Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM.hyjack.help


  • Please log in to reply
3 replies to this topic

#1 marks090

marks090

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 24 December 2012 - 02:07 PM

I have a weird issue. XP latest service pack. Mcafee loaded and Malwarebytes load. As administrator no pum but as user I get pum, won't remove. Also prevents excell spreadsheet errors (corrupted or read-only), also PDF errors cannot open Adobe Acrobat/reader as a user but PDF and excel open under administrator. Please help? In both modes adm or user microsoft updates fails. Please help.
Does not remove on reboot

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Delete on reboot.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
nothing is showing up

Edited by marks090, 25 December 2012 - 11:49 AM.


BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:08:29 PM

Posted 27 December 2012 - 02:31 PM

Hi, Welcome to BC!

Which program is showing this Registry error?

Please post a log from Malwarebytes, AKA MBAM. Please post something recent that where you updated the app before you ran it.

Lets try a few scans, as admin is fine.

Download

ESET online scanner

Install it

Click on START, it should download the virus definitions
When scan completes, click on LIST of found threats

Export the list to desktop, copy the contents of the text file in your reply
You may not get a listing if nothing is found




Please Download Tdsskiller

Run TDSSKiller.exe
Click on Change Parameters
Put a check in the box of Detect TDLFS file system
Start scan
When it is finished the utility outputs a list of detected objects with descriptions:
The utility automatically selects an action (Cure or Delete) for malicious objects and asks you what to do with suspicious objects (Skip, by default)
Just stick with the default options and click Continue
If it wants to reboot please allow it to do so and let me know
Click on Report and post the contents of the text file that will open

By default, the utility outputs the log into system disk (it is usually the disk where the operating system is installed, C:\) root folder. The Log will have a name like: TDSSKiller.Version_Date_Time_log.txt.

#3 marks090

marks090
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 27 December 2012 - 08:58 PM

Thanks for your help

Malwarebytes Anti-Malware (Corporate) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.23.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mark090 :: ELEHHP5RG1 [limited]

12/24/2012 17:14:59
mbam-log-2012-12-24 (17-14-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 165765
Time elapsed: 13 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






ESET showed no issue

20:26:02.0406 1976 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:26:04.0421 1976 ============================================================
20:26:04.0421 1976 Current date / time: 2012/12/27 20:26:04.0421
20:26:04.0421 1976 SystemInfo:
20:26:04.0421 1976
20:26:04.0421 1976 OS Version: 5.1.2600 ServicePack: 3.0
20:26:04.0421 1976 Product type: Workstation
20:26:04.0421 1976 ComputerName: ELEHHP5RG1
20:26:04.0421 1976 UserName: Administrator
20:26:04.0421 1976 Windows directory: C:\WINDOWS
20:26:04.0421 1976 System windows directory: C:\WINDOWS
20:26:04.0421 1976 Processor architecture: Intel x86
20:26:04.0421 1976 Number of processors: 2
20:26:04.0421 1976 Page size: 0x1000
20:26:04.0421 1976 Boot type: Normal boot
20:26:04.0421 1976 ============================================================
20:26:06.0968 1976 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:26:06.0968 1976 ============================================================
20:26:06.0968 1976 \Device\Harddisk0\DR0:
20:26:06.0968 1976 MBR partitions:
20:26:06.0968 1976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
20:26:06.0968 1976 ============================================================
20:26:07.0046 1976 Initialize success
20:26:07.0046 1976 ============================================================
20:36:47.0546 4616 ============================================================
20:36:47.0546 4616 Scan started
20:36:47.0546 4616 Mode: Manual; TDLFS;
20:36:47.0546 4616 ============================================================
20:36:47.0546 4616 ================ Scan system memory ========================
20:36:49.0140 4616 System memory - ok
20:36:49.0140 4616 ================ Scan services =============================
20:36:49.0171 4616 !SASCORE - ok
20:36:49.0187 4616 a320raid - ok
20:36:49.0187 4616 aac - ok
20:36:49.0187 4616 Abiosdsk - ok
20:36:49.0203 4616 abp480n5 - ok
20:36:49.0203 4616 ac97intc - ok
20:36:49.0203 4616 ACPI - ok
20:36:49.0203 4616 ACPIEC - ok
20:36:49.0218 4616 AdobeFlashPlayerUpdateSvc - ok
20:36:49.0218 4616 adpu160m - ok
20:36:49.0218 4616 aec - ok
20:36:49.0218 4616 AFD - ok
20:36:49.0234 4616 agp440 - ok
20:36:49.0234 4616 agpCPQ - ok
20:36:49.0234 4616 Aha154x - ok
20:36:49.0234 4616 aic78u2 - ok
20:36:49.0250 4616 aic78xx - ok
20:36:49.0250 4616 Alerter - ok
20:36:49.0250 4616 ALG - ok
20:36:49.0265 4616 AliIde - ok
20:36:49.0265 4616 alim1541 - ok
20:36:49.0265 4616 amdagp - ok
20:36:49.0265 4616 amsint - ok
20:36:49.0281 4616 ApfiltrService - ok
20:36:49.0281 4616 AppMgmt - ok
20:36:49.0281 4616 Arp1394 - ok
20:36:49.0281 4616 asc - ok
20:36:49.0296 4616 asc3350p - ok
20:36:49.0296 4616 asc3550 - ok
20:36:49.0312 4616 aspnet_state - ok
20:36:49.0312 4616 AsyncMac - ok
20:36:49.0312 4616 atapi - ok
20:36:49.0312 4616 Atdisk - ok
20:36:49.0328 4616 Atmarpc - ok
20:36:49.0328 4616 AudioSrv - ok
20:36:49.0328 4616 audstub - ok
20:36:49.0328 4616 awhost32 - ok
20:36:49.0343 4616 awlegacy - ok
20:36:49.0343 4616 AW_HOST - ok
20:36:49.0343 4616 b57w2k - ok
20:36:49.0359 4616 BCM43XX - ok
20:36:49.0359 4616 BCMWLNPF - ok
20:36:49.0359 4616 Beep - ok
20:36:49.0375 4616 BITS - ok
20:36:49.0375 4616 Browser - ok
20:36:49.0375 4616 catchme - ok
20:36:49.0375 4616 cbidf - ok
20:36:49.0390 4616 cbidf2k - ok
20:36:49.0390 4616 CCDECODE - ok
20:36:49.0390 4616 CcmExec - ok
20:36:49.0406 4616 cd20xrnt - ok
20:36:49.0406 4616 Cdaudio - ok
20:36:49.0406 4616 Cdfs - ok
20:36:49.0406 4616 Cdrom - ok
20:36:49.0421 4616 Changer - ok
20:36:49.0421 4616 CiSvc - ok
20:36:49.0421 4616 ClipSrv - ok
20:36:49.0437 4616 clr_optimization_v2.0.50727_32 - ok
20:36:49.0437 4616 clr_optimization_v4.0.30319_32 - ok
20:36:49.0437 4616 CmBatt - ok
20:36:49.0437 4616 CmdIde - ok
20:36:49.0453 4616 Compbatt - ok
20:36:49.0453 4616 COMSysApp - ok
20:36:49.0453 4616 CO_Mon - ok
20:36:49.0468 4616 Cpqarray - ok
20:36:49.0468 4616 CryptSvc - ok
20:36:49.0468 4616 ctxusbm - ok
20:36:49.0484 4616 dac2w2k - ok
20:36:49.0484 4616 dac960nt - ok
20:36:49.0484 4616 DAZEL Delivery Agent - ok
20:36:49.0484 4616 DcomLaunch - ok
20:36:49.0500 4616 Dhcp - ok
20:36:49.0500 4616 Disk - ok
20:36:49.0500 4616 dmadmin - ok
20:36:49.0500 4616 dmboot - ok
20:36:49.0515 4616 dmio - ok
20:36:49.0515 4616 dmload - ok
20:36:49.0515 4616 dmserver - ok
20:36:49.0515 4616 DMusic - ok
20:36:49.0531 4616 Dnscache - ok
20:36:49.0531 4616 Dot3svc - ok
20:36:49.0531 4616 dpti2o - ok
20:36:49.0546 4616 drmkaud - ok
20:36:49.0546 4616 dsNcAdpt - ok
20:36:49.0546 4616 dsNcService - ok
20:36:49.0546 4616 EapHost - ok
20:36:49.0562 4616 EL90XBC - ok
20:36:49.0562 4616 enstart - ok
20:36:49.0562 4616 enstart_ - ok
20:36:49.0578 4616 enterceptAgent - ok
20:36:49.0578 4616 ERSvc - ok
20:36:49.0578 4616 Eventlog - ok
20:36:49.0578 4616 EventSystem - ok
20:36:49.0593 4616 Fastfat - ok
20:36:49.0593 4616 FastUserSwitchingCompatibility - ok
20:36:49.0593 4616 Fdc - ok
20:36:49.0609 4616 Fips - ok
20:36:49.0609 4616 Firehk - ok
20:36:49.0609 4616 FirehkMP - ok
20:36:49.0609 4616 firelm01 - ok
20:36:49.0625 4616 FirePM - ok
20:36:49.0625 4616 FireTDI - ok
20:36:49.0625 4616 Flpydisk - ok
20:36:49.0640 4616 FltMgr - ok
20:36:49.0640 4616 FontCache3.0.0.0 - ok
20:36:49.0640 4616 Fs_Rec - ok
20:36:49.0640 4616 Ftdisk - ok
20:36:49.0656 4616 Gernuwa - ok
20:36:49.0656 4616 Gpc - ok
20:36:49.0656 4616 HDAudBus - ok
20:36:49.0671 4616 helpsvc - ok
20:36:49.0671 4616 HidServ - ok
20:36:49.0671 4616 HidUsb - ok
20:36:49.0671 4616 HIPK - ok
20:36:49.0687 4616 HIPPSK - ok
20:36:49.0687 4616 HIPQK - ok
20:36:49.0687 4616 hips - ok
20:36:49.0703 4616 hitmanpro36 - ok
20:36:49.0703 4616 hkmsvc - ok
20:36:49.0703 4616 hpn - ok
20:36:49.0718 4616 hpqcxs08 - ok
20:36:49.0718 4616 hpqddsvc - ok
20:36:49.0718 4616 HPZid412 - ok
20:36:49.0734 4616 HPZipr12 - ok
20:36:49.0734 4616 HPZius12 - ok
20:36:49.0734 4616 HSFHWAZL - ok
20:36:49.0734 4616 HSF_DPV - ok
20:36:49.0750 4616 HTTP - ok
20:36:49.0750 4616 HTTPFilter - ok
20:36:49.0750 4616 i2omgmt - ok
20:36:49.0765 4616 i2omp - ok
20:36:49.0765 4616 i8042prt - ok
20:36:49.0765 4616 i81x - ok
20:36:49.0781 4616 iAimFP0 - ok
20:36:49.0781 4616 iAimFP1 - ok
20:36:49.0781 4616 iAimFP2 - ok
20:36:49.0796 4616 iAimFP3 - ok
20:36:49.0796 4616 iAimFP4 - ok
20:36:49.0796 4616 iAimFP5 - ok
20:36:49.0796 4616 iAimFP6 - ok
20:36:49.0812 4616 iAimFP7 - ok
20:36:49.0812 4616 iAimTV0 - ok
20:36:49.0812 4616 iAimTV1 - ok
20:36:49.0828 4616 iAimTV2 - ok
20:36:49.0828 4616 iAimTV3 - ok
20:36:49.0828 4616 iAimTV4 - ok
20:36:49.0843 4616 iAimTV5 - ok
20:36:49.0843 4616 iAimTV6 - ok
20:36:49.0843 4616 ialm - ok
20:36:49.0859 4616 Iap - ok
20:36:49.0859 4616 iaStor - ok
20:36:49.0859 4616 idisw2km - ok
20:36:49.0875 4616 idsvc - ok
20:36:49.0875 4616 Imapi - ok
20:36:49.0875 4616 ImapiService - ok
20:36:49.0890 4616 ini910u - ok
20:36:49.0890 4616 IntelIde - ok
20:36:49.0906 4616 intelppm - ok
20:36:49.0906 4616 ip6fw - ok
20:36:49.0906 4616 IpFilterDriver - ok
20:36:49.0921 4616 IpInIp - ok
20:36:49.0921 4616 IpNat - ok
20:36:49.0921 4616 IPSec - ok
20:36:49.0937 4616 IRENUM - ok
20:36:49.0953 4616 isapnp - ok
20:36:49.0953 4616 JuniperAccessService - ok
20:36:49.0953 4616 Kbdclass - ok
20:36:49.0968 4616 kbdhid - ok
20:36:49.0968 4616 KBSTUFF - ok
20:36:49.0968 4616 kmixer - ok
20:36:49.0984 4616 KSecDD - ok
20:36:49.0984 4616 lanmanserver - ok
20:36:49.0984 4616 lanmanworkstation - ok
20:36:50.0000 4616 lbrtfdc - ok
20:36:50.0015 4616 LmHosts - ok
20:36:50.0015 4616 mbamchameleon - ok
20:36:50.0015 4616 McAfee SiteAdvisor Enterprise Service - ok
20:36:50.0031 4616 McAfeeFramework - ok
20:36:50.0031 4616 McShield - ok
20:36:50.0031 4616 McTaskManager - ok
20:36:50.0046 4616 mdmxsdk - ok
20:36:50.0046 4616 megasas - ok
20:36:50.0062 4616 Messenger - ok
20:36:50.0062 4616 mfeapfk - ok
20:36:50.0062 4616 mfeavfk - ok
20:36:50.0078 4616 mfeavfk01 - ok
20:36:50.0078 4616 mfebopk - ok
20:36:50.0078 4616 mfehidk - ok
20:36:50.0093 4616 mferkdet - ok
20:36:50.0093 4616 mferkdk - ok
20:36:50.0093 4616 mfetdi2k - ok
20:36:50.0109 4616 mfetdik - ok
20:36:50.0109 4616 mfevtp - ok
20:36:50.0125 4616 mnmdd - ok
20:36:50.0125 4616 mnmsrvc - ok
20:36:50.0125 4616 Modem - ok
20:36:50.0140 4616 Mouclass - ok
20:36:50.0140 4616 mouhid - ok
20:36:50.0140 4616 MountMgr - ok
20:36:50.0156 4616 mraid35x - ok
20:36:50.0156 4616 MRxDAV - ok
20:36:50.0171 4616 MRxSmb - ok
20:36:50.0171 4616 MSDTC - ok
20:36:50.0187 4616 Msfs - ok
20:36:50.0187 4616 MSIServer - ok
20:36:50.0203 4616 MSKSSRV - ok
20:36:50.0203 4616 MSPCLOCK - ok
20:36:50.0218 4616 MSPQM - ok
20:36:50.0218 4616 mssmbios - ok
20:36:50.0218 4616 MSTEE - ok
20:36:50.0234 4616 Multi-user Cleanup Service - ok
20:36:50.0234 4616 Mup - ok
20:36:50.0250 4616 NABTSFEC - ok
20:36:50.0250 4616 napagent - ok
20:36:50.0250 4616 NDIS - ok
20:36:50.0265 4616 NdisIP - ok
20:36:50.0265 4616 NdisTapi - ok
20:36:50.0265 4616 Ndisuio - ok
20:36:50.0281 4616 NdisWan - ok
20:36:50.0281 4616 NDProxy - ok
20:36:50.0296 4616 Net Driver HPZ12 - ok
20:36:50.0296 4616 NetBIOS - ok
20:36:50.0296 4616 NetBT - ok
20:36:50.0312 4616 NetDDE - ok
20:36:50.0312 4616 NetDDEdsdm - ok
20:36:50.0328 4616 Netlogon - ok
20:36:50.0328 4616 Netman - ok
20:36:50.0328 4616 NetTcpPortSharing - ok
20:36:50.0343 4616 NIC1394 - ok
20:36:50.0343 4616 NightWatchman - ok
20:36:50.0359 4616 Nla - ok
20:36:50.0359 4616 NomadBranch - ok
20:36:50.0375 4616 Npfs - ok
20:36:50.0375 4616 Ntfs - ok
20:36:50.0375 4616 NtLmSsp - ok
20:36:50.0390 4616 NtmsSvc - ok
20:36:50.0390 4616 Null - ok
20:36:50.0406 4616 NwlnkFlt - ok
20:36:50.0406 4616 NwlnkFwd - ok
20:36:50.0421 4616 NwmSleepless - ok
20:36:50.0421 4616 odserv - ok
20:36:50.0421 4616 ohci1394 - ok
20:36:50.0437 4616 omci - ok
20:36:50.0437 4616 ose - ok
20:36:50.0453 4616 ovt519 - ok
20:36:50.0453 4616 P3 - ok
20:36:50.0468 4616 Parport - ok
20:36:50.0468 4616 PartMgr - ok
20:36:50.0484 4616 ParVdm - ok
20:36:50.0484 4616 PCI - ok
20:36:50.0484 4616 PCIDump - ok
20:36:50.0500 4616 PCIIde - ok
20:36:50.0500 4616 Pcmcia - ok
20:36:50.0515 4616 PDCOMP - ok
20:36:50.0515 4616 PDFRAME - ok
20:36:50.0515 4616 PDRELI - ok
20:36:50.0531 4616 PDRFRAME - ok
20:36:50.0531 4616 perc2 - ok
20:36:50.0546 4616 perc2hib - ok
20:36:50.0562 4616 PlugPlay - ok
20:36:50.0578 4616 Pml Driver HPZ12 - ok
20:36:50.0578 4616 Pointsec - ok
20:36:50.0593 4616 Pointsec_start - ok
20:36:50.0593 4616 PolicyAgent - ok
20:36:50.0609 4616 PptpMiniport - ok
20:36:50.0609 4616 prepdrvr - ok
20:36:50.0625 4616 ProtectedStorage - ok
20:36:50.0625 4616 prot_2k - ok
20:36:50.0640 4616 PSched - ok
20:36:50.0640 4616 Ptilink - ok
20:36:50.0656 4616 ql1080 - ok
20:36:50.0656 4616 Ql10wnt - ok
20:36:50.0671 4616 ql12160 - ok
20:36:50.0671 4616 ql1240 - ok
20:36:50.0687 4616 ql1280 - ok
20:36:50.0687 4616 RasAcd - ok
20:36:50.0687 4616 RasAuto - ok
20:36:50.0703 4616 Rasl2tp - ok
20:36:50.0703 4616 RasMan - ok
20:36:50.0718 4616 RasPppoe - ok
20:36:50.0718 4616 Raspti - ok
20:36:50.0734 4616 Rdbss - ok
20:36:50.0750 4616 RDPCDD - ok
20:36:50.0750 4616 rdpdr - ok
20:36:50.0765 4616 RDPWD - ok
20:36:50.0781 4616 RDSessMgr - ok
20:36:50.0781 4616 redbook - ok
20:36:50.0796 4616 RemoteAccess - ok
20:36:50.0796 4616 RemoteRegistry - ok
20:36:50.0812 4616 RimUsb - ok
20:36:50.0812 4616 RimVSerPort - ok
20:36:50.0812 4616 ROOTMODEM - ok
20:36:50.0828 4616 RpcLocator - ok
20:36:50.0828 4616 RpcSs - ok
20:36:50.0843 4616 RSVP - ok
20:36:50.0843 4616 SamSs - ok
20:36:50.0859 4616 SASDIFSV - ok
20:36:50.0859 4616 SASKUTIL - ok
20:36:50.0875 4616 SCardSvr - ok
20:36:50.0875 4616 Schedule - ok
20:36:50.0890 4616 Secdrv - ok
20:36:50.0906 4616 seclogon - ok
20:36:50.0906 4616 SENS - ok
20:36:50.0921 4616 serenum - ok
20:36:50.0921 4616 Serial - ok
20:36:50.0953 4616 Sfloppy - ok
20:36:50.0968 4616 SharedAccess - ok
20:36:50.0968 4616 ShellHWDetection - ok
20:36:50.0984 4616 Simbad - ok
20:36:50.0984 4616 sisagp - ok
20:36:51.0000 4616 SLIP - ok
20:36:51.0000 4616 SMSIVZAM5 - ok
20:36:51.0015 4616 smsmdd - ok
20:36:51.0015 4616 smstsmgr - ok
20:36:51.0046 4616 Sparrow - ok
20:36:51.0046 4616 splitter - ok
20:36:51.0093 4616 Spooler - ok
20:36:51.0093 4616 sr - ok
20:36:51.0109 4616 srservice - ok
20:36:51.0109 4616 Srv - ok
20:36:51.0125 4616 SSDPSRV - ok
20:36:51.0125 4616 ssfs0bbd - ok
20:36:51.0140 4616 sshrmd - ok
20:36:51.0140 4616 SSI Client Installer - ok
20:36:51.0156 4616 SSI Survey Client - ok
20:36:51.0171 4616 ssidrv - ok
20:36:51.0171 4616 STacSV - ok
20:36:51.0187 4616 STHDA - ok
20:36:51.0187 4616 stisvc - ok
20:36:51.0203 4616 streamip - ok
20:36:51.0218 4616 swenum - ok
20:36:51.0218 4616 swmidi - ok
20:36:51.0234 4616 SwPrv - ok
20:36:51.0250 4616 symc810 - ok
20:36:51.0250 4616 symc8xx - ok
20:36:51.0265 4616 SymEvent - ok
20:36:51.0265 4616 Symmpi - ok
20:36:51.0281 4616 sym_hi - ok
20:36:51.0281 4616 sym_u3 - ok
20:36:51.0296 4616 sysaudio - ok
20:36:51.0296 4616 SysmonLog - ok
20:36:51.0312 4616 TapiSrv - ok
20:36:51.0312 4616 Tcpip - ok
20:36:51.0328 4616 TDPIPE - ok
20:36:51.0328 4616 TDTCP - ok
20:36:51.0343 4616 TermDD - ok
20:36:51.0343 4616 TermService - ok
20:36:51.0359 4616 Themes - ok
20:36:51.0375 4616 TlntSvr - ok
20:36:51.0375 4616 TosIde - ok
20:36:51.0390 4616 TrkWks - ok
20:36:51.0406 4616 Udfs - ok
20:36:51.0406 4616 ultra - ok
20:36:51.0421 4616 Update - ok
20:36:51.0421 4616 UPHClean - ok
20:36:51.0437 4616 upnphost - ok
20:36:51.0437 4616 UPS - ok
20:36:51.0453 4616 usbaudio - ok
20:36:51.0453 4616 usbccgp - ok
20:36:51.0468 4616 USBCCID - ok
20:36:51.0468 4616 usbehci - ok
20:36:51.0484 4616 usbhub - ok
20:36:51.0484 4616 usbprint - ok
20:36:51.0500 4616 usbscan - ok
20:36:51.0515 4616 USBSTOR - ok
20:36:51.0515 4616 usbuhci - ok
20:36:51.0531 4616 vfdrv - ok
20:36:51.0531 4616 VF_Agent - ok
20:36:51.0546 4616 VF_Updater - ok
20:36:51.0546 4616 VgaSave - ok
20:36:51.0562 4616 viaagp - ok
20:36:51.0562 4616 ViaIde - ok
20:36:51.0578 4616 VolSnap - ok
20:36:51.0593 4616 VSS - ok
20:36:51.0609 4616 W32Time - ok
20:36:51.0609 4616 WakeUpAgt - ok
20:36:51.0625 4616 Wanarp - ok
20:36:51.0640 4616 Wdf01000 - ok
20:36:51.0640 4616 WDICA - ok
20:36:51.0656 4616 wdmaud - ok
20:36:51.0656 4616 WebClient - ok
20:36:51.0671 4616 winachsf - ok
20:36:51.0687 4616 winmgmt - ok
20:36:51.0703 4616 WinRM - ok
20:36:51.0734 4616 wltrysvc - ok
20:36:51.0734 4616 WmdmPmSN - ok
20:36:51.0750 4616 Wmi - ok
20:36:51.0750 4616 WmiAcpi - ok
20:36:51.0765 4616 WmiApSrv - ok
20:36:51.0781 4616 WMPNetworkSvc - ok
20:36:51.0781 4616 WpdUsb - ok
20:36:51.0796 4616 WPFFontCache_v0400 - ok
20:36:51.0796 4616 WS2IFSL - ok
20:36:51.0812 4616 wscsvc - ok
20:36:51.0828 4616 WSTCODEC - ok
20:36:51.0828 4616 wuauserv - ok
20:36:51.0843 4616 WudfPf - ok
20:36:51.0843 4616 WudfRd - ok
20:36:51.0859 4616 WudfSvc - ok
20:36:51.0875 4616 WZCSVC - ok
20:36:51.0875 4616 xmlprov - ok
20:36:51.0890 4616 ZSMC301b - ok
20:36:51.0921 4616 ================ Scan global ===============================
20:36:51.0921 4616 [Global] - ok
20:36:51.0921 4616 ================ Scan MBR ==================================
20:36:51.0937 4616 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:36:52.0984 4616 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:36:52.0984 4616 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:36:52.0984 4616 ================ Scan VBR ==================================
20:36:52.0984 4616 [ D02C98F7D0676D007DCA5F3A9A862FA8 ] \Device\Harddisk0\DR0\Partition1
20:36:52.0984 4616 \Device\Harddisk0\DR0\Partition1 - ok
20:36:52.0984 4616 ============================================================
20:36:52.0984 4616 Scan finished
20:36:52.0984 4616 ============================================================
20:36:53.0031 0332 Detected object count: 1
20:36:53.0031 0332 Actual detected object count: 1
20:37:07.0546 0332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:37:07.0546 0332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#4 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:08:29 PM

Posted 28 December 2012 - 08:36 AM

I could probably help you with this but since TDSSKiller found something you will be better off to move on to the Malware Response Team where they have more training and better tools\toys. Good luck! Please be patient as they are always busy, you will be in very good hands!


Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users