Inactive [A] Trojan horse PSW.Generic10.BRGJ

[Deborahhh]

Hi,
Yesterday March 20, Firefox disabled Adobe reader (ver 10) and requested I update to latest version (11).
Upon install of Adobe Reader ver11 AVG resident shield flagged and I put in virus vault the following:
INFECTION: Trojan horse PSW.Generic10.BRGJ
OBJECT: C:\Program Files\Adobe\Reader10.0\Reader\rt3d.dll
PROCESS: C:\windows\system32\msiexec.exe
I did some research and found others had AVG "false positives" with install
of Adobe.
However, today AVG Resident once again flagged the same trojan and I put in virus vault. Below are details:
INFECTION: Trojan Horse PSW.Generic10.BRGJ
OBJECT: C:\systemvolume information\_restore (long string of #'s/letters)\rp493\aou96955.dll
PROCESS: C:\windows\system32\svchost.exe

I updated Malwarebytes today- and immediatly after "finish" ,Winpatrol flagged a file "israndome.exe" to run on start up. I denied. Malwarebytes needs a reboot to run. I have not rebooted.
I have also updated to latest Firefox version today , I believe I had ver17 and upon reboot Ver 18.01 will be installed. I have not rebooted since I think I may have a virus problem with installers since Adobe update yesterday.
I appreciate your help !
Thank you
Deborah

 

[Deborahhh]

[CENTER]I have now seen this message on a website :[/CENTER]
[FONT=mceinline]ako si johnny boy!.. Im from the philippines and I am a hacker! be careful with your websites! XD[/FONT]

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Deborahhh]

Hi Broni
Thanks for your reply.
Here are the logs you requested.
MBAM:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Deborah :: HOME-54822832EF [administrator]

3/21/2013 5:08:12 PM
mbam-log-2013-03-21 (17-08-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208324
Time elapsed: 20 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Deborahhh]

DDS.TXT
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Deborah at 18:12:36 on 2013-03-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.226 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: Virtual Storage Mount Notification: {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [PeachtreePrefetcher.exe] c:\program files\sage software\peachtree\PeachtreePrefetcher.exe /configfileeachtreeprefetcher.winstart.config
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{0ADD85D4-CB65-4036-A166-D885ECE39E08} : NameServer = 10.177.0.34 10.168.191.116
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll
STS: Virtual Storage Mount Notification - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - c:\windows\system32\VSMntNtf.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\deborah\application data\mozilla\firefox\profiles\6ljv1ced.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?um=1&hl=en&shva=1#inbox|http://www.smbiz.com/sbwday.html
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\deborah\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-12-18 17:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-11 108552]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-7-12 148424]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-2-12 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-12 394952]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-6 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-6 297752]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 JungleDiskService;JungleDiskService;c:\program files\jungle disk desktop\JungleDiskMonitor.exe [2010-6-16 7131392]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\sage software\peachtree\SmartPostingService2011.exe [2010-9-13 44400]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
.
=============== Created Last 30 ================
.
2013-03-21 19:37:41 710504 ----a-w- c:\windows\is-3IU7A.exe
2013-03-21 15:28:59 921088 ----a-w- c:\program files\mozilla firefox\plugins\webex\1326\atastrm.dll
2013-03-20 19:43:07 6954968 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{e44306ab-570e-40aa-9ed9-d74d57e84c40}\mpengine.dll
2013-03-12 17:33:24 -------- d-----w- c:\documents and settings\deborah\local settings\application data\Brother
2013-03-12 17:33:06 -------- d-----w- c:\program files\Brother
.
==================== Find3M ====================
.
2013-03-21 22:13:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-21 21:51:52 256 ----a-w- c:\windows\system32\pool.bin
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 18:15:11.70 ===============

 

[Deborahhh]

Broni:

ATTACH.TXT file generates this error message :

Your post's content was found in Akismet database and was marked as Spam so you are not allowed to post it here. If you believe this was not correct, please reply or use the contact form
https://www.techspot.com/about.shtml

I have tried to post it a few times. (?)
Deborah

 

[Deborahhh]

Broni:
I will try to post in two replies
ATTACH.TXT

Well that doesn't work...
still get error msg :-(
The following error occurred:

Your post's content was found in Akismet database and was marked as Spam so you are not allowed to post it here. If you believe this was not correct, please reply or use the contact form https://www.techspot.com/about.shtml

 

[Broni]

I reported this issue to the board owner.
For now attach the file and I'll post it for you.

 

[Deborahhh]

Ok, here is zip file of attach.txt

 

[Broni]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/11/2009 2:49:53 PM
System Uptime: 3/21/2013 5:44:33 PM (1 hours ago)
.
Motherboard: Intel Corporation | | D915GEV
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 123.455 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP447: 12/28/2012 2:39:40 PM - Software Distribution Service 3.0
RP448: 12/31/2012 6:28:47 PM - Installed Sage 50 Payroll Solutions Update
RP449: 1/2/2013 10:14:40 AM - Software Distribution Service 3.0
RP450: 1/7/2013 11:07:17 AM - Software Distribution Service 3.0
RP451: 1/7/2013 1:25:50 PM - Installed Sage 50 Payroll Solutions Update
RP452: 1/8/2013 11:15:43 AM - Software Distribution Service 3.0
RP453: 1/9/2013 11:29:38 AM - System Checkpoint
RP454: 1/9/2013 8:02:40 PM - Software Distribution Service 3.0
RP455: 1/11/2013 12:47:31 PM - Software Distribution Service 3.0
RP456: 1/15/2013 10:03:42 AM - Software Distribution Service 3.0
RP457: 1/16/2013 11:41:19 AM - Software Distribution Service 3.0
RP458: 1/18/2013 12:58:48 PM - Software Distribution Service 3.0
RP459: 1/22/2013 11:41:45 AM - Software Distribution Service 3.0
RP460: 1/24/2013 11:13:07 AM - System Checkpoint
RP461: 1/29/2013 11:15:00 AM - Software Distribution Service 3.0
RP462: 2/1/2013 2:33:21 PM - System Checkpoint
RP463: 2/1/2013 3:18:09 PM - Software Distribution Service 3.0
RP464: 2/4/2013 5:16:59 PM - System Checkpoint
RP465: 2/5/2013 11:58:52 AM - Software Distribution Service 3.0
RP466: 2/11/2013 9:38:10 AM - Software Distribution Service 3.0
RP467: 2/12/2013 3:17:26 PM - System Checkpoint
RP468: 2/13/2013 12:25:03 PM - Software Distribution Service 3.0
RP469: 2/13/2013 5:03:37 PM - Software Distribution Service 3.0
RP470: 2/13/2013 6:25:16 PM - Software Distribution Service 3.0
RP471: 2/15/2013 10:44:59 AM - Software Distribution Service 3.0
RP472: 2/18/2013 11:47:24 AM - System Checkpoint
RP473: 2/19/2013 11:44:38 AM - Software Distribution Service 3.0
RP474: 2/20/2013 11:46:45 AM - System Checkpoint
RP475: 2/21/2013 11:55:10 AM - System Checkpoint
RP476: 2/21/2013 4:35:53 PM - Removed Java 7 Update 9
RP477: 2/21/2013 4:43:36 PM - Removed Java(TM) 6 Update 14
RP478: 2/21/2013 4:47:01 PM - Removed JavaFX 2.1.1
RP479: 2/22/2013 1:41:02 PM - Software Distribution Service 3.0
RP480: 2/26/2013 11:09:14 AM - System Checkpoint
RP481: 2/26/2013 12:09:50 PM - Software Distribution Service 3.0
RP482: 2/27/2013 2:20:09 PM - System Checkpoint
RP483: 2/28/2013 4:33:57 PM - System Checkpoint
RP484: 3/4/2013 11:25:34 AM - Software Distribution Service 3.0
RP485: 3/4/2013 12:27:07 PM - Installed Sage 50 Payroll Solutions Update
RP486: 3/5/2013 12:58:45 PM - Software Distribution Service 3.0
RP487: 3/11/2013 11:52:27 AM - Software Distribution Service 3.0
RP488: 3/12/2013 12:41:11 PM - System Checkpoint
RP489: 3/13/2013 5:49:14 PM - Software Distribution Service 3.0
RP490: 3/14/2013 11:46:30 AM - Software Distribution Service 3.0
RP491: 3/15/2013 12:37:52 PM - Software Distribution Service 3.0
RP492: 3/20/2013 3:32:13 PM - System Checkpoint
RP493: 3/20/2013 3:43:02 PM - Software Distribution Service 3.0
RP494: 3/20/2013 8:04:32 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Amazon MP3 Downloader 1.0.17
AVG Free 8.5
Belarc Advisor 7.2
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Blu Dot Clock
Bullzip PDF Printer 6.0.0.766
Carbonite Online Backup Setup
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
Crystal Reports 2008 Runtime SP1
CutePDF Writer 2.7
Duplicate Finder 2009 v2.4
Easy Duplicate Finder v. 3.0
Free Disk Analyzer
Google Chrome
GoogleToolBar
GoToMeeting 5.1.0.880
GPL Ghostscript Lite 8.63
HDD Health v3.3 Beta
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet-all-in-one
Intel(R) 536EP Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Internet Explorer (Enable DEP)
Jungle Disk Desktop
LaserAIO
Malwarebytes Anti-Malware version 1.70.0.1100
MFC RunTime files
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (2.0.0.21)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal Seagate Edition
Nero OEM
Network Recording Player
Opera 11.64
Peachtree Accounting 2011
Peachtree Business Analytics
Peachtree Complete Accounting 2010
PeachTree Signature Ready Forms
Pervasive PSQL v10 SP2 Workgroup (32-bit)
Pervasive Software PSQL v9.1 Client
Pervasive System Analyzer v9.1
PowerDVD
QFolder
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Sage Download Manager
Sage Message Center
Sage Software Integration Services
Scan
Seagate Manager Installer
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sophos Virus Removal Tool
SpeedFan (remove only)
Spotify
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Times Reader
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
WinPatrol
Works Upgrade
XMLinst
ZoneAlarm
ZoneAlarm Spy Blocker
.
==== Event Viewer Messages From Past Week ========
.
3/15/2013 12:17:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
3/15/2013 12:17:23 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

[Broni]

Download RogueKiller on the desktop

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Deborahhh]

Broni:
Another "Spam" error for:
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
The following error occurred:

Your post's content was found in Akismet database and was marked as Spam so you are not allowed to post it here. If you believe this was not correct, please reply or use the contact form https://www.techspot.com/about.shtml

Should RogueKiller file be sent zipped?
Deborah

 

[Broni]

Attach it straight as a text file not zipped.

 

[Deborahhh]

As I mentioned in my previous post, when I copy and past Rouge Killer report generates the error msg (SPAM)
The following error occurred:

Your post's content was found in Akismet database and was marked as Spam so you are not allowed to post it here. If you believe this was not correct, please reply or use the contact form https://www.techspot.com/about.shtml

 

[Broni]

Attach it straight as a text file not zipped.

 

[Deborahhh]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Deborah [Admin rights]
Mode : Scan -- Date : 03/21/2013 19:15:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{0ADD85D4-CB65-4036-A166-D885ECE39E08} : NameServer (10.177.0.34 10.168.191.116) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

 

[Deborahhh]

Test message. I am unable to post the Second RK report. The same
Error msg flagging it as spam appears

 

[Broni]

You must read my replies.
Attach the file instead of pasting it.

 

[Deborahhh]

I see I did not post the entire RK report above.( I am over 3.5 hours after quitting time and getting tired.)
I will try again. Here is ONE of the TWO RK reports.

I am getting the Spam error message..may I please send the RK reports in two separate zip files?
Thks
I am getting the spam message just trying to post the text in THIS post.

 

[Deborahhh]

OH sorry-you are correct...I will attach both as straight text...

 

[Deborahhh]

Malwarebytes Anti-Rootkit (MBAR) is still running. FYI

 

[Broni]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Deborah [Admin rights]
Mode : Scan -- Date : 03/21/2013 19:15:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{0ADD85D4-CB65-4036-A166-D885ECE39E08} : NameServer (10.177.0.34 10.168.191.116) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
127.0.0.1 ads.active.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200822AS +++++
--- User ---
[MBR] a86d54b10ab3bf20cdba247019f05bc8
[BSP] 42b2db7d12a842d70b19da703e11e6e5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190771 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: RIM BlackBerry SD USB Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: RIM BlackBerry USB Device +++++
--- User ---
[MBR] a2c8891c7ca01896aef33de5ec349be2
[BSP] e0c29635b383fc906042b12dafffcda9 : MBR Code unknown
Partition table:
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_S_03212013_02d1915.txt >>
RKreport[1].txt ; RKreport[2]_S_03212013_02d1915.txt


===================================

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Deborah [Admin rights]
Mode : Remove -- Date : 03/21/2013 19:16:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{0ADD85D4-CB65-4036-A166-D885ECE39E08} : NameServer (10.177.0.34 10.168.191.116) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
127.0.0.1 ads.active.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200822AS +++++
--- User ---
[MBR] a86d54b10ab3bf20cdba247019f05bc8
[BSP] 42b2db7d12a842d70b19da703e11e6e5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190771 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: RIM BlackBerry SD USB Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: RIM BlackBerry USB Device +++++
--- User ---
[MBR] a2c8891c7ca01896aef33de5ec349be2
[BSP] e0c29635b383fc906042b12dafffcda9 : MBR Code unknown
Partition table:
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_D_03212013_02d1916.txt >>
RKreport[1].txt ; RKreport[2]_S_03212013_02d1915.txt ; RKreport[3]_D_03212013_02d1916.txt

 

[Deborahhh]

Broni:
While waiting for Malwarebytes Anti-Rootkit to finish;
Could you advise me what I should do regarding my external hard drive...I backed it up last night and now realize it may have same virus(s) we are trying to remove from my C drive.

How do I proceed with my external hard drive to make sure it is clean?

thank you !!

 

[Broni]

For now make sure it's disconnected and remind me of it when we're totally done.

 

[Deborahhh]

Here is:
. mbar-log-xxxxx.txt


Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.21.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Deborah :: HOME-54822832EF [administrator]

3/21/2013 9:00:58 PM
mbar-log-2013-03-21 (21-00-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28019
Time elapsed: 1 hour(s), 34 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)