Sign in to follow this  
Followers 0
fleet

Virus.Win32.Rloader.a- Malware

12 posts in this topic

Hi I found a Malware on a PC. when I run TSD killer found- Virus.Win32.Rloader.a.

after cleaning the malware I rebooted the PC and found the virus again.

any solution much appritiated.

Thank you

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

------->Logs will be closed if you haven't replied within 3 days!<--------

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Getting the logs today. was away on the weekend. Thank you for the help will update it today.

Share this post


Link to post
Share on other sites

Attach.txt.

-------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 22/05/2009 11:16:13 AM

System Uptime: 28/05/2012 2:00:51 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0M858N

Processor: Intel® Core2 Duo CPU E8600 @ 3.33GHz | CPU | 3324/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 263.376 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP778: 28/02/2012 9:32:26 PM - System Checkpoint

RP779: 29/02/2012 11:31:16 PM - System Checkpoint

RP780: 02/03/2012 1:31:07 AM - System Checkpoint

RP781: 03/03/2012 1:52:19 AM - System Checkpoint

RP782: 04/03/2012 3:52:20 AM - System Checkpoint

RP783: 05/03/2012 5:52:20 AM - System Checkpoint

RP784: 06/03/2012 7:52:11 AM - System Checkpoint

RP785: 07/03/2012 8:46:06 AM - Software Distribution Service 3.0

RP786: 08/03/2012 6:22:26 PM - System Checkpoint

RP787: 09/03/2012 7:04:28 PM - System Checkpoint

RP788: 14/03/2012 12:51:39 PM - System Checkpoint

RP789: 15/03/2012 3:00:30 AM - Software Distribution Service 3.0

RP790: 16/03/2012 12:53:43 PM - System Checkpoint

RP791: 19/03/2012 5:31:37 PM - System Checkpoint

RP792: 20/03/2012 5:32:51 PM - System Checkpoint

RP793: 21/03/2012 6:59:10 PM - System Checkpoint

RP794: 22/03/2012 12:06:25 PM - Installed TurboTax 2011.

RP795: 23/03/2012 5:27:10 PM - System Checkpoint

RP796: 26/03/2012 5:21:26 PM - System Checkpoint

RP797: 27/03/2012 5:45:38 PM - System Checkpoint

RP798: 28/03/2012 5:47:30 PM - System Checkpoint

RP799: 29/03/2012 5:51:58 PM - System Checkpoint

RP800: 30/03/2012 6:04:34 PM - System Checkpoint

RP801: 02/04/2012 12:54:38 PM - System Checkpoint

RP802: 03/04/2012 5:06:57 PM - System Checkpoint

RP803: 04/04/2012 5:29:34 PM - System Checkpoint

RP804: 05/04/2012 5:32:33 PM - System Checkpoint

RP805: 09/04/2012 5:29:03 PM - System Checkpoint

RP806: 10/04/2012 6:57:25 PM - System Checkpoint

RP807: 11/04/2012 3:00:18 AM - Software Distribution Service 3.0

RP808: 16/04/2012 5:38:49 PM - System Checkpoint

RP809: 17/04/2012 7:25:02 PM - System Checkpoint

RP810: 19/04/2012 6:08:29 PM - System Checkpoint

RP811: 20/04/2012 7:12:55 PM - System Checkpoint

RP812: 21/04/2012 9:12:54 PM - System Checkpoint

RP813: 22/04/2012 9:12:58 PM - System Checkpoint

RP814: 23/04/2012 11:12:56 PM - System Checkpoint

RP815: 25/04/2012 1:12:51 AM - System Checkpoint

RP816: 26/04/2012 1:14:23 AM - System Checkpoint

RP817: 27/04/2012 3:12:44 AM - System Checkpoint

RP818: 28/04/2012 5:12:45 AM - System Checkpoint

RP819: 29/04/2012 7:12:46 AM - System Checkpoint

RP820: 30/04/2012 12:57:39 PM - System Checkpoint

RP821: 01/05/2012 3:35:51 PM - System Checkpoint

RP822: 02/05/2012 12:58:16 PM - Removed Skype™ 4.2

RP823: 02/05/2012 12:58:20 PM - Installed Skype™ 5.9

RP824: 03/05/2012 1:32:25 PM - System Checkpoint

RP825: 04/05/2012 4:05:10 PM - System Checkpoint

RP826: 07/05/2012 6:09:46 PM - System Checkpoint

RP827: 08/05/2012 6:17:50 PM - System Checkpoint

RP828: 09/05/2012 7:10:41 PM - System Checkpoint

RP829: 10/05/2012 11:14:54 AM - Software Distribution Service 3.0

RP830: 11/05/2012 6:03:42 PM - System Checkpoint

RP831: 12/05/2012 7:32:09 PM - System Checkpoint

RP832: 13/05/2012 9:32:11 PM - System Checkpoint

RP833: 15/05/2012 12:53:01 PM - System Checkpoint

RP834: 16/05/2012 5:39:29 PM - System Checkpoint

RP835: 17/05/2012 7:29:07 PM - System Checkpoint

RP836: 18/05/2012 7:32:03 PM - System Checkpoint

RP837: 19/05/2012 9:32:05 PM - System Checkpoint

RP838: 20/05/2012 9:32:09 PM - System Checkpoint

RP839: 21/05/2012 11:32:10 PM - System Checkpoint

RP840: 22/05/2012 3:00:13 AM - Software Distribution Service 3.0

RP841: 22/05/2012 11:30:37 AM - Software Distribution Service 3.0

RP842: 23/05/2012 6:08:01 PM - System Checkpoint

RP843: 24/05/2012 7:14:13 PM - System Checkpoint

RP844: 25/05/2012 9:40:39 AM - Restore Operation

RP845: 25/05/2012 11:38:16 AM - Restore Operation

RP846: 25/05/2012 11:42:00 AM - Restore Operation

RP847: 25/05/2012 3:00:56 PM - Installed AVG 2012

RP848: 25/05/2012 3:01:18 PM - Installed AVG 2012

RP849: 26/05/2012 3:00:15 AM - Software Distribution Service 3.0

RP850: 27/05/2012 3:49:15 AM - System Checkpoint

RP851: 28/05/2012 12:07:16 PM - System Checkpoint

.

==== Hosts File Hijack ======================

.

Hosts: 66.197.194.231 www.google-analytics.com.

Hosts: 66.197.194.231 ad-emea.doubleclick.net.

Hosts: 66.197.194.231 www.statcounter.com.

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

Hosts: 69.72.252.254 www.statcounter.com.

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Adobe Acrobat 9 Pro

Adobe Acrobat 9.5.1 - CPSID_83708

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

ATI Catalyst Control Center

ATI Display Driver

AVG 2012

Bing Bar

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Thai

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Polish

CCC Help Portuguese

CCC Help Spanish

CCC Help Thai

Choice Guard

Cobian Backup 10

Critical Update for Windows Media Player 11 (KB959772)

EPSON Perfection V500 Photo Scanner Driver Update

EPSON Perfection V500P User's Guide

EPSON Scan

FileOpen Client

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Network Connections 13.1.34.2

Intel® PRO Alerting Agent

Java 6 Update 13

Junk Mail filter update

Kaspersky Anti-Virus 6.0 for Windows Workstations

Kaspersky Lab Network Agent

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)

QuickTax 2009

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB2675157)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skype™ 5.9

Sonic CinePlayer Decoder Pack

TurboTax 2010

TurboTax 2011

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VNC 4.0

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows NT Messaging

Windows Presentation Foundation

Windows Search 4.0

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

27/05/2012 10:36:10 PM, error: NETLOGON [5719] - No Domain Controller is available for domain BMTFTL due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

25/05/2012 9:21:09 AM, error: NETLOGON [5719] - No Domain Controller is available for domain BMTFTL due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

25/05/2012 5:15:32 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

25/05/2012 2:28:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

25/05/2012 2:28:42 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

25/05/2012 2:28:42 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

25/05/2012 11:46:32 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

25/05/2012 11:42:28 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

.

==== End Of File ===========================

----------------

DDS.txt

-----------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Administrator at 14:06:01 on 2012-05-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2322 [GMT -4:00]

.

AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

C:\Program Files\Microsoft\BingBar\BBSvc.EXE

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Cobian Backup 10\Cobian.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

C:\Program Files\FileOpen\Services\FileOpenBroker32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Cobian Backup 10\cbInterface.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.live.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [second Copy 2000] "c:\program files\seccopy\SecCopy.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Cobian Backup 10] "c:\program files\cobian backup 10\Cobian.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe"

mRun: [FileOpenBroker] c:\program files\fileopen\services\FileOpenBroker32.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\scieplgn.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243020010406

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243021753484

DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://c:\windows\msxml4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll

Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 66.197.194.231 www.google-analytics.com.

Hosts: 66.197.194.231 ad-emea.doubleclick.net.

Hosts: 66.197.194.231 www.statcounter.com.

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\a4s9hyzi.default\

FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-5-13 24064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-11-12 126480]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-1 231512]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680]

R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManagerSvc32.exe [2011-12-9 213888]

R2 klnagent;Kaspersky Lab Network Agent;c:\program files\kaspersky lab\networkagent 8\klnagent.exe [2010-10-20 141688]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-10 654408]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-5-13 144480]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-9-3 24848]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-10 22344]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-10 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]

S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [2004-2-13 12928]

.

=============== Created Last 30 ================

.

2012-05-28 14:33:47 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-05-25 20:36:14 -------- d-----w- C:\Stuff to Keep

2012-05-25 19:47:04 -------- d-----w- c:\documents and settings\administrator\application data\AVG2012

2012-05-25 19:12:15 -------- d--h--w- C:\$AVG

2012-05-25 19:01:35 -------- d-----w- c:\windows\system32\drivers\AVG

2012-05-25 19:01:35 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-05-25 19:00:57 -------- d-----w- c:\program files\AVG

2012-05-25 18:58:50 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-05-25 18:58:37 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-05-25 15:53:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-25 13:44:45 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2012-05-25 13:38:06 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-10 15:25:47 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-10 14:13:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

==================== Find3M ====================

.

2012-05-25 15:45:32 187776 ----a-w- c:\windows\system32\drivers\acpi.sys

2012-05-10 15:25:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-11 13:26:09 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:23:21 1871360 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:42:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-01 01:25:04 832512 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 01:25:03 78336 ----a-w- c:\windows\system32\ieencode.dll

2012-03-01 01:25:03 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2012-03-01 01:25:03 17408 ----a-w- c:\windows\system32\corpol.dll

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

.

============= FINISH: 14:06:48.50 ===============

Share this post


Link to post
Share on other sites

Do you have the log from RogueKiller??

Can you post it, MrC

Share this post


Link to post
Share on other sites

RK Log- Thanks.

-----------------------

Time : 25/05/2012 12:20:00

--------------------------

Time : 25/05/2012 12:20:29

--------------------------

Time : 25/05/2012 12:21:20

--------------------------

Time : 25/05/2012 12:21:44

--------------------------

Time : 25/05/2012 12:22:05

--------------------------

Time : 25/05/2012 15:54:09

--------------------------

Time : 25/05/2012 15:55:08

--------------------------

Time : 28/05/2012 14:12:31

--------------------------

Time : 28/05/2012 14:13:10

--------------------------

Time : 28/05/2012 14:13:34

--------------------------

Time : 28/05/2012 14:14:30

--------------------------

Time : 28/05/2012 14:14:51

--------------------------

Share this post


Link to post
Share on other sites

I don't know what you posted but this is what a RogueKiller log looks like:

roguekiller scan report

RogueKiller V7.4.5 [05/18/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: bobby [Admin rights]

Mode: Scan -- Date: 05/19/2012 15:01:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1935655697-412668190-682003330-1003[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND

[bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HIDDEN VAL] HKLM\[...]\Run : @ () -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\documents and settings\bobby\application data\adobe\plugs --> FOUND

[FOLDER] shed : c:\documents and settings\bobby\application data\adobe\shed --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

64.46.38.57 www.google-analytics.com.

64.46.38.57 ad-emea.doubleclick.net.

64.46.38.57 www.statcounter.com.

178.250.45.15 www.google-analytics.com.

178.250.45.15 ad-emea.doubleclick.net.

178.250.45.15 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6L200M0 +++++

--- User ---

[MBR] 3f1ffece4e8133efce6b110922446a17

[bSP] ebac06f2b83d96fb525c7818499228dd : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 94468 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 193470795 | Size: 100006 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrC

Share this post


Link to post
Share on other sites

Ran it again. Thanks

-------------------

RogueKiller V7.5.0 [05/24/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrator [Admin rights]

Mode: Scan -- Date: 05/28/2012 15:56:22

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

66.197.194.231 www.google-analytics.com.

66.197.194.231 ad-emea.doubleclick.net.

66.197.194.231 www.statcounter.com.

69.72.252.254 www.google-analytics.com.

69.72.252.254 ad-emea.doubleclick.net.

69.72.252.254 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 +++++

--- User ---

[MBR] c089aeafd9b98d1c636237d0d7f68bca

[bSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 305204 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Patriot Memory USB Device +++++

--- User ---

[MBR] d021bc95c78d364abc454d90e6402f33

[bSP] 3cbab33dec6586a0c708d883b95bdef6 : Standard MBR Code

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 2015 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK, run RogueKiller again and click Scan

When the scan completes > click on the HostFix button on the right hand side.

Put a check next to all of these and uncheck the rest:

--------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.