Can't "End Task" or "End Process" in Windows Task Manager

Inactive-A
By BillS
Apr 23, 2013
Topic Status:
Not open for further replies.
  1. Internet explorer appears to be launching in the background when first booting up and going to various web sites like "www2.theengineering.com...". I can't end the task or the processes in Task Manager. In "Proccesses" I see multiple incidences of "iexplore.exe *32" running
  2. BillS

    BillS Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware (Corporate) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.04.22.09
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Bills :: ER-BSWAILS [administrator]
    4/23/2013 8:46:15 AM
    mbam-log-2013-04-23 (08-46-15).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 249187
    Time elapsed: 5 minute(s), 17 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  3. BillS

    BillS Newcomer, in training Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476
    Run by Bills at 9:04:03 on 2013-04-23
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16374.13306 [GMT -6:00]
    .
    AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\hptsvr.exe
    C:\Program Files (x86)\HWRaidManager\XSrvSetup.exe
    C:\Program Files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\nlsInterface.exe
    C:\Program Files (x86)\HWRaidManager\HWRaidManager.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Icon Time Systems\Driver CD\ColoradoCommunicationsService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\net.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\BillS\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\PrintIsolationHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.earthroamer.com/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [RCUI] "C:\PROGRA~2\RINGCE~1\RINGCE~1\RCUI.exe"
    uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe"
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "C:\Users\BillS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    uRun: [AdobeBridge] <no file>
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe"
    dRunOnce: [Shockwave Updater] "C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159615.exe" -Update
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: localhost
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.7.3
    TCP: Interfaces\{64F08190-8439-4BB3-A4E8-B4B1FC18DCBB} : DHCPNameServer = 198.224.160.135 198.224.164.135
    TCP: Interfaces\{B4ADDDE3-D91A-4C4C-96F9-DD35144087D3} : DHCPNameServer = 192.168.7.3
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [SBRegRebootCleaner] C:\Program Files (x86)\GFI Software\Deployment\sbrc.exe
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 rr62x;rr62x;C:\Windows\System32\drivers\rr62x.sys [2010-6-16 156256]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-27 203776]
    R2 hptsvr;Newer Technology Management Service;C:\Program Files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\hptsvr.exe [2011-6-7 57344]
    R2 HWRaidManager;HWRaidManager;C:\Program Files (x86)\HWRaidManager\XSrvSetup.exe [2011-6-7 69632]
    R2 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.EXE [2011-2-15 72192]
    R2 SBAMSvc;VIPRE Business;C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe [2013-2-1 3676416]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-8-1 82872]
    R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe [2013-2-1 175936]
    R2 WebProxyService;Icon Time Systems USB/Serial Web Proxy Server;C:\Program Files (x86)\Icon Time Systems\Driver CD\ColoradoCommunicationsService.exe [2007-11-20 24464]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-12-29 301232]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Symantec AntiVirus;Symantec Endpoint Protection;"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" --> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [?]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-1-8 87336]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-10-15 86816]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2011-2-16 13920]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-9 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2013-04-22 22:59:59 -------- d-----w- C:\Users\BillS\AppData\Local\Programs
    2013-04-18 21:41:34 421888 ----a-w- C:\Users\BillS\AppData\Roaming\wsertb.dll
    2013-04-18 21:41:28 708608 ----a-w- C:\Users\BillS\AppData\Roaming\hadsbe.dll
    2013-04-17 15:54:18 -------- d-----w- C:\Users\BillS\AppData\Roaming\help_images_otherUI
    2013-04-17 15:54:12 -------- d-----w- C:\Program Files\Common Files\eDrawings2013
    2013-04-17 00:18:45 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2013-04-17 00:18:45 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2013-04-17 00:18:45 158720 ----a-w- C:\Windows\System32\aaclient.dll
    2013-04-17 00:18:45 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2013-04-17 00:18:43 3717632 ----a-w- C:\Windows\System32\mstscax.dll
    2013-04-17 00:18:43 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-04-17 00:18:28 3153408 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2013-04-18 14:50:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-18 14:50:59 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-04 20:50:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-02-01 19:59:14 47936 ----a-w- C:\Windows\SysWow64\sbbd.exe
    2013-02-01 19:59:14 47936 ----a-w- C:\Windows\System32\sbbd.exe
    .
    ============= FINISH: 9:04:38.61 ===============
  4. BillS

    BillS Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/29/2010 8:31:01 AM
    System Uptime: 4/23/2013 3:25:44 AM (6 hours ago)
    .
    Motherboard: Dell Inc. | | 0D441T
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU | 2654/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 148 GiB total, 24.09 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 294.847 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    M: is NetworkDisk (NTFS) - 127 GiB total, 101.064 GiB free.
    N: is Removable
    O: is Removable
    P: is NetworkDisk (NTFS) - 931 GiB total, 248.35 GiB free.
    U: is NetworkDisk (NTFS) - 931 GiB total, 248.35 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Symantec Eraser Control driver
    Device ID: ROOT\LEGACY_EECTRL\0000
    Manufacturer:
    Name: Symantec Eraser Control driver
    PNP Device ID: ROOT\LEGACY_EECTRL\0000
    Service: eeCtrl
    .
    ==== System Restore Points ===================
    .
    RP252: 4/12/2013 12:00:01 AM - Scheduled Checkpoint
    RP253: 4/16/2013 6:16:48 PM - Windows Update
    RP254: 4/17/2013 9:53:53 AM - Installed SolidWorks eDrawings 2013 x64.
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.5.4 - CPSID_83708
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Design Standard
    Adobe Flash Player 11 ActiveX
    Adobe Media Player
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Amazon Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Verifier (x64)
    Backuptrans iPhone SMS Backup & Restore 2.10.04
    Backuptrans iPhone SMS Transfer 2.10.04
    Bonjour
    BreezeBrowser Pro
    Canon MF Toolbox 4.9.1.1.mf07
    Canon MF4100 Series
    Canon MF4320-4350
    Debugging Tools for Windows (x64)
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    DetectorTools
    Downloader Pro
    Driver CD
    DWGeditor
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    eReg
    ESET Online Scanner v3
    Free Range Geeks Remote Support
    FREE Word and Excel password recovery Wizard version 2.1.12
    FTP Voyager 15.2
    Garmin USB Drivers
    Garmin WebUpdater
    Genuine Fractals 6.0.8 Professional Edition
    GFI Business Agent
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hardware RAID Manager
    HighPoint Web RAID Management Service
    iCloud
    Intel(R) Network Connections Drivers
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23 (64-bit)
    Java(TM) 6 Update 24
    Logitech SetPoint 6.32
    Macromedia HomeSite 5
    Macromedia HomeSite+
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.0
    Microsoft IntelliPoint 8.1
    Microsoft Office 2003 Web Components
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Microsoft Windows Performance Toolkit
    Microsoft Windows SDK .NET Framework Tools (30514)
    Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
    Microsoft Windows SDK for Windows 7 (7.1)
    Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
    Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
    Microsoft Windows SDK for Windows 7 Samples (30514)
    Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
    Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
    Microsoft Windows SDK MSHelp (30514)
    Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NirSoft BlueScreenView
    Office Password Recovery PRO v1.0 (remove only)
    PDF Settings CS5
    QuickTime
    RingCentral Call Controller
    Safari
    Sage Components
    Sage MAS 90 Workstation (M:\MAS90)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
    SolidWorks 2011 x64 Edition SP02
    SolidWorks eDrawings 2012
    SolidWorks eDrawings 2013 x64
    SolidWorks Explorer 2011 SP02 x64 Edition
    SolidWorks viewer
    TopStyle Lite (Version 3.0)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    Windows Driver Package - Escort, Inc. (usbser) Ports (07/28/2010 1.0.0.0)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows SDK IntellisenseNFX
    Windows Small Business Server 2008 ClientAgent
    Windows Small Business Server 2008 Desktop Links Gadget
    Windows Small Business Server 2008 WMI Provider
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/23/2013 3:27:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
    4/23/2013 3:27:50 AM, Error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    4/23/2013 3:26:26 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    4/23/2013 3:26:24 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    4/23/2013 3:26:22 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain EARTHROAMER due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    4/23/2013 3:26:21 AM, Error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The system cannot find the file specified.
    4/22/2013 5:02:23 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    4/22/2013 4:19:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000005, 0xfffffa800f14b1a0, 0x0000000080863b34, 0xfffffa800f7d2c48). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042213-97110-01.
    4/22/2013 1:32:24 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    4/22/2013 1:32:24 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    4/16/2013 7:48:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000005, 0xfffffa800f1f01a0, 0x0000000080863b34, 0xfffffa800f848c48). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-53523-01.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  6. BillS

    BillS Newcomer, in training Topic Starter

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Bills [Admin rights]
    Mode : Remove -- Date : 04/24/2013 09:09:43
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : hadsbe ("C:\Windows\System32\rundll32.exe" "C:\Users\BillS\AppData\Roaming\hadsbe.dll",CallFunction5) [7] -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : wsertb ("C:\Windows\System32\rundll32.exe" "C:\Users\BillS\AppData\Roaming\wsertb.dll",set_expand) [7] -> DELETED
    [TASK][SUSP PATH] Run RoboForm Process : C:\Users\BillS\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe [7] -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [RUN][HJNAME] [ON_D:Default]HKCU[...]\RunOnce : mctadmin (C:\Windows\System32\mctadmin.exe) [x] -> DELETED
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{5f873117-d242-a737-1a42-e56900b9178e}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{5f873117-d242-a737-1a42-e56900b9178e}\L --> REMOVED
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\Users\Administrator\NTUSER.DAT
    -> D:\Users\Administrator.ER-EXEC-1\NTUSER.DAT
    -> D:\Users\Bill\NTUSER.DAT
    -> D:\Users\Default\NTUSER.DAT
    -> D:\Users\Setup\NTUSER.DAT
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD1600HLFS-75G6U1 +++++
    --- User ---
    [MBR] aca3344b598a52528f1ed4a85420c637
    [BSP] 3cfc57663abb2195f66e045b394cdbf0 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 750 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1617920 | Size: 151796 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD5000AAKS-75V0A0 +++++
    --- User ---
    [MBR] ecf356607c3a6f7952fb2c4dfeaa9d30
    [BSP] e93e644204caf186bcf362caed32ce8c : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: H/W RAID5 +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_04242013_02d0909.txt >>
    RKreport[1]_S_04242013_02d0907.txt ; RKreport[2]_D_04242013_02d0909.txt
  7. BillS

    BillS Newcomer, in training Topic Starter

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org
    Database version: v2013.04.24.06
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Bills :: ER-BSWAILS [administrator]
    4/24/2013 9:29:25 AM
    mbar-log-2013-04-24 (09-29-25).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 31049
    Time elapsed: 9 minute(s), 43 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  8. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    system-log.txt?
  9. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Still with me?
  10. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.