Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to remove DOS/Alureon.a I posted this a few days ago in a different forum, not sure if it was in the wrong spot or not.


  • This topic is locked This topic is locked
1 reply to this topic

#1 djjen416

djjen416

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 02 May 2011 - 01:28 PM

MSE detected the alureon.a but cannot remove it. I tried the tdsskiller as someone else had been told to try, and it can't get past 80% initializing. I downloaded and tried multiple antivirus softwares, which did detect and delete several other infections but nothing I have tried can delete this one. I have attached the logs from dds and gmer. I first posted this in another forum category, for the attached logs please see http://www.bleepingcomputer.com/forums/topic394709.html


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Starlight DJ at 19:54:42.79 on Sat 04/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1423 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\Starlight DJ\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: Updater For Xfinity.com Toolbar 3.5: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxps://picasaweb.google.com/s/v/71.18/uploader2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293595274046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\starli~1\applic~1\mozilla\firefox\profiles\drjonjsb.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\starlight dj\application data\mozilla\firefox\profiles\drjonjsb.default\extensions\loaderff@wiredred.com\plugins\NPLoaderFF.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-28 307288]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-4-30 475736]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl0b28be35;MpKsl0b28be35;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69520430-7a37-4cc1-b66d-d6a254b9d549}\MpKsl0b28be35.sys [2011-4-30 28752]
R1 MpKslca169628;MpKslca169628;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69520430-7a37-4cc1-b66d-d6a254b9d549}\MpKslca169628.sys [2011-4-30 28752]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-28 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-28 42184]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-11-2 365336]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2010-10-27 230768]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S0 cerc6;cerc6; [x]
S0 jhbs;jhbs;c:\windows\system32\drivers\araffbdb.sys --> c:\windows\system32\drivers\araffbdb.sys [?]
S1 MpKsl138cef08;MpKsl138cef08;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\mpksl138cef08.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\MpKsl138cef08.sys [?]
S1 MpKsl437d78b5;MpKsl437d78b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\mpksl437d78b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\MpKsl437d78b5.sys [?]
S1 MpKsl4eee19af;MpKsl4eee19af;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0b6c978d-960e-44ef-84ba-70f36a218894}\mpksl4eee19af.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0b6c978d-960e-44ef-84ba-70f36a218894}\MpKsl4eee19af.sys [?]
S1 MpKsl8d888115;MpKsl8d888115;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b19511f-83f6-44bd-a273-ecc6cef61dab}\mpksl8d888115.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b19511f-83f6-44bd-a273-ecc6cef61dab}\MpKsl8d888115.sys [?]
S1 MpKsla1c7a774;MpKsla1c7a774;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ecc3ec50-eade-4e28-a5e1-bc8857febe4a}\mpksla1c7a774.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ecc3ec50-eade-4e28-a5e1-bc8857febe4a}\MpKsla1c7a774.sys [?]
S1 MpKsla80d553a;MpKsla80d553a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\mpksla80d553a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\MpKsla80d553a.sys [?]
S1 MpKsldda2e503;MpKsldda2e503;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\mpksldda2e503.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\MpKsldda2e503.sys [?]
S1 MpKslefa75264;MpKslefa75264;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\mpkslefa75264.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dadeb49a-b480-48e3-a3c6-59ba53f71c5c}\MpKslefa75264.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\drivers\swnc8u12.sys [2010-9-3 204928]
S3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [2010-9-3 156544]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-30 23:47:08 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{69520430-7a37-4cc1-b66d-d6a254b9d549}\MpKslca169628.sys
2011-04-30 23:45:47 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{69520430-7a37-4cc1-b66d-d6a254b9d549}\MpKsl9c63b895.sys
2011-04-30 23:09:34 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{69520430-7a37-4cc1-b66d-d6a254b9d549}\MpKsl0b28be35.sys
2011-04-30 23:09:20 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{69520430-7a37-4cc1-b66d-d6a254b9d549}\mpengine.dll
2011-04-30 22:51:44 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-04-30 22:18:19 -------- d-----w- C:\ComboFix
2011-04-30 22:12:21 98816 ----a-w- c:\windows\sed.exe
2011-04-30 22:12:21 89088 ----a-w- c:\windows\MBR.exe
2011-04-30 22:12:21 256512 ----a-w- c:\windows\PEV.exe
2011-04-30 22:12:21 161792 ----a-w- c:\windows\SWREG.exe
2011-04-30 20:55:36 -------- d-----w- c:\docume~1\starli~1\applic~1\whitesmoketoolbar
2011-04-30 20:55:01 -------- d-----w- c:\program files\whitesmoketoolbar
2011-04-30 17:27:33 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-04-30 17:27:14 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-30 17:27:14 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-30 17:25:11 -------- d-----w- c:\program files\Kaspersky Lab
2011-04-30 17:25:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2011-04-30 17:18:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2011-04-30 05:00:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-30 04:35:07 -------- d-----w- c:\program files\CCleaner
2011-04-30 01:39:47 -------- d-----w- c:\program files\Sophos
2011-04-30 01:32:03 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-30 01:27:46 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-30 01:27:03 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-30 01:26:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-04-29 02:50:27 -------- d-----w- C:\tdsskiller
2011-04-29 02:38:54 -------- d-----w- c:\docume~1\starli~1\locals~1\applic~1\PCHealth
2011-04-28 23:23:25 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-28 23:23:06 40112 ----a-w- c:\windows\avastSS.scr
2011-04-28 23:22:52 -------- d-----w- c:\program files\AVAST Software
2011-04-28 23:22:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-04-28 22:36:15 -------- d-----w- c:\docume~1\starli~1\applic~1\Malwarebytes
2011-04-28 22:33:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 22:33:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-28 22:33:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 22:33:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 02:39:44 -------- d-----w- c:\docume~1\starli~1\locals~1\applic~1\Blockbuster
2011-04-22 02:21:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Movielink
2011-04-22 02:20:56 -------- d-----w- c:\program files\Blockbuster
2011-04-12 22:45:02 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-12 22:45:02 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-12 22:44:22 -------- d-----w- c:\program files\iPod
2011-04-12 22:44:18 -------- d-----w- c:\program files\iTunes
2011-04-12 22:44:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-12 22:43:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-04-12 22:43:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-04-12 22:43:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-12 22:43:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-12 22:43:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-12 22:43:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-12 22:43:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-04-12 00:24:11 -------- d-----w- c:\docume~1\starli~1\applic~1\xfinitytb
2011-04-11 23:35:20 -------- d-----w- c:\program files\MagicISO
2011-04-11 22:59:08 -------- d-----w- c:\program files\Comcast
2011-04-11 22:58:48 -------- d-----w- c:\docume~1\starli~1\applic~1\CallingID
2011-04-11 22:58:36 -------- d-----w- c:\program files\common files\scanner
2011-04-11 22:58:35 -------- d-----w- c:\program files\comcasttb
2011-04-11 22:58:23 -------- d-----w- c:\program files\CA
2011-04-11 22:57:48 -------- d-----w- c:\program files\xfinitytb
2011-04-11 22:56:33 -------- d-----w- c:\program files\ComcastUI
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 04:20:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-03 04:20:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 19:57:38.68 ===============
ark.txt (18.44K)
Number of downloads: 0

Attached File(s)
Attach.txt (41.64K)

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:04 PM

Posted 02 May 2011 - 02:18 PM

Your log is properly posted, here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

Average wait times fluctuate depending on a number of factors including the number of cases posted and the number of helpers we have available, and their real life schedules (don't forget that everyone is a volunteer here!) Currently the wait time looks to be about 7-8 days on average.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users