562Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
2011-12-18T08:39:16.312Z Service stopped with exit code 0x0
2011-12-19T06:54:44.578Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-19T06:55:05.968Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
2011-12-19T07:06:47.359Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-19T07:38:43.671Z Service stopped with exit code 0x0
2011-12-19T08:31:23.890Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-19T08:31:47.265Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-19T08:55:44.203Z Service stopped with exit code 0x0
2011-12-19T14:15:11.968Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-19T14:16:21.296Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-19T14:37:50.890Z Service stopped with exit code 0x0
2011-12-19T17:03:36.875Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-19T17:04:01.656Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-19T20:34:09.718Z DETECTION Trojan:Win32/Alureon.FL file:C:\Documents and Settings\Caitlin\Local Settings\temp\cMJTFpu8byOTBe.exe
2011-12-19T20:42:27.015Z Service stopped with exit code 0x0
2011-12-19T20:44:27.375Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-19T20:45:23.921Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-19T20:52:26.828Z Service stopped with exit code 0x0
2011-12-20T02:30:37.015Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T02:30:59.953Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T02:56:19.937Z Service stopped with exit code 0x0
2011-12-20T03:03:47.921Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T03:05:24.562Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T03:18:35.375Z Service stopped with exit code 0x0
2011-12-20T03:19:17.828Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T03:19:47.765Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T03:39:43.343Z Service stopped with exit code 0x0
2011-12-20T03:40:36.500Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T03:40:58.765Z Service stopped with exit code 0x0
2011-12-20T03:41:50.375Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T03:42:04.531Z Service stopped with exit code 0x0
2011-12-20T03:44:04.781Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T03:45:45.328Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T03:47:29.875Z Service stopped with exit code 0x0
2011-12-20T03:48:58.312Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T03:50:51.515Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T04:01:01.109Z Service stopped with exit code 0x0
2011-12-20T04:02:05.625Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T04:02:32.515Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T04:39:57.781Z Service stopped with exit code 0x0
2011-12-20T04:40:55.890Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T04:41:14.031Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T04:51:59.343Z Service stopped with exit code 0x0
2011-12-20T04:52:36.765Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T04:53:00.843Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T05:19:20.937Z Service stopped with exit code 0x0
2011-12-20T05:20:04.593Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T05:20:36.281Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T05:47:06.296Z Service stopped with exit code 0x0
2011-12-20T05:47:56.750Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T05:48:23.671Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T05:51:37.734Z DETECTION Trojan:Win32/Sirefef.J file:C:\Documents and Settings\Caitlin\My Documents\Dv5f4qbI.exe
2011-12-20T06:18:05.531Z Service stopped with exit code 0x0
2011-12-20T06:18:44.968Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T06:19:13.718Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1336.0 AV 1.117.1336.0
2011-12-20T06:48:57.640Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1411.0 AV 1.117.1411.0
2011-12-20T07:51:39.656Z Service stopped with exit code 0x0
2011-12-20T07:52:35.125Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T07:53:24.421Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1411.0 AV 1.117.1411.0
2011-12-20T07:55:00.828Z Service stopped with exit code 0x0
2011-12-20T08:35:01.515Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T08:35:35.640Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1411.0 AV 1.117.1411.0
2011-12-20T09:59:10.765Z Service stopped with exit code 0x0
2011-12-20T15:50:25.984Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T15:50:41.546Z Service stopped with exit code 0x0
2011-12-20T15:51:51.125Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T15:52:03.750Z Service stopped with exit code 0x0
2011-12-20T15:53:10.703Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T15:53:34.765Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1411.0 AV 1.117.1411.0
2011-12-20T17:49:20.640Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-20T17:49:54.281Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1411.0 AV 1.117.1411.0
2011-12-21T00:38:35.625Z Service stopped with exit code 0x0
2011-12-21T23:46:35.781Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-21T23:46:56.406Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1411.0 AV 1.117.1411.0
2011-12-22T00:01:14.187Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
2011-12-22T03:24:31.015Z Service stopped with exit code 0x0
2011-12-22T05:40:24.562Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T05:40:50.437Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
2011-12-22T07:40:08.218Z Service stopped with exit code 0x0
2011-12-22T07:41:12.453Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T07:41:32.578Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
2011-12-22T07:56:39.015Z Service stopped with exit code 0x0
2011-12-22T07:57:34.859Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T07:57:59.500Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
2011-12-22T11:33:17.875Z Service stopped with exit code 0x0
2011-12-22T15:05:57.437Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T15:06:20.406Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
2011-12-22T15:07:08.109Z Service stopped with exit code 0x0
2011-12-22T15:08:00.609Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T15:08:21.765Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
2011-12-22T15:17:10.531Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-22T16:22:22.812Z Service stopped with exit code 0x0
2011-12-22T16:23:18.156Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T16:23:35.593Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-22T16:45:09.593Z Service stopped with exit code 0x0
2011-12-22T16:45:55.015Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T16:46:13.828Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-22T18:51:35.453Z Service stopped with exit code 0x0
2011-12-22T18:52:20.828Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T18:52:39.250Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-22T19:08:01.796Z Service stopped with exit code 0x0
2011-12-22T20:44:58.718Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-22T20:45:26.718Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-22T21:15:56.796Z Service stopped with exit code 0x0
2011-12-23T00:58:57.640Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-23T00:59:22.265Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-23T03:44:14.328Z Service stopped with exit code 0x0
2011-12-23T05:30:04.859Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-23T05:30:27.953Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-23T06:40:12.109Z Service stopped with exit code 0x0
2011-12-24T05:58:06.656Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-24T05:58:29.609Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-24T07:50:38.140Z Service stopped with exit code 0x0
2011-12-24T19:57:51.718Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-24T19:58:27.343Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1580.0 AV 1.117.1580.0
2011-12-24T20:29:07.171Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1695.0 AV 1.117.1695.0
2011-12-24T21:01:46.984Z Service stopped with exit code 0x0
2011-12-24T21:03:10.875Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-24T21:03:40.343Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1695.0 AV 1.117.1695.0
2011-12-24T21:05:03.578Z Service stopped with exit code 0x0
2011-12-24T23:45:08.375Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-24T23:45:35.515Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1695.0 AV 1.117.1695.0
2011-12-25T00:22:00.953Z Service stopped with exit code 0x0
2011-12-25T15:32:49.421Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-25T15:33:18.531Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1695.0 AV 1.117.1695.0
2011-12-25T16:25:47.718Z Service stopped with exit code 0x0
2011-12-25T20:40:04.484Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2011-12-25T20:40:31.781Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1695.0 AV 1.117.1695.0
2011-12-25T20:52:53.437Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1725.0 AV 1.117.1725.0

#3 User is offline   HelpBot 

  • Bleepin' Binary Bot
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Bots
  • Posts: 5,607
  • Joined: 05-October 07
  • Gender:Male

Posted 30 December 2011 - 03:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434348 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.


Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 User is offline   HelpBot 

  • Bleepin' Binary Bot
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Bots
  • Posts: 5,607
  • Joined: 05-October 07
  • Gender:Male

Posted 04 January 2012 - 04:00 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users