Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Win32/Alureon.DY


  • This topic is locked This topic is locked
17 replies to this topic

#1 tide_belle

tide_belle

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:28 PM

Posted 18 October 2012 - 03:12 PM

Here are the issues in the order I remember them and the actions I tried to take.

* On October 9, received help from narenxp to remove virus from computer, all seemed fine until Monday.
* On Monday-No sound on Youtube after having it on Sunday
*Updated Shockwave-still no sound
* Attempted to double click volume button in notification area-recieved error that no audio driver was installed
*Corrected this by going to control panel and selected the audio driver
* Could not print to printer and computer was not even communicating with it. Has since corrected itself.
*Ran MBAM in Safe Mode and found nothing. Ran SuperAntiSpyware and it found 9 low level threats
*Opened Microsoft Security Essentials and noticed an alert for a Trojan Virus and deleted it (don't remember the date)
* Attempted to update Java from site and received an error message that said installation was interrupted before the installation was complete.
* Tried to verify Java version and it did not detect any Java installed on computer. Check Control Panel and there was on still listed.
* Noticed the Java folder missing from Control Panel.
* Tried to uninstall Java to start from fresh-received message that another user was accessing the program and it could not be removed.
*Disconnected the internet and was then able to uninstall these.
*Same thing happened when I attempted to delete the downloads that install java.
*Summary-Something is deleting files from my computer and changing things deep that are not allowing me to update and install necessary items.




DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jodi at 10:53:57 on 2012-10-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.433 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - hxxp://www.amiuptodate.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344473546312
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://fse001.fiservsco.com/WebCaptureWeb/CheckDepositEnabler.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://64.91.43.203/activex/AxisCamControl.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{42434D17-FF0D-4AC6-B97C-1A2C51100D05} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jodi\application data\mozilla\firefox\profiles\0dgnvtoz.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]
R1 MpKsleb555792;MpKsleb555792;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aa9a4dcd-7685-4717-a172-5951f890b93f}\mpksleb555792.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aa9a4dcd-7685-4717-a172-5951f890b93f}\MpKsleb555792.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-9-6 116608]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-13 54752]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-6 136176]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-11-5 98984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250808]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-6 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 115168]
.
=============== Created Last 30 ================
.
2012-10-18 13:09:24 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c7d0239-0ce1-47a1-98a5-15cf6caf7cdb}\mpengine.dll
2012-10-16 13:03:16 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-14 13:16:37 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-14 13:16:37 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-14 13:13:59 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2012-10-10 02:16:10 -------- d-----w- C:\JRT
2012-09-25 10:38:39 -------- d-----w- c:\program files\iPod
2012-09-25 10:36:42 -------- d-----w- c:\program files\iTunes
2012-09-25 10:36:42 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-25 10:26:53 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2012-10-09 17:11:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:11:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-22 19:51:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-22 19:51:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-31 23:28:10 26112 ----a-w- c:\windows\system32\userinit.exe
.
============= FINISH: 10:58:43.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 21 October 2012 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

#3 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:28 PM

Posted 21 October 2012 - 02:35 PM

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jodi [Admin rights]
Mode : Scan -- Date : 10/21/2012 14:33:22

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3802110A +++++
--- User ---
[MBR] e89ad28b51bd743b6a8034ab657664c3
[BSP] 26fe7d691f9edb5d824e85e8f49dc627 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 53968 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 110607525 | Size: 19053 Mo
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 149629410 | Size: 3223 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 22 October 2012 - 08:20 AM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


Now click Delete on the right hand column under Options
===

Next click on the Processes tab and put a check next to this and uncheck the rest. (if found)

[SVCHOST] svchost.exe -- -> KILLED [TermProc]


Now click Delete on the right hand column under Options

Close the application.

Restart the computer normally.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please post the logs for my review.

#5 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:28 PM

Posted 22 October 2012 - 09:19 AM

nasdaq,
When I first ran RoqueKiller in regualr mode I received the blue screen of death. I then restarted the computer in safe mode and it has given me an error twice and will not run. Suggestions?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 22 October 2012 - 10:49 AM

Do the other scans for now.

Post the logs.

#7 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:28 PM

Posted 22 October 2012 - 12:31 PM

12:17:54.0515 1488 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:17:54.0906 1488 ============================================================
12:17:54.0906 1488 Current date / time: 2012/10/22 12:17:54.0906
12:17:54.0906 1488 SystemInfo:
12:17:54.0906 1488
12:17:54.0906 1488 OS Version: 5.1.2600 ServicePack: 3.0
12:17:54.0906 1488 Product type: Workstation
12:17:54.0906 1488 ComputerName: D7C1CCB1
12:17:54.0906 1488 UserName: Jodi
12:17:54.0906 1488 Windows directory: C:\WINDOWS
12:17:54.0906 1488 System windows directory: C:\WINDOWS
12:17:54.0906 1488 Processor architecture: Intel x86
12:17:54.0906 1488 Number of processors: 1
12:17:54.0906 1488 Page size: 0x1000
12:17:54.0906 1488 Boot type: Safe boot with network
12:17:54.0906 1488 ============================================================
12:17:58.0312 1488 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:17:58.0328 1488 ============================================================
12:17:58.0328 1488 \Device\Harddisk0\DR0:
12:17:58.0328 1488 MBR partitions:
12:17:58.0328 1488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x69682E0
12:17:58.0328 1488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x697BCA5, BlocksNum 0x2536D3D
12:17:58.0328 1488 ============================================================
12:17:58.0390 1488 C: <-> \Device\Harddisk0\DR0\Partition1
12:17:58.0453 1488 D: <-> \Device\Harddisk0\DR0\Partition2
12:17:58.0531 1488 ============================================================
12:17:58.0531 1488 Initialize success
12:17:58.0531 1488 ============================================================
12:18:01.0921 1612 ============================================================
12:18:01.0921 1612 Scan started
12:18:01.0921 1612 Mode: Manual;
12:18:01.0921 1612 ============================================================
12:18:03.0187 1612 ================ Scan system memory ========================
12:18:03.0187 1612 System memory - ok
12:18:03.0218 1612 ================ Scan services =============================
12:18:03.0421 1612 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:18:03.0421 1612 !SASCORE - ok
12:18:04.0015 1612 Abiosdsk - ok
12:18:04.0125 1612 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:18:04.0140 1612 abp480n5 - ok
12:18:04.0265 1612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:18:04.0328 1612 ACPI - ok
12:18:04.0484 1612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:18:04.0515 1612 ACPIEC - ok
12:18:04.0718 1612 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:18:04.0718 1612 AdobeFlashPlayerUpdateSvc - ok
12:18:04.0828 1612 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:18:04.0875 1612 adpu160m - ok
12:18:05.0000 1612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:18:05.0078 1612 aec - ok
12:18:05.0187 1612 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:18:05.0234 1612 AFD - ok
12:18:05.0312 1612 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:18:05.0375 1612 agp440 - ok
12:18:05.0468 1612 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:18:05.0484 1612 agpCPQ - ok
12:18:05.0593 1612 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:18:05.0625 1612 Aha154x - ok
12:18:05.0718 1612 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:18:05.0750 1612 aic78u2 - ok
12:18:05.0781 1612 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:18:05.0812 1612 aic78xx - ok
12:18:05.0890 1612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:18:05.0906 1612 Alerter - ok
12:18:05.0968 1612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:18:05.0984 1612 ALG - ok
12:18:06.0078 1612 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:18:06.0093 1612 AliIde - ok
12:18:06.0156 1612 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:18:06.0171 1612 alim1541 - ok
12:18:06.0281 1612 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:18:06.0296 1612 amdagp - ok
12:18:06.0390 1612 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:18:06.0406 1612 amsint - ok
12:18:06.0484 1612 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:18:06.0515 1612 asc - ok
12:18:06.0546 1612 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:18:06.0546 1612 asc3350p - ok
12:18:06.0578 1612 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:18:06.0593 1612 asc3550 - ok
12:18:06.0843 1612 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:18:07.0078 1612 aspnet_state - ok
12:18:07.0156 1612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:18:07.0203 1612 AsyncMac - ok
12:18:07.0281 1612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:18:07.0281 1612 atapi - ok
12:18:07.0312 1612 Atdisk - ok
12:18:07.0406 1612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:18:07.0453 1612 Atmarpc - ok
12:18:07.0531 1612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:18:07.0562 1612 AudioSrv - ok
12:18:07.0656 1612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:18:07.0703 1612 audstub - ok
12:18:07.0796 1612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:18:07.0796 1612 Beep - ok
12:18:07.0984 1612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:18:08.0140 1612 BITS - ok
12:18:08.0406 1612 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:18:08.0578 1612 Bonjour Service - ok
12:18:08.0671 1612 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:18:08.0687 1612 Browser - ok
12:18:08.0734 1612 bvrp_pci - ok
12:18:08.0906 1612 catchme - ok
12:18:09.0015 1612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:18:09.0093 1612 cbidf - ok
12:18:09.0125 1612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:18:09.0125 1612 cbidf2k - ok
12:18:09.0234 1612 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:18:09.0312 1612 cd20xrnt - ok
12:18:09.0406 1612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:18:09.0421 1612 Cdaudio - ok
12:18:09.0515 1612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:18:09.0546 1612 Cdfs - ok
12:18:09.0609 1612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:18:09.0625 1612 Cdrom - ok
12:18:09.0656 1612 Changer - ok
12:18:09.0734 1612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:18:09.0750 1612 CiSvc - ok
12:18:09.0843 1612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:18:09.0843 1612 ClipSrv - ok
12:18:09.0968 1612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:18:10.0296 1612 clr_optimization_v2.0.50727_32 - ok
12:18:10.0359 1612 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:18:10.0359 1612 CmdIde - ok
12:18:10.0390 1612 COMSysApp - ok
12:18:10.0484 1612 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:18:10.0484 1612 Cpqarray - ok
12:18:10.0593 1612 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
12:18:10.0609 1612 cpudrv - ok
12:18:10.0687 1612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:18:10.0703 1612 CryptSvc - ok
12:18:10.0843 1612 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:18:10.0953 1612 dac2w2k - ok
12:18:11.0046 1612 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:18:11.0046 1612 dac960nt - ok
12:18:11.0250 1612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:18:11.0375 1612 DcomLaunch - ok
12:18:11.0500 1612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:18:11.0531 1612 Dhcp - ok
12:18:11.0609 1612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:18:11.0640 1612 Disk - ok
12:18:11.0750 1612 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
12:18:11.0812 1612 DLABOIOM - ok
12:18:11.0906 1612 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:18:11.0906 1612 DLACDBHM - ok
12:18:11.0968 1612 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
12:18:11.0968 1612 DLADResN - ok
12:18:12.0031 1612 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
12:18:12.0062 1612 DLAIFS_M - ok
12:18:12.0109 1612 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
12:18:12.0109 1612 DLAOPIOM - ok
12:18:12.0140 1612 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
12:18:12.0140 1612 DLAPoolM - ok
12:18:12.0218 1612 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
12:18:12.0218 1612 DLARTL_N - ok
12:18:12.0296 1612 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
12:18:12.0328 1612 DLAUDFAM - ok
12:18:12.0390 1612 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
12:18:12.0406 1612 DLAUDF_M - ok
12:18:12.0453 1612 dmadmin - ok
12:18:12.0765 1612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:18:13.0062 1612 dmboot - ok
12:18:13.0156 1612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:18:13.0234 1612 dmio - ok
12:18:13.0296 1612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:18:13.0296 1612 dmload - ok
12:18:13.0375 1612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:18:13.0375 1612 dmserver - ok
12:18:13.0453 1612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:18:13.0468 1612 DMusic - ok
12:18:13.0562 1612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:18:13.0562 1612 Dnscache - ok
12:18:13.0703 1612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:18:13.0750 1612 Dot3svc - ok
12:18:13.0843 1612 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:18:13.0843 1612 dpti2o - ok
12:18:13.0906 1612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:18:13.0906 1612 drmkaud - ok
12:18:13.0968 1612 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:18:14.0000 1612 DRVMCDB - ok
12:18:14.0093 1612 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:18:14.0109 1612 DRVNDDM - ok
12:18:14.0281 1612 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
12:18:14.0312 1612 DSBrokerService - ok
12:18:14.0453 1612 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:18:14.0468 1612 DSproct - ok
12:18:14.0562 1612 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
12:18:14.0593 1612 dsunidrv - ok
12:18:14.0734 1612 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:18:14.0781 1612 E100B - ok
12:18:14.0859 1612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:18:14.0875 1612 EapHost - ok
12:18:14.0937 1612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:18:14.0968 1612 ERSvc - ok
12:18:15.0093 1612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:18:15.0109 1612 Eventlog - ok
12:18:15.0250 1612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:18:15.0328 1612 EventSystem - ok
12:18:15.0437 1612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:18:15.0484 1612 Fastfat - ok
12:18:15.0609 1612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:18:15.0671 1612 FastUserSwitchingCompatibility - ok
12:18:15.0843 1612 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:18:15.0937 1612 Fax - ok
12:18:16.0015 1612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:18:16.0015 1612 Fdc - ok
12:18:16.0093 1612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:18:16.0109 1612 Fips - ok
12:18:16.0171 1612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:18:16.0187 1612 Flpydisk - ok
12:18:16.0312 1612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:18:16.0375 1612 FltMgr - ok
12:18:16.0500 1612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:18:16.0515 1612 FontCache3.0.0.0 - ok
12:18:16.0609 1612 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
12:18:16.0625 1612 fssfltr - ok
12:18:17.0000 1612 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:18:17.0234 1612 fsssvc - ok
12:18:17.0312 1612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:18:17.0312 1612 Fs_Rec - ok
12:18:17.0437 1612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:18:17.0546 1612 Ftdisk - ok
12:18:17.0625 1612 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:18:17.0625 1612 GEARAspiWDM - ok
12:18:17.0703 1612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:18:17.0718 1612 Gpc - ok
12:18:17.0906 1612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:18:17.0953 1612 gupdate - ok
12:18:18.0156 1612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:18:18.0156 1612 gupdatem - ok
12:18:18.0343 1612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:18:18.0390 1612 helpsvc - ok
12:18:18.0421 1612 HidServ - ok
12:18:18.0531 1612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:18:18.0562 1612 HidUsb - ok
12:18:18.0687 1612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:18:18.0765 1612 hkmsvc - ok
12:18:19.0031 1612 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:18:19.0031 1612 hpn - ok
12:18:19.0265 1612 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:18:19.0562 1612 HSFHWBS2 - ok
12:18:20.0296 1612 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:18:21.0250 1612 HSF_DP - ok
12:18:21.0515 1612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:18:21.0843 1612 HTTP - ok
12:18:21.0968 1612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:18:22.0015 1612 HTTPFilter - ok
12:18:22.0125 1612 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:18:22.0187 1612 i2omgmt - ok
12:18:22.0265 1612 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:18:22.0281 1612 i2omp - ok
12:18:22.0390 1612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:18:22.0437 1612 i8042prt - ok
12:18:23.0234 1612 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:18:24.0468 1612 ialm - ok
12:18:25.0531 1612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:18:26.0796 1612 idsvc - ok
12:18:26.0968 1612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:18:27.0015 1612 Imapi - ok
12:18:27.0218 1612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:18:27.0390 1612 ImapiService - ok
12:18:27.0515 1612 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:18:27.0562 1612 ini910u - ok
12:18:27.0718 1612 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:18:27.0718 1612 IntelIde - ok
12:18:27.0859 1612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:18:27.0937 1612 intelppm - ok
12:18:28.0125 1612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:18:28.0187 1612 Ip6Fw - ok
12:18:28.0328 1612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:18:28.0343 1612 IpFilterDriver - ok
12:18:28.0390 1612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:18:28.0453 1612 IpInIp - ok
12:18:28.0593 1612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:18:28.0656 1612 IpNat - ok
12:18:29.0234 1612 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:18:29.0671 1612 iPod Service - ok
12:18:29.0765 1612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:18:29.0843 1612 IPSec - ok
12:18:30.0125 1612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:18:30.0203 1612 IRENUM - ok
12:18:30.0390 1612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:18:30.0484 1612 isapnp - ok
12:18:31.0046 1612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:18:31.0109 1612 Kbdclass - ok
12:18:31.0250 1612 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:18:31.0265 1612 kbdhid - ok
12:18:31.0437 1612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:18:31.0562 1612 kmixer - ok
12:18:31.0718 1612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:18:31.0828 1612 KSecDD - ok
12:18:31.0937 1612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:18:31.0984 1612 lanmanserver - ok
12:18:32.0156 1612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:18:32.0203 1612 lanmanworkstation - ok
12:18:32.0406 1612 Lavasoft Kernexplorer - ok
12:18:32.0453 1612 Lbd - ok
12:18:32.0484 1612 lbrtfdc - ok
12:18:35.0015 1612 [ 4CCC8AABE7880C56BA10043B8FBCA3EB ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
12:18:37.0984 1612 LeapFrog Connect Device Service - ok
12:18:38.0140 1612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:18:38.0140 1612 LmHosts - ok
12:18:38.0359 1612 [ AB694FA24E02246F9DDCDD729D6B9278 ] lxdnCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
12:18:38.0484 1612 lxdnCATSCustConnectService - ok
12:18:38.0546 1612 lxdn_device - ok
12:18:38.0671 1612 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:18:38.0671 1612 mdmxsdk - ok
12:18:38.0796 1612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:18:38.0875 1612 Messenger - ok
12:18:39.0031 1612 mferkdk - ok
12:18:39.0171 1612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:18:39.0171 1612 mnmdd - ok
12:18:39.0312 1612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:18:39.0406 1612 mnmsrvc - ok
12:18:39.0500 1612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:18:39.0515 1612 Modem - ok
12:18:39.0609 1612 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:18:39.0625 1612 MODEMCSA - ok
12:18:39.0687 1612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:18:39.0703 1612 Mouclass - ok
12:18:39.0812 1612 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:18:39.0843 1612 mouhid - ok
12:18:39.0968 1612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:18:39.0984 1612 MountMgr - ok
12:18:40.0218 1612 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:18:40.0265 1612 MozillaMaintenance - ok
12:18:40.0453 1612 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:18:40.0546 1612 MpFilter - ok
12:18:40.0781 1612 [ A69630D039C38018689190234F866D77 ] MpKsl71e44a1b c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43680A61-466D-4371-842A-13AEA98C6197}\MpKsl71e44a1b.sys
12:18:40.0796 1612 MpKsl71e44a1b - ok
12:18:40.0937 1612 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:18:40.0937 1612 mraid35x - ok
12:18:41.0046 1612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:18:41.0109 1612 MRxDAV - ok
12:18:41.0296 1612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:18:41.0437 1612 MRxSmb - ok
12:18:41.0500 1612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:18:41.0500 1612 MSDTC - ok
12:18:41.0562 1612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:18:41.0578 1612 Msfs - ok
12:18:41.0593 1612 MSIServer - ok
12:18:41.0640 1612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:18:41.0640 1612 MSKSSRV - ok
12:18:41.0765 1612 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:18:41.0765 1612 MsMpSvc - ok
12:18:41.0843 1612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:18:41.0875 1612 MSPCLOCK - ok
12:18:41.0921 1612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:18:41.0921 1612 MSPQM - ok
12:18:42.0000 1612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:18:42.0000 1612 mssmbios - ok
12:18:42.0109 1612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:18:42.0171 1612 Mup - ok
12:18:42.0359 1612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:18:42.0453 1612 napagent - ok
12:18:42.0578 1612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:18:42.0656 1612 NDIS - ok
12:18:42.0718 1612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:18:42.0718 1612 NdisTapi - ok
12:18:42.0796 1612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:18:42.0796 1612 Ndisuio - ok
12:18:42.0859 1612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:18:42.0890 1612 NdisWan - ok
12:18:42.0984 1612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:18:42.0984 1612 NDProxy - ok
12:18:43.0046 1612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:18:43.0062 1612 NetBIOS - ok
12:18:43.0203 1612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:18:43.0265 1612 NetBT - ok
12:18:43.0359 1612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:18:43.0390 1612 NetDDE - ok
12:18:43.0453 1612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:18:43.0453 1612 NetDDEdsdm - ok
12:18:43.0531 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:18:43.0531 1612 Netlogon - ok
12:18:43.0656 1612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:18:43.0703 1612 Netman - ok
12:18:43.0843 1612 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
12:18:43.0906 1612 NetSvc - ok
12:18:44.0015 1612 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:18:44.0062 1612 NetTcpPortSharing - ok
12:18:44.0203 1612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:18:44.0250 1612 Nla - ok
12:18:44.0328 1612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:18:44.0328 1612 Npfs - ok
12:18:44.0578 1612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:18:44.0796 1612 Ntfs - ok
12:18:44.0828 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:18:44.0828 1612 NtLmSsp - ok
12:18:45.0031 1612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:18:45.0312 1612 NtmsSvc - ok
12:18:45.0375 1612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:18:45.0375 1612 Null - ok
12:18:46.0031 1612 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:18:46.0687 1612 nv - ok
12:18:46.0781 1612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:18:46.0781 1612 NwlnkFlt - ok
12:18:46.0875 1612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:18:46.0890 1612 NwlnkFwd - ok
12:18:47.0125 1612 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:18:47.0156 1612 ose - ok
12:18:47.0281 1612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:18:47.0328 1612 Parport - ok
12:18:47.0390 1612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:18:47.0421 1612 PartMgr - ok
12:18:47.0515 1612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:18:47.0515 1612 ParVdm - ok
12:18:47.0593 1612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:18:47.0640 1612 PCI - ok
12:18:47.0671 1612 PCIDump - ok
12:18:47.0796 1612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:18:47.0796 1612 PCIIde - ok
12:18:47.0906 1612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:18:47.0968 1612 Pcmcia - ok
12:18:48.0015 1612 PDCOMP - ok
12:18:48.0046 1612 PDFRAME - ok
12:18:48.0109 1612 PDRELI - ok
12:18:48.0140 1612 PDRFRAME - ok
12:18:48.0203 1612 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:18:48.0218 1612 perc2 - ok
12:18:48.0265 1612 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:18:48.0265 1612 perc2hib - ok
12:18:48.0390 1612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:18:48.0390 1612 PlugPlay - ok
12:18:48.0437 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:18:48.0437 1612 PolicyAgent - ok
12:18:48.0515 1612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:18:48.0531 1612 PptpMiniport - ok
12:18:48.0593 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:18:48.0593 1612 ProtectedStorage - ok
12:18:48.0687 1612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:18:48.0703 1612 PSched - ok
12:18:48.0796 1612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:18:48.0796 1612 Ptilink - ok
12:18:48.0890 1612 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:18:48.0906 1612 PxHelp20 - ok
12:18:48.0984 1612 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:18:49.0015 1612 ql1080 - ok
12:18:49.0125 1612 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:18:49.0156 1612 Ql10wnt - ok
12:18:49.0203 1612 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:18:49.0218 1612 ql12160 - ok
12:18:49.0281 1612 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:18:49.0296 1612 ql1240 - ok
12:18:49.0375 1612 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:18:49.0406 1612 ql1280 - ok
12:18:49.0468 1612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:18:49.0468 1612 RasAcd - ok
12:18:49.0578 1612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:18:49.0625 1612 RasAuto - ok
12:18:49.0703 1612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:18:49.0718 1612 Rasl2tp - ok
12:18:49.0843 1612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:18:49.0921 1612 RasMan - ok
12:18:49.0968 1612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:18:49.0984 1612 RasPppoe - ok
12:18:50.0031 1612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:18:50.0031 1612 Raspti - ok
12:18:50.0125 1612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:18:50.0171 1612 Rdbss - ok
12:18:50.0250 1612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:18:50.0250 1612 RDPCDD - ok
12:18:50.0421 1612 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:18:50.0484 1612 rdpdr - ok
12:18:50.0609 1612 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:18:50.0656 1612 RDPWD - ok
12:18:50.0765 1612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:18:50.0843 1612 RDSessMgr - ok
12:18:50.0906 1612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:18:50.0921 1612 redbook - ok
12:18:51.0000 1612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:18:51.0046 1612 RemoteAccess - ok
12:18:51.0140 1612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:18:51.0171 1612 RpcLocator - ok
12:18:51.0359 1612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:18:51.0375 1612 RpcSs - ok
12:18:51.0468 1612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:18:51.0515 1612 RSVP - ok
12:18:51.0578 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:18:51.0578 1612 SamSs - ok
12:18:51.0640 1612 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:18:51.0640 1612 SASDIFSV - ok
12:18:51.0718 1612 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
12:18:51.0718 1612 SASENUM - ok
12:18:51.0828 1612 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
12:18:51.0843 1612 SASKUTIL - ok
12:18:51.0875 1612 SBRE - ok
12:18:51.0968 1612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:18:52.0000 1612 SCardSvr - ok
12:18:52.0125 1612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:18:52.0218 1612 Schedule - ok
12:18:52.0328 1612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:18:52.0375 1612 Secdrv - ok
12:18:52.0437 1612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:18:52.0453 1612 seclogon - ok
12:18:52.0734 1612 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
12:18:52.0984 1612 senfilt - ok
12:18:53.0062 1612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:18:53.0078 1612 SENS - ok
12:18:53.0156 1612 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:18:53.0156 1612 serenum - ok
12:18:53.0187 1612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:18:53.0218 1612 Serial - ok
12:18:53.0296 1612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:18:53.0312 1612 Sfloppy - ok
12:18:53.0468 1612 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:18:53.0562 1612 SharedAccess - ok
12:18:53.0656 1612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:18:53.0656 1612 ShellHWDetection - ok
12:18:53.0687 1612 Simbad - ok
12:18:53.0765 1612 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:18:53.0781 1612 sisagp - ok
12:18:53.0937 1612 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
12:18:54.0046 1612 smwdm - ok
12:18:54.0203 1612 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:18:54.0296 1612 Sparrow - ok
12:18:54.0343 1612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:18:54.0359 1612 splitter - ok
12:18:54.0453 1612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:18:54.0468 1612 Spooler - ok
12:18:54.0546 1612 sprtsvc_dellsupportcenter - ok
12:18:54.0625 1612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:18:54.0656 1612 sr - ok
12:18:54.0765 1612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:18:54.0812 1612 srservice - ok
12:18:55.0000 1612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:18:55.0109 1612 Srv - ok
12:18:55.0234 1612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:18:55.0312 1612 SSDPSRV - ok
12:18:55.0531 1612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:18:55.0640 1612 stisvc - ok
12:18:55.0718 1612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:18:55.0718 1612 swenum - ok
12:18:55.0781 1612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:18:55.0796 1612 swmidi - ok
12:18:55.0828 1612 SwPrv - ok
12:18:55.0906 1612 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:18:55.0921 1612 symc810 - ok
12:18:55.0968 1612 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:18:55.0984 1612 symc8xx - ok
12:18:56.0015 1612 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:18:56.0031 1612 sym_hi - ok
12:18:56.0078 1612 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:18:56.0093 1612 sym_u3 - ok
12:18:56.0187 1612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:18:56.0234 1612 sysaudio - ok
12:18:56.0343 1612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:18:56.0359 1612 SysmonLog - ok
12:18:56.0515 1612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:18:56.0593 1612 TapiSrv - ok
12:18:56.0765 1612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:18:56.0875 1612 Tcpip - ok
12:18:56.0953 1612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:18:56.0953 1612 TDPIPE - ok
12:18:57.0000 1612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:18:57.0015 1612 TDTCP - ok
12:18:57.0062 1612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:18:57.0078 1612 TermDD - ok
12:18:57.0265 1612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:18:57.0343 1612 TermService - ok
12:18:57.0421 1612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:18:57.0437 1612 Themes - ok
12:18:57.0500 1612 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:18:57.0515 1612 TosIde - ok
12:18:57.0609 1612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:18:57.0671 1612 TrkWks - ok
12:18:57.0781 1612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:18:57.0828 1612 Udfs - ok
12:18:57.0890 1612 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:18:57.0906 1612 ultra - ok
12:18:58.0156 1612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:18:58.0281 1612 Update - ok
12:18:58.0406 1612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:18:58.0468 1612 upnphost - ok
12:18:58.0531 1612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:18:58.0546 1612 UPS - ok
12:18:58.0656 1612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:18:58.0671 1612 usbccgp - ok
12:18:58.0750 1612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:18:58.0750 1612 usbehci - ok
12:18:58.0812 1612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:18:58.0828 1612 usbhub - ok
12:18:58.0890 1612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:18:58.0921 1612 usbprint - ok
12:18:59.0000 1612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:18:59.0000 1612 usbscan - ok
12:18:59.0062 1612 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:18:59.0140 1612 USBSTOR - ok
12:18:59.0218 1612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:18:59.0218 1612 usbuhci - ok
12:18:59.0312 1612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:18:59.0312 1612 VgaSave - ok
12:18:59.0406 1612 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:18:59.0468 1612 viaagp - ok
12:18:59.0515 1612 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:18:59.0531 1612 ViaIde - ok
12:18:59.0609 1612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:18:59.0625 1612 VolSnap - ok
12:18:59.0781 1612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:18:59.0875 1612 VSS - ok
12:19:00.0015 1612 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
12:19:00.0078 1612 w32time - ok
12:19:00.0171 1612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:19:00.0187 1612 Wanarp - ok
12:19:00.0265 1612 wanatw - ok
12:19:00.0296 1612 WDICA - ok
12:19:00.0359 1612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:19:00.0390 1612 wdmaud - ok
12:19:00.0468 1612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:19:00.0531 1612 WebClient - ok
12:19:00.0781 1612 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:19:01.0000 1612 winachsf - ok
12:19:01.0218 1612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:19:01.0250 1612 winmgmt - ok
12:19:01.0390 1612 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:19:01.0437 1612 WmdmPmSN - ok
12:19:01.0562 1612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:19:01.0625 1612 WmiApSrv - ok
12:19:02.0015 1612 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:19:02.0343 1612 WMPNetworkSvc - ok
12:19:02.0406 1612 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:19:02.0437 1612 WpdUsb - ok
12:19:02.0531 1612 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:19:02.0578 1612 wscsvc - ok
12:19:02.0656 1612 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:19:02.0656 1612 wuauserv - ok
12:19:02.0750 1612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:19:02.0796 1612 WudfPf - ok
12:19:02.0890 1612 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:19:02.0937 1612 WudfRd - ok
12:19:03.0031 1612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:19:03.0046 1612 WudfSvc - ok
12:19:03.0390 1612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:19:03.0531 1612 WZCSVC - ok
12:19:03.0625 1612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:19:03.0656 1612 xmlprov - ok
12:19:03.0687 1612 ================ Scan global ===============================
12:19:03.0765 1612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:19:03.0937 1612 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:19:04.0156 1612 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:19:04.0234 1612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:19:04.0234 1612 [Global] - ok
12:19:04.0234 1612 ================ Scan MBR ==================================
12:19:04.0281 1612 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
12:19:04.0656 1612 \Device\Harddisk0\DR0 - ok
12:19:04.0687 1612 ================ Scan VBR ==================================
12:19:04.0703 1612 [ AA9A0B9AAE416C1037D3D9C104C9A81C ] \Device\Harddisk0\DR0\Partition1
12:19:04.0718 1612 \Device\Harddisk0\DR0\Partition1 - ok
12:19:04.0796 1612 [ 0DFE86AC683595BC71C5549997C79252 ] \Device\Harddisk0\DR0\Partition2
12:19:04.0796 1612 \Device\Harddisk0\DR0\Partition2 - ok
12:19:04.0796 1612 ============================================================
12:19:04.0796 1612 Scan finished
12:19:04.0796 1612 ============================================================
12:19:04.0859 1724 Detected object count: 0
12:19:04.0859 1724 Actual detected object count: 0
12:19:32.0484 1340 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 12:19:39
-----------------------------
12:19:39.671 OS Version: Windows 5.1.2600 Service Pack 3
12:19:39.671 Number of processors: 1 586 0x409
12:19:39.671 ComputerName: D7C1CCB1 UserName: Jodi
12:19:40.781 Initialize success
12:24:24.625 AVAST engine defs: 12102200
12:25:29.500 The log file has been saved successfully to "C:\Documents and Settings\Jodi\Desktop\aswMBR 10.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 12:19:39
-----------------------------
12:19:39.671 OS Version: Windows 5.1.2600 Service Pack 3
12:19:39.671 Number of processors: 1 586 0x409
12:19:39.671 ComputerName: D7C1CCB1 UserName: Jodi
12:19:40.781 Initialize success
12:24:24.625 AVAST engine defs: 12102200
12:25:29.500 The log file has been saved successfully to "C:\Documents and Settings\Jodi\Desktop\aswMBR 10.txt"

#8 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:28 PM

Posted 22 October 2012 - 07:03 PM

Finally, I was able to run RK in safe mode after deleting the previous one and clearing all temporary folders.

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


I was able to delete all but the last one and it said "replace" beside it when I clicked on the delete button.


Now click Delete on the right hand column under Options
===

Next click on the Processes tab and put a check next to this and uncheck the rest. (if found)

[SVCHOST] svchost.exe -- -> KILLED [TermProc]


Now click Delete on the right hand column under Options
This one was not found but something else.

**I have now restarted in normal mode (no blue screen yet) and WinPatrol is now alerting me to accept the change of a startup Program %systemroot%\system32\dumprep 0 -k Image is attached.
Any suggestion to what this might be. Also I am attaching my MBR.data file.

Attached Files


Edited by tide_belle, 22 October 2012 - 07:27 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 23 October 2012 - 09:03 AM

**I have now restarted in normal mode (no blue screen yet) and WinPatrol is now alerting me to accept the change of a startup Program %systemroot%\system32\dumprep 0 -k Image is attached


There is no need for this program to run at startup. DO NOT accept the change.

===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#10 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:28 PM

Posted 23 October 2012 - 03:35 PM

ComboFix 12-10-23.01 - Jodi 10/23/2012 12:08:07.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -5:00]
Running from: c:\documents and settings\Jodi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jodi\System
c:\documents and settings\Jodi\System\win_qs8.jqx
c:\documents and settings\Jodi\WINDOWS
c:\program files\Windows Live\Messenger\msacm32.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 12:23 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E02809BF-325E-42E5-B6C5-E656853D215C}\mpengine.dll
2012-10-22 02:26 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-20 18:31 . 2012-10-20 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-10-18 12:24 . 2012-10-18 12:25 -------- d-----w- c:\documents and settings\Mom and Dad
2012-10-16 04:48 . 2012-10-16 04:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-10-16 04:48 . 2012-10-16 04:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2012-10-10 02:16 . 2012-10-10 02:31 -------- d-----w- C:\JRT
2012-09-25 10:38 . 2012-09-25 10:38 -------- d-----w- c:\program files\iPod
2012-09-25 10:36 . 2012-09-25 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-25 10:36 . 2012-09-25 10:43 -------- d-----w- c:\program files\iTunes
2012-09-25 10:26 . 2012-09-25 10:26 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 17:11 . 2012-04-10 22:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:11 . 2011-06-28 12:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2010-09-04 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 19:51 . 2012-06-11 01:43 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-22 19:51 . 2010-11-26 00:14 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 03:03 . 2012-03-21 01:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2011-10-12 03:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2011-10-12 03:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2011-10-12 03:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-10 17:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01 . 2011-12-25 18:12 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2011-12-25 18:12 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:29 . 2004-08-10 17:51 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 03:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-31 23:28 . 2004-08-10 17:51 26112 ----a-w- c:\windows\system32\userinit.exe
2012-10-14 13:16 . 2012-10-14 13:13 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-14 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\bfgclient\\bfgclient.exe"=
"c:\\Program Files\\bfgclient\\bfggameservices.exe"=
"c:\\Program Files\\bfgclient\\bfgprocess.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/6/2010 9:53 AM 116608]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/6/2010 1:13 PM 136176]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [11/5/2008 4:26 PM 98984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 5:25 PM 250808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/6/2010 1:13 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 12872]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/2/2012 3:30 PM 115168]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:11]
.
2012-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-06 18:13]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-06 18:13]
.
2012-10-23 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2012-05-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2530500631-1501206697-2641868570-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2012-10-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2530500631-1501206697-2641868570-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jodi\Application Data\Mozilla\Firefox\Profiles\0dgnvtoz.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-23 12:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2530500631-1501206697-2641868570-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-10-23 12:34:41
ComboFix-quarantined-files.txt 2012-10-23 17:34
ComboFix2.txt 2012-01-04 00:00
.
Pre-Run: 35,843,825,664 bytes free
Post-Run: 35,813,326,848 bytes free
.
- - End Of File - - 67B92B23518A72EE1FED96B421C947EB


Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
WinPatrol
SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
WinPatrol winpatrol.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````



# AdwCleaner v2.005 - Logfile created 10/23/2012 at 15:31:34
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jodi - D7C1CCB1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jodi\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Jodi\Application Data\Mozilla\Firefox\Profiles\0dgnvtoz.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\xf0hlk2q.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1959 octets] - [07/08/2012 07:45:43]
AdwCleaner[S2].txt - [1596 octets] - [09/10/2012 21:08:03]
AdwCleaner[R1].txt - [1089 octets] - [23/10/2012 15:31:34]

########## EOF - C:\AdwCleaner[R1].txt - [1149 octets] ##########

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 24 October 2012 - 08:01 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 7 Update 7


===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Sn].txt (n is a number)..

===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#12 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:28 PM

Posted 24 October 2012 - 08:17 AM

Installation of Java failed. Same error message as before.
Any suggestions?

When ComboFix was running yesterday. WinPatrol recognized a change in the hosts file, I allowed it since ComboFix was running.

Another WinPatrol New Program Alert
C:\WINDOWS\system32\qmgr.dll
BITS-Microsoft Corporation

Do I allow this?


# AdwCleaner v2.005 - Logfile created 10/24/2012 at 08:18:32
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jodi - D7C1CCB1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jodi\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Jodi\Application Data\Mozilla\Firefox\Profiles\0dgnvtoz.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\xf0hlk2q.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1959 octets] - [07/08/2012 07:45:43]
AdwCleaner[S2].txt - [1596 octets] - [09/10/2012 21:08:03]
AdwCleaner[R1].txt - [1218 octets] - [23/10/2012 15:31:34]
AdwCleaner[R2].txt - [1278 octets] - [24/10/2012 08:18:06]
AdwCleaner[S3].txt - [1211 octets] - [24/10/2012 08:18:32]

########## EOF - C:\AdwCleaner[S3].txt - [1271 octets] ##########

Edited by tide_belle, 24 October 2012 - 09:01 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 24 October 2012 - 09:37 AM

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
===

Then to make sure all references to Java is gone run this tool.

Download Revo Uninstaller and remove any programs you are having difficulties in completing the removal using the Add/Remove Programs list.

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Remove everything related to Java.

Keep me posted.

#14 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:28 PM

Posted 24 October 2012 - 01:08 PM

You are OUTSTANDING!!!!! It worked! :thumbsup:
How likely is it that this virus came from something not being updated?
We don't visit peer2peer sites, gaming sites, or other nefarious sites. We just want to make sure that this does not happen again.


Here is the JavaRa log

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Oct 19 10:54:07 2012

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_16

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_21

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_22

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_23

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_24

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_26

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_29

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.6.0_30

Found and removed: C:\Documents and Settings\Jodi\Application Data\Sun\Java\jre1.7.0_05

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: Software\JavaSoft

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.4.2.0

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Oct 19 10:56:21 2012

------------------------------------

Finished reporting.



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Oct 24 12:46:08 2012

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

------------------------------------

Finished reporting.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 24 October 2012 - 01:21 PM

Glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users