Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot pinpoint the problem - infected?


  • Please log in to reply
3 replies to this topic

#1 Pair-O-Legal

Pair-O-Legal

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ann Arbor, MI USA
  • Local time:05:25 AM

Posted 16 October 2011 - 06:33 PM

I have to post this from a Mac, although the problem I'm having is with one of my Windows machines which prevents me from doing much of anything. At all. What happens is I log on and, eventually, everything comes to a halt. Clicking here or there does nothing. I can't even do key commands. Pressing the Windows button on the keyboard does nothing.

I have managed to install diagnostic software in Safe Mode - MalwareBytes, Spybot S&D and even HijackThis, but MWB says there are no infected files, Spybot only finds cookies, and, when I can get HijackThis to run, it flashes the start of a scan (following the instructions I've found here in the BC forums) and <poof!> disappears without leaving a trace. No log file. No backup anything. I've tried to get a log file, repeatedly. No luck. Eventually, the computer returns to a non-responsive state and I have to reboot.

*Update: Now I can't even run HiJackThis! I get an error message, instead: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." I'm logged on as the Administrator. I installed the program via the Administrator logon.

I looked in the list of Processes in the Windows Task Manager and noticed that there's one process that I cannot identify. It seems like a random number ("367380339:2352487146.exe"). I've researched the random number virus - I'm not sure that's what this is, but....

I did manage to get a startuplist from HiJackThis, at one point. I can attach that to one of these posts, if someone wants to see that odd, random number file in the Process list.

The computer is useless, in its current state. Any direction or assistance will be most appreciated. I'm running Windows XP Professional Version 2002 SP3. The computer has an AMD Atholon 64 X2 Dual Core Processor 5200+, 2.71 GHz, 1.75 GB of RAM. I was hoping to upgrade the OS to Windows 7 but figure I should probably resolve this issue before trying that!

Tell me what information you need to help diagnose this. (I have NOT run ComboFix...I do read instructions!)

I appreciate the assistance. Thank you!

Edited by Pair-O-Legal, 16 October 2011 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:25 AM

Posted 16 October 2011 - 08:28 PM

Unless you plan on wiping the drive than the next process will fail. But if you are planning to just wipe it that will remove all the malware and you can install the new OS.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.
Can you still boot to safe mode with networking?



Can you kill this ("367380339:2352487146.exe"). It's malware and should let you do other things.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

Edited by boopme, 16 October 2011 - 08:30 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Pair-O-Legal

Pair-O-Legal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ann Arbor, MI USA
  • Local time:05:25 AM

Posted 16 October 2011 - 10:54 PM

I followed your instructions (after reading all the way through them...).

Ran FixExe.reg without a hitch.
Ran RKill and then TDSS Rootkit Removing Tool. Here's the content of that log file:

TDSSKiller.2.6.9.0_16.10.2011_22.18.28_log

22:18:28.0968 1420 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
22:18:29.0312 1420 ============================================================
22:18:29.0312 1420 Current date / time: 2011/10/16 22:18:29.0312
22:18:29.0312 1420 SystemInfo:
22:18:29.0312 1420
22:18:29.0312 1420 OS Version: 5.1.2600 ServicePack: 3.0
22:18:29.0312 1420 Product type: Workstation
22:18:29.0312 1420 ComputerName: INTREPID
22:18:29.0312 1420 UserName: Administrator
22:18:29.0312 1420 Windows directory: C:\WINDOWS
22:18:29.0312 1420 System windows directory: C:\WINDOWS
22:18:29.0312 1420 Processor architecture: Intel x86
22:18:29.0312 1420 Number of processors: 2
22:18:29.0312 1420 Page size: 0x1000
22:18:29.0312 1420 Boot type: Safe boot with network
22:18:29.0312 1420 ============================================================
22:18:31.0046 1420 Initialize success
22:18:51.0718 1484 ============================================================
22:18:51.0718 1484 Scan started
22:18:51.0718 1484 Mode: Manual;
22:18:51.0718 1484 ============================================================
22:18:52.0734 1484 2WIREPCP (6551c1cf190df3e12c435a085987fba0) C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
22:18:52.0734 1484 2WIREPCP - ok
22:18:52.0796 1484 73c7e515 (b011928bf54aa243f3c856c4efd652f2) C:\WINDOWS\367380339:2352487146.exe
22:18:53.0218 1484 Suspicious file (Hidden): C:\WINDOWS\367380339:2352487146.exe. md5: b011928bf54aa243f3c856c4efd652f2
22:18:53.0218 1484 73c7e515 ( HiddenFile.Multi.Generic ) - warning
22:18:53.0218 1484 73c7e515 - detected HiddenFile.Multi.Generic (1)

22:18:53.0218 1484 Abiosdsk - ok
22:18:53.0234 1484 abp480n5 - ok
22:18:53.0265 1484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:18:53.0281 1484 ACPI - ok
22:18:53.0296 1484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:18:53.0296 1484 ACPIEC - ok
22:18:53.0328 1484 adpu160m - ok
22:18:53.0359 1484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:18:53.0375 1484 aec - ok
22:18:53.0406 1484 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:18:53.0406 1484 AegisP - ok
22:18:53.0437 1484 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:18:53.0437 1484 AFD - ok
22:18:53.0453 1484 Aha154x - ok
22:18:53.0468 1484 aic78u2 - ok
22:18:53.0484 1484 aic78xx - ok
22:18:53.0515 1484 AliIde - ok
22:18:53.0546 1484 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:18:53.0546 1484 AmdK8 - ok
22:18:53.0562 1484 amsint - ok
22:18:53.0625 1484 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:18:53.0625 1484 Arp1394 - ok
22:18:53.0640 1484 asc - ok
22:18:53.0656 1484 asc3350p - ok
22:18:53.0671 1484 asc3550 - ok
22:18:53.0718 1484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:18:53.0718 1484 AsyncMac - ok
22:18:53.0734 1484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:18:53.0734 1484 atapi - ok
22:18:53.0750 1484 Atdisk - ok
22:18:53.0843 1484 ati2mtag (e0ba12f24025c94e03ab2cab8779e8a0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:18:53.0890 1484 ati2mtag - ok
22:18:53.0937 1484 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
22:18:53.0937 1484 AtiHdmiService - ok
22:18:53.0968 1484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:18:53.0968 1484 Atmarpc - ok
22:18:54.0015 1484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:18:54.0015 1484 audstub - ok
22:18:54.0062 1484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:18:54.0062 1484 Beep - ok
22:18:54.0125 1484 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:18:54.0125 1484 Bridge - ok
22:18:54.0140 1484 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:18:54.0140 1484 BridgeMP - ok
22:18:54.0203 1484 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
22:18:54.0203 1484 BrScnUsb - ok
22:18:54.0234 1484 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:18:54.0234 1484 BrSerIf - ok
22:18:54.0250 1484 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:18:54.0250 1484 BrUsbSer - ok
22:18:54.0296 1484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:18:54.0296 1484 cbidf2k - ok
22:18:54.0328 1484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:18:54.0328 1484 CCDECODE - ok
22:18:54.0343 1484 cd20xrnt - ok
22:18:54.0359 1484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:18:54.0359 1484 Cdaudio - ok
22:18:54.0375 1484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:18:54.0375 1484 Cdfs - ok
22:18:54.0390 1484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:18:54.0390 1484 Cdrom - ok
22:18:54.0406 1484 Changer - ok
22:18:54.0437 1484 CmdIde - ok
22:18:54.0468 1484 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:18:54.0468 1484 Compbatt - ok
22:18:54.0515 1484 Cpqarray - ok
22:18:54.0546 1484 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:18:54.0546 1484 CVirtA - ok
22:18:54.0578 1484 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:18:54.0578 1484 CVPNDRVA - ok
22:18:54.0593 1484 dac2w2k - ok
22:18:54.0609 1484 dac960nt - ok
22:18:54.0640 1484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:18:54.0640 1484 Disk - ok
22:18:54.0734 1484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:18:54.0750 1484 dmboot - ok
22:18:54.0781 1484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:18:54.0781 1484 dmio - ok
22:18:54.0796 1484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:18:54.0796 1484 dmload - ok
22:18:54.0828 1484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:18:54.0828 1484 DMusic - ok
22:18:54.0859 1484 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:18:54.0859 1484 DNE - ok
22:18:54.0890 1484 dpti2o - ok
22:18:54.0906 1484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:18:54.0906 1484 drmkaud - ok
22:18:54.0953 1484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:18:54.0953 1484 Fastfat - ok
22:18:54.0968 1484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:18:54.0968 1484 Fdc - ok
22:18:54.0984 1484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:18:54.0984 1484 Fips - ok
22:18:55.0015 1484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:18:55.0015 1484 Flpydisk - ok
22:18:55.0062 1484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:18:55.0062 1484 FltMgr - ok
22:18:55.0078 1484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:18:55.0078 1484 Fs_Rec - ok
22:18:55.0109 1484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:18:55.0109 1484 Ftdisk - ok
22:18:55.0140 1484 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
22:18:55.0140 1484 gdrv - ok
22:18:55.0171 1484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:18:55.0171 1484 GEARAspiWDM - ok
22:18:55.0187 1484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:18:55.0187 1484 Gpc - ok
22:18:55.0234 1484 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
22:18:55.0234 1484 grmnusb - ok
22:18:55.0250 1484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:18:55.0250 1484 HDAudBus - ok
22:18:55.0281 1484 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
22:18:55.0281 1484 HidBatt - ok
22:18:55.0312 1484 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:18:55.0312 1484 hidusb - ok
22:18:55.0328 1484 hpn - ok
22:18:55.0375 1484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:18:55.0375 1484 HTTP - ok
22:18:55.0390 1484 i2omgmt - ok
22:18:55.0406 1484 i2omp - ok
22:18:55.0437 1484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:18:55.0437 1484 i8042prt - ok
22:18:55.0453 1484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:18:55.0468 1484 Imapi - ok
22:18:55.0500 1484 ini910u - ok
22:18:55.0609 1484 IntcAzAudAddService (811b31e0e0ac7be484efbffc42afcbbe) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:18:55.0687 1484 IntcAzAudAddService - ok
22:18:55.0703 1484 IntelIde - ok
22:18:55.0734 1484 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:18:55.0734 1484 ip6fw - ok
22:18:55.0765 1484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:18:55.0781 1484 IpFilterDriver - ok
22:18:55.0796 1484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:18:55.0796 1484 IpInIp - ok
22:18:55.0812 1484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:18:55.0828 1484 IpNat - ok
22:18:55.0859 1484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:18:55.0859 1484 IPSec - ok
22:18:55.0875 1484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:18:55.0875 1484 IRENUM - ok
22:18:55.0906 1484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:18:55.0906 1484 isapnp - ok
22:18:55.0921 1484 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:18:55.0921 1484 Kbdclass - ok
22:18:55.0953 1484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:18:55.0953 1484 kbdhid - ok
22:18:55.0984 1484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:18:55.0984 1484 kmixer - ok
22:18:56.0015 1484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:18:56.0031 1484 KSecDD - ok
22:18:56.0046 1484 lbrtfdc - ok
22:18:56.0078 1484 MCSTRM - ok
22:18:56.0125 1484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:18:56.0125 1484 mnmdd - ok
22:18:56.0171 1484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:18:56.0171 1484 Modem - ok
22:18:56.0187 1484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:18:56.0187 1484 Mouclass - ok
22:18:56.0218 1484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:18:56.0218 1484 mouhid - ok
22:18:56.0234 1484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:18:56.0250 1484 MountMgr - ok
22:18:56.0265 1484 MpKsl402bc3de - ok
22:18:56.0281 1484 mraid35x - ok
22:18:56.0312 1484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:18:56.0312 1484 MRxDAV - ok
22:18:56.0359 1484 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:18:56.0375 1484 MRxSmb - ok
22:18:56.0390 1484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:18:56.0390 1484 Msfs - ok
22:18:56.0421 1484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:18:56.0421 1484 MSKSSRV - ok
22:18:56.0437 1484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:18:56.0437 1484 MSPCLOCK - ok
22:18:56.0453 1484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:18:56.0453 1484 MSPQM - ok
22:18:56.0484 1484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:18:56.0484 1484 mssmbios - ok
22:18:56.0500 1484 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:18:56.0500 1484 MSTEE - ok
22:18:56.0515 1484 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:18:56.0515 1484 Mup - ok
22:18:56.0546 1484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:18:56.0546 1484 NABTSFEC - ok
22:18:56.0578 1484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:18:56.0578 1484 NDIS - ok
22:18:56.0609 1484 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:18:56.0609 1484 NdisIP - ok
22:18:56.0625 1484 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:18:56.0625 1484 NdisTapi - ok
22:18:56.0640 1484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:18:56.0640 1484 Ndisuio - ok
22:18:56.0687 1484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:18:56.0687 1484 NdisWan - ok
22:18:56.0734 1484 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:18:56.0734 1484 NDProxy - ok
22:18:56.0750 1484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:18:56.0750 1484 NetBIOS - ok
22:18:56.0765 1484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:18:56.0765 1484 NetBT - ok
22:18:56.0828 1484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:18:56.0828 1484 NIC1394 - ok
22:18:56.0859 1484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:18:56.0859 1484 Npfs - ok
22:18:56.0875 1484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:18:56.0890 1484 Ntfs - ok
22:18:56.0921 1484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:18:56.0921 1484 Null - ok
22:18:56.0953 1484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:18:56.0968 1484 NwlnkFlt - ok
22:18:56.0968 1484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:18:56.0968 1484 NwlnkFwd - ok
22:18:57.0000 1484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:18:57.0000 1484 ohci1394 - ok
22:18:57.0046 1484 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
22:18:57.0046 1484 PalmUSBD - ok
22:18:57.0078 1484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:18:57.0078 1484 Parport - ok
22:18:57.0093 1484 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:18:57.0093 1484 PartMgr - ok
22:18:57.0109 1484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:18:57.0109 1484 ParVdm - ok
22:18:57.0140 1484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:18:57.0140 1484 PCI - ok
22:18:57.0156 1484 PCIDump - ok
22:18:57.0171 1484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:18:57.0171 1484 PCIIde - ok
22:18:57.0203 1484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:18:57.0203 1484 Pcmcia - ok
22:18:57.0250 1484 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:18:57.0250 1484 pcouffin - ok
22:18:57.0265 1484 PDCOMP - ok
22:18:57.0281 1484 PDFRAME - ok
22:18:57.0296 1484 PDRELI - ok
22:18:57.0312 1484 PDRFRAME - ok
22:18:57.0328 1484 perc2 - ok
22:18:57.0343 1484 perc2hib - ok
22:18:57.0390 1484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:18:57.0406 1484 PptpMiniport - ok
22:18:57.0421 1484 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:18:57.0421 1484 Processor - ok
22:18:57.0437 1484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:18:57.0437 1484 PSched - ok
22:18:57.0453 1484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:18:57.0453 1484 Ptilink - ok
22:18:57.0484 1484 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:18:57.0500 1484 PxHelp20 - ok
22:18:57.0500 1484 ql1080 - ok
22:18:57.0515 1484 Ql10wnt - ok
22:18:57.0546 1484 ql12160 - ok
22:18:57.0562 1484 ql1240 - ok
22:18:57.0578 1484 ql1280 - ok
22:18:57.0593 1484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:18:57.0593 1484 RasAcd - ok
22:18:57.0609 1484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:18:57.0609 1484 Rasl2tp - ok
22:18:57.0640 1484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:18:57.0640 1484 RasPppoe - ok
22:18:57.0656 1484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:18:57.0656 1484 Raspti - ok
22:18:57.0671 1484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:18:57.0687 1484 Rdbss - ok
22:18:57.0703 1484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:18:57.0703 1484 RDPCDD - ok
22:18:57.0718 1484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:18:57.0718 1484 rdpdr - ok
22:18:57.0781 1484 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:18:57.0781 1484 RDPWD - ok
22:18:57.0796 1484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:18:57.0796 1484 redbook - ok
22:18:57.0859 1484 RT2500 (ae1e626f00180bfb3ca5a81fffc65332) C:\WINDOWS\system32\DRIVERS\RT2500.sys
22:18:57.0859 1484 RT2500 - ok
22:18:57.0953 1484 RTHDMIAzAudService (017cc2e361a47461472bc4c08bd12440) C:\WINDOWS\system32\drivers\RtHDMI.sys
22:18:58.0015 1484 RTHDMIAzAudService - ok
22:18:58.0046 1484 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:18:58.0046 1484 RTLE8023xp - ok
22:18:58.0093 1484 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
22:18:58.0093 1484 sbp2port - ok
22:18:58.0140 1484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:18:58.0140 1484 Secdrv - ok
22:18:58.0171 1484 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:18:58.0171 1484 serenum - ok
22:18:58.0187 1484 Serial (1339e612df3b1b86a544936d555726f7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:18:58.0187 1484 Serial ( Rootkit.Win32.ZAccess.e ) - infected
22:18:58.0187 1484 Serial - detected Rootkit.Win32.ZAccess.e (0)
22:18:58.0218 1484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:18:58.0218 1484 Sfloppy - ok
22:18:58.0250 1484 Simbad - ok
22:18:58.0281 1484 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:18:58.0281 1484 SLIP - ok
22:18:58.0296 1484 Sparrow - ok
22:18:58.0328 1484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:18:58.0328 1484 splitter - ok
22:18:58.0375 1484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
22:18:58.0375 1484 sr - ok
22:18:58.0421 1484 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:18:58.0437 1484 Srv - ok
22:18:58.0468 1484 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:18:58.0468 1484 streamip - ok
22:18:58.0484 1484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:18:58.0484 1484 swenum - ok
22:18:58.0515 1484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:18:58.0515 1484 swmidi - ok
22:18:58.0546 1484 symc810 - ok
22:18:58.0562 1484 symc8xx - ok
22:18:58.0578 1484 sym_hi - ok
22:18:58.0593 1484 sym_u3 - ok
22:18:58.0609 1484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:18:58.0625 1484 sysaudio - ok
22:18:58.0703 1484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:18:58.0703 1484 Tcpip - ok
22:18:58.0718 1484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:18:58.0734 1484 TDPIPE - ok
22:18:58.0750 1484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:18:58.0750 1484 TDTCP - ok
22:18:58.0765 1484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:18:58.0765 1484 TermDD - ok
22:18:58.0796 1484 TosIde - ok
22:18:58.0828 1484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:18:58.0828 1484 Udfs - ok
22:18:58.0843 1484 ultra - ok
22:18:58.0875 1484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:18:58.0906 1484 Update - ok
22:18:58.0953 1484 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:18:58.0953 1484 USBAAPL - ok
22:18:59.0000 1484 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:18:59.0000 1484 usbaudio - ok
22:18:59.0031 1484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:18:59.0031 1484 usbccgp - ok
22:18:59.0046 1484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:18:59.0046 1484 usbehci - ok
22:18:59.0062 1484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:18:59.0062 1484 usbhub - ok
22:18:59.0093 1484 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:18:59.0093 1484 usbohci - ok
22:18:59.0109 1484 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:18:59.0109 1484 usbprint - ok
22:18:59.0140 1484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:18:59.0140 1484 usbscan - ok
22:18:59.0171 1484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:18:59.0171 1484 USBSTOR - ok
22:18:59.0218 1484 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:18:59.0218 1484 usbvideo - ok
22:18:59.0234 1484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:18:59.0234 1484 VgaSave - ok
22:18:59.0250 1484 ViaIde - ok
22:18:59.0281 1484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:18:59.0281 1484 VolSnap - ok
22:18:59.0359 1484 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
22:18:59.0375 1484 vsdatant - ok
22:18:59.0421 1484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:18:59.0421 1484 Wanarp - ok
22:18:59.0437 1484 WDICA - ok
22:18:59.0468 1484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:18:59.0468 1484 wdmaud - ok
22:18:59.0546 1484 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:18:59.0546 1484 WmiAcpi - ok
22:18:59.0609 1484 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:18:59.0609 1484 WpdUsb - ok
22:18:59.0640 1484 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:18:59.0640 1484 WSTCODEC - ok
22:18:59.0671 1484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:18:59.0671 1484 WudfPf - ok
22:18:59.0703 1484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:18:59.0703 1484 WudfRd - ok
22:18:59.0796 1484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:18:59.0890 1484 \Device\Harddisk0\DR0 - ok
22:18:59.0937 1484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:19:00.0015 1484 \Device\Harddisk1\DR1 - ok
22:19:00.0062 1484 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR4
22:19:00.0515 1484 \Device\Harddisk2\DR4 - ok
22:19:00.0546 1484 Boot (0x1200) (34216d9ca043cf246cfa437e4144a22d) \Device\Harddisk0\DR0\Partition0
22:19:00.0546 1484 \Device\Harddisk0\DR0\Partition0 - ok
22:19:00.0546 1484 Boot (0x1200) (012e4227f1d2252ff66932f7562b7ddc) \Device\Harddisk1\DR1\Partition0
22:19:00.0546 1484 \Device\Harddisk1\DR1\Partition0 - ok
22:19:00.0578 1484 Boot (0x1200) (a5a02f4fca28e834a949eee191b263b5) \Device\Harddisk2\DR4\Partition0
22:19:00.0578 1484 \Device\Harddisk2\DR4\Partition0 - ok
22:19:00.0578 1484 ============================================================
22:19:00.0578 1484 Scan finished
22:19:00.0578 1484 ============================================================
22:19:00.0593 0172 Detected object count: 2
22:19:00.0593 0172 Actual detected object count: 2
22:20:21.0390 0172 C:\WINDOWS\367380339:2352487146.exe - copied to quarantine
22:20:21.0390 0172 73c7e515 ( HiddenFile.Multi.Generic ) - User select action: Quarantine
22:20:21.0437 0172 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813
22:20:23.0750 0172 Backup copy found, using it..
22:20:23.0765 0172 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
22:20:23.0765 0172 Serial ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

====================

I re-ran MBAM, after re-downloading and updating it. Here's the content of that log file:

mbam-log-2011-10-16 (22-52-15).txt

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7962

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/16/2011 10:52:15 PM
mbam-log-2011-10-16 (22-52-15).txt

Scan type: Quick scan
Objects scanned: 278033
Time elapsed: 21 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
===============

So far, the computer seems to be behaving itself but I need to reinstall Windows Essentials (antivirus/antimalware). We'll see if I encounter the same problems as before.

I do note that the random number executable doesn't appear in the Windows Task Manager's Processes list. That's good news!

Fingers crossed.

Thank you, very much!!



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:25 AM

Posted 17 October 2011 - 12:17 PM

looks good lets do a last look.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users