[A] Trojan horse PSW.Generic10.BRGJ

Inactive
By Deborahhh
Mar 21, 2013
Topic Status:
Not open for further replies.
  1. Hi,
    Yesterday March 20, Firefox disabled Adobe reader (ver 10) and requested I update to latest version (11).
    Upon install of Adobe Reader ver11 AVG resident shield flagged and I put in virus vault the following:
    INFECTION: Trojan horse PSW.Generic10.BRGJ
    OBJECT: C:\Program Files\Adobe\Reader10.0\Reader\rt3d.dll
    PROCESS: C:\windows\system32\msiexec.exe
    I did some research and found others had AVG "false positives" with install
    of Adobe.
    However, today AVG Resident once again flagged the same trojan and I put in virus vault. Below are details:
    INFECTION: Trojan Horse PSW.Generic10.BRGJ
    OBJECT: C:\systemvolume information\_restore (long string of #'s/letters)\rp493\aou96955.dll
    PROCESS: C:\windows\system32\svchost.exe

    I updated Malwarebytes today- and immediatly after "finish" ,Winpatrol flagged a file "israndome.exe" to run on start up. I denied. Malwarebytes needs a reboot to run. I have not rebooted.
    I have also updated to latest Firefox version today , I believe I had ver17 and upon reboot Ver 18.01 will be installed. I have not rebooted since I think I may have a virus problem with installers since Adobe update yesterday.
    I appreciate your help !
    Thank you
    Deborah
  2. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    I have now seen this message on a website :​
    ako si johnny boy!.. Im from the philippines and I am a hacker! be careful with your websites! XD
  3. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  4. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Hi Broni
    Thanks for your reply.
    Here are the logs you requested.
    MBAM:
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.21.14

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Deborah :: HOME-54822832EF [administrator]

    3/21/2013 5:08:12 PM
    mbam-log-2013-03-21 (17-08-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208324
    Time elapsed: 20 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  5. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    DDS.TXT
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Deborah at 18:12:36 on 2013-03-21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.226 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
    C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Virtual Storage Mount Notification: {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [PeachtreePrefetcher.exe] c:\program files\sage software\peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: Interfaces\{0ADD85D4-CB65-4036-A166-D885ECE39E08} : NameServer = 10.177.0.34 10.168.191.116
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll
    STS: Virtual Storage Mount Notification - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
    Hosts: 127.0.0.1 ads.mcafee.com
    Hosts: 127.0.0.1 metrics.bitdefender.com
    Hosts: 127.0.0.1 metrics.mcafee.com
    Hosts: 127.0.0.1 om.symantec.com
    Hosts: 127.0.0.1 wdcs.trendmicro.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\deborah\application data\mozilla\firefox\profiles\6ljv1ced.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?um=1&hl=en&shva=1#inbox|http://www.smbiz.com/sbwday.html
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\deborah\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101721.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: !HIDDEN! 2009-12-18 17:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-11 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-11 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-11 108552]
    R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-7-12 148424]
    R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-2-12 127768]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-12 394952]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-6 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-6 297752]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
    R2 JungleDiskService;JungleDiskService;c:\program files\jungle disk desktop\JungleDiskMonitor.exe [2010-6-16 7131392]
    R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
    S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\sage software\peachtree\SmartPostingService2011.exe [2010-9-13 44400]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
    .
    =============== Created Last 30 ================
    .
    2013-03-21 19:37:41 710504 ----a-w- c:\windows\is-3IU7A.exe
    2013-03-21 15:28:59 921088 ----a-w- c:\program files\mozilla firefox\plugins\webex\1326\atastrm.dll
    2013-03-20 19:43:07 6954968 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{e44306ab-570e-40aa-9ed9-d74d57e84c40}\mpengine.dll
    2013-03-12 17:33:24 -------- d-----w- c:\documents and settings\deborah\local settings\application data\Brother
    2013-03-12 17:33:06 -------- d-----w- c:\program files\Brother
    .
    ==================== Find3M ====================
    .
    2013-03-21 22:13:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-03-21 21:51:52 256 ----a-w- c:\windows\system32\pool.bin
    2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
    2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    .
    ============= FINISH: 18:15:11.70 ===============
  6. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Broni:

    ATTACH.TXT file generates this error message :

    Your post's content was found in Akismet database and was marked as Spam so you are not allowed to post it here. If you believe this was not correct, please reply or use the contact form
    http://www.techspot.com/about.shtml

    I have tried to post it a few times. (?)
    Deborah
  7. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Broni:
    I will try to post in two replies
    ATTACH.TXT

    Well that doesn't work...
    still get error msg :-(
    The following error occurred:

    Your post's content was found in Akismet database and was marked as Spam so you are not allowed to post it here. If you believe this was not correct, please reply or use the contact form http://www.techspot.com/about.shtml
  8. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    I reported this issue to the board owner.
    For now attach the file and I'll post it for you.
  9. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Ok, here is zip file of attach.txt

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/11/2009 2:49:53 PM
    System Uptime: 3/21/2013 5:44:33 PM (1 hours ago)
    .
    Motherboard: Intel Corporation | | D915GEV
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 186 GiB total, 123.455 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP447: 12/28/2012 2:39:40 PM - Software Distribution Service 3.0
    RP448: 12/31/2012 6:28:47 PM - Installed Sage 50 Payroll Solutions Update
    RP449: 1/2/2013 10:14:40 AM - Software Distribution Service 3.0
    RP450: 1/7/2013 11:07:17 AM - Software Distribution Service 3.0
    RP451: 1/7/2013 1:25:50 PM - Installed Sage 50 Payroll Solutions Update
    RP452: 1/8/2013 11:15:43 AM - Software Distribution Service 3.0
    RP453: 1/9/2013 11:29:38 AM - System Checkpoint
    RP454: 1/9/2013 8:02:40 PM - Software Distribution Service 3.0
    RP455: 1/11/2013 12:47:31 PM - Software Distribution Service 3.0
    RP456: 1/15/2013 10:03:42 AM - Software Distribution Service 3.0
    RP457: 1/16/2013 11:41:19 AM - Software Distribution Service 3.0
    RP458: 1/18/2013 12:58:48 PM - Software Distribution Service 3.0
    RP459: 1/22/2013 11:41:45 AM - Software Distribution Service 3.0
    RP460: 1/24/2013 11:13:07 AM - System Checkpoint
    RP461: 1/29/2013 11:15:00 AM - Software Distribution Service 3.0
    RP462: 2/1/2013 2:33:21 PM - System Checkpoint
    RP463: 2/1/2013 3:18:09 PM - Software Distribution Service 3.0
    RP464: 2/4/2013 5:16:59 PM - System Checkpoint
    RP465: 2/5/2013 11:58:52 AM - Software Distribution Service 3.0
    RP466: 2/11/2013 9:38:10 AM - Software Distribution Service 3.0
    RP467: 2/12/2013 3:17:26 PM - System Checkpoint
    RP468: 2/13/2013 12:25:03 PM - Software Distribution Service 3.0
    RP469: 2/13/2013 5:03:37 PM - Software Distribution Service 3.0
    RP470: 2/13/2013 6:25:16 PM - Software Distribution Service 3.0
    RP471: 2/15/2013 10:44:59 AM - Software Distribution Service 3.0
    RP472: 2/18/2013 11:47:24 AM - System Checkpoint
    RP473: 2/19/2013 11:44:38 AM - Software Distribution Service 3.0
    RP474: 2/20/2013 11:46:45 AM - System Checkpoint
    RP475: 2/21/2013 11:55:10 AM - System Checkpoint
    RP476: 2/21/2013 4:35:53 PM - Removed Java 7 Update 9
    RP477: 2/21/2013 4:43:36 PM - Removed Java(TM) 6 Update 14
    RP478: 2/21/2013 4:47:01 PM - Removed JavaFX 2.1.1
    RP479: 2/22/2013 1:41:02 PM - Software Distribution Service 3.0
    RP480: 2/26/2013 11:09:14 AM - System Checkpoint
    RP481: 2/26/2013 12:09:50 PM - Software Distribution Service 3.0
    RP482: 2/27/2013 2:20:09 PM - System Checkpoint
    RP483: 2/28/2013 4:33:57 PM - System Checkpoint
    RP484: 3/4/2013 11:25:34 AM - Software Distribution Service 3.0
    RP485: 3/4/2013 12:27:07 PM - Installed Sage 50 Payroll Solutions Update
    RP486: 3/5/2013 12:58:45 PM - Software Distribution Service 3.0
    RP487: 3/11/2013 11:52:27 AM - Software Distribution Service 3.0
    RP488: 3/12/2013 12:41:11 PM - System Checkpoint
    RP489: 3/13/2013 5:49:14 PM - Software Distribution Service 3.0
    RP490: 3/14/2013 11:46:30 AM - Software Distribution Service 3.0
    RP491: 3/15/2013 12:37:52 PM - Software Distribution Service 3.0
    RP492: 3/20/2013 3:32:13 PM - System Checkpoint
    RP493: 3/20/2013 3:43:02 PM - Software Distribution Service 3.0
    RP494: 3/20/2013 8:04:32 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Amazon MP3 Downloader 1.0.17
    AVG Free 8.5
    Belarc Advisor 7.2
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Blu Dot Clock
    Bullzip PDF Printer 6.0.0.766
    Carbonite Online Backup Setup
    Cisco WebEx Meetings
    Compatibility Pack for the 2007 Office system
    Crystal Reports 2008 Runtime SP1
    CutePDF Writer 2.7
    Duplicate Finder 2009 v2.4
    Easy Duplicate Finder v. 3.0
    Free Disk Analyzer
    Google Chrome
    GoogleToolBar
    GoToMeeting 5.1.0.880
    GPL Ghostscript Lite 8.63
    HDD Health v3.3 Beta
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp LaserJet-all-in-one
    Intel(R) 536EP Modem
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Adapters and Drivers
    Internet Explorer (Enable DEP)
    Jungle Disk Desktop
    LaserAIO
    Malwarebytes Anti-Malware version 1.70.0.1100
    MFC RunTime files
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Fix it Center
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Standard for Students and Teachers
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2005 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird (2.0.0.21)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal Seagate Edition
    Nero OEM
    Network Recording Player
    Opera 11.64
    Peachtree Accounting 2011
    Peachtree Business Analytics
    Peachtree Complete Accounting 2010
    PeachTree Signature Ready Forms
    Pervasive PSQL v10 SP2 Workgroup (32-bit)
    Pervasive Software PSQL v9.1 Client
    Pervasive System Analyzer v9.1
    PowerDVD
    QFolder
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Sage Download Manager
    Sage Message Center
    Sage Software Integration Services
    Scan
    Seagate Manager Installer
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Sophos Virus Removal Tool
    SpeedFan (remove only)
    Spotify
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    Times Reader
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    WinPatrol
    Works Upgrade
    XMLinst
    ZoneAlarm
    ZoneAlarm Spy Blocker
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/15/2013 12:17:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
    3/15/2013 12:17:23 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  11. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  12. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Broni:
    Another "Spam" error for:
    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    The following error occurred:

    Your post's content was found in Akismet database and was marked as Spam so you are not allowed to post it here. If you believe this was not correct, please reply or use the contact form http://www.techspot.com/about.shtml

    Should RogueKiller file be sent zipped?
    Deborah
  13. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Attach it straight as a text file not zipped.
  14. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    As I mentioned in my previous post, when I copy and past Rouge Killer report generates the error msg (SPAM)
    The following error occurred:

    Your post's content was found in Akismet database and was marked as Spam so you are not allowed to post it here. If you believe this was not correct, please reply or use the contact form http://www.techspot.com/about.shtml
  15. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Attach it straight as a text file not zipped.
  16. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Deborah [Admin rights]
    Mode : Scan -- Date : 03/21/2013 19:15:16
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{0ADD85D4-CB65-4036-A166-D885ECE39E08} : NameServer (10.177.0.34 10.168.191.116) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts
  17. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Test message. I am unable to post the Second RK report. The same
    Error msg flagging it as spam appears
  18. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    You must read my replies.
    Attach the file instead of pasting it.
  19. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    I see I did not post the entire RK report above.( I am over 3.5 hours after quitting time and getting tired.)
    I will try again. Here is ONE of the TWO RK reports.

    I am getting the Spam error message..may I please send the RK reports in two separate zip files?
    Thks
    I am getting the spam message just trying to post the text in THIS post.
  20. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    OH sorry-you are correct...I will attach both as straight text...

    Attached Files:

  21. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Malwarebytes Anti-Rootkit (MBAR) is still running. FYI
  22. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Deborah [Admin rights]
    Mode : Scan -- Date : 03/21/2013 19:15:16
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{0ADD85D4-CB65-4036-A166-D885ECE39E08} : NameServer (10.177.0.34 10.168.191.116) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 fr.a2dfp.net
    127.0.0.1 m.fr.a2dfp.net
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 abcstats.com
    127.0.0.1 a.abv.bg
    127.0.0.1 adserver.abv.bg
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 ca.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 track.acclaimnetwork.com
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 achmedia.com
    127.0.0.1 aconti.net
    127.0.0.1 secure.aconti.net
    127.0.0.1 www.aconti.net #[Dialer.Aconti]
    127.0.0.1 ads.active.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3200822AS +++++
    --- User ---
    [MBR] a86d54b10ab3bf20cdba247019f05bc8
    [BSP] 42b2db7d12a842d70b19da703e11e6e5 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190771 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: RIM BlackBerry SD USB Device +++++
    --- User ---
    [MBR] 8a4a3f84a9eda68451f8bdccda84c484
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: RIM BlackBerry USB Device +++++
    --- User ---
    [MBR] a2c8891c7ca01896aef33de5ec349be2
    [BSP] e0c29635b383fc906042b12dafffcda9 : MBR Code unknown
    Partition table:
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_S_03212013_02d1915.txt >>
    RKreport[1].txt ; RKreport[2]_S_03212013_02d1915.txt


    ===================================

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Deborah [Admin rights]
    Mode : Remove -- Date : 03/21/2013 19:16:22
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{0ADD85D4-CB65-4036-A166-D885ECE39E08} : NameServer (10.177.0.34 10.168.191.116) -> NOT REMOVED, USE DNSFIX
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 fr.a2dfp.net
    127.0.0.1 m.fr.a2dfp.net
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 abcstats.com
    127.0.0.1 a.abv.bg
    127.0.0.1 adserver.abv.bg
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 ca.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 track.acclaimnetwork.com
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 achmedia.com
    127.0.0.1 aconti.net
    127.0.0.1 secure.aconti.net
    127.0.0.1 www.aconti.net #[Dialer.Aconti]
    127.0.0.1 ads.active.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3200822AS +++++
    --- User ---
    [MBR] a86d54b10ab3bf20cdba247019f05bc8
    [BSP] 42b2db7d12a842d70b19da703e11e6e5 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190771 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: RIM BlackBerry SD USB Device +++++
    --- User ---
    [MBR] 8a4a3f84a9eda68451f8bdccda84c484
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: RIM BlackBerry USB Device +++++
    --- User ---
    [MBR] a2c8891c7ca01896aef33de5ec349be2
    [BSP] e0c29635b383fc906042b12dafffcda9 : MBR Code unknown
    Partition table:
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[3]_D_03212013_02d1916.txt >>
    RKreport[1].txt ; RKreport[2]_S_03212013_02d1915.txt ; RKreport[3]_D_03212013_02d1916.txt
  23. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Broni:
    While waiting for Malwarebytes Anti-Rootkit to finish;
    Could you advise me what I should do regarding my external hard drive...I backed it up last night and now realize it may have same virus(s) we are trying to remove from my C drive.

    How do I proceed with my external hard drive to make sure it is clean?

    thank you !!
  24. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    For now make sure it's disconnected and remind me of it when we're totally done.
  25. Deborahhh

    Deborahhh Newcomer, in training Topic Starter Posts: 25

    Here is:
    . mbar-log-xxxxx.txt


    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    www.malwarebytes.org

    Database version: v2013.03.21.14

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Deborah :: HOME-54822832EF [administrator]

    3/21/2013 9:00:58 PM
    mbar-log-2013-03-21 (21-00-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28019
    Time elapsed: 1 hour(s), 34 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.