caewe12 Posted November 18, 2012 ID:614268 Share Posted November 18, 2012 Was infected with File Restore and FBI MoneyPak in the same week. Trying to clean it up but in way over my head. Help. Please. CAE Link to post Share on other sites More sharing options...
MrCharlie Posted November 18, 2012 ID:614285 Share Posted November 18, 2012 What's the operating system and can you boot into safe mode?See if you can....start here:Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs here.....DDS.txt and Attach.txt<====><====><====><====><====><====><====><====>Next.......Please remove any usb or external drives from the computer before you run this scan!Quit all running programs.Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 48 hours, please send me a PM) Link to post Share on other sites More sharing options...
caewe12 Posted November 18, 2012 Author ID:614395 Share Posted November 18, 2012 Hi,I have Windows XP. I should have come straight to the forum but instead did some self medicating (I know bad idea). Not sure if I can even recall everything I've done but if you need me to I can try. I am able to boot up and access the internet and am no longer being redirected. Here are the logs. Thank you for your help. Cheryl E.PS - Somehow Yahoo.genieo got invited to the party. I tried to get rid of it but don't think I did. I reset my homepage but think it's stil lurking.DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORKInternet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31Run by Ekenbarger's at 8:05:40 on 2012-11-18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2136 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}.============== Running Processes ================.C:\Program Files\Webroot\WRSA.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Webroot\WRSA.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalService.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.cox.net/uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sdURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dllBHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\ekenbarger's\application data\defaulttab\defaulttab\DefaultTabBHO.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exemRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [HostManager] c:\program files\common files\aol\1178326658\ee\AOLSoftware.exemRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exemRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [sigmatelSysTrayApp] stsystra.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -kmRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -uluPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoViewOnDrive = dword:0uPolicies-Explorer: NoDrives = dword:0uPolicies-Explorer: DisableLocalMachineRun = dword:0uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0uPolicies-Explorer: DisableCurrentUserRun = dword:0uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0uPolicies-Explorer: NoDriveTypeAutoRun = dword:0uPolicies-Explorer: NoFile = dword:0uPolicies-Explorer: HideClock = dword:0uPolicies-Explorer: NoDevMgrUpdate = dword:0uPolicies-Explorer: NoDFSTab = dword:0uPolicies-Explorer: NoWindowsUpdate = dword:0uPolicies-Explorer: NoEncryptOnMove = dword:0uPolicies-Explorer: NoRunasInstallPrompt = dword:0uPolicies-Explorer: NoResolveTrack = dword:0uPolicies-Explorer: NoStartMenuSubFolders = dword:0uPolicies-System: NoDispAppearancePage = dword:0uPolicies-System: NoDispSettingsPage = dword:0mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoViewOnDrive = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: DisableLocalMachineRun = dword:0mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0mPolicies-Explorer: DisableCurrentUserRun = dword:0mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:0mPolicies-Explorer: NoFile = dword:0mPolicies-Explorer: HideClock = dword:0mPolicies-Explorer: NoDevMgrUpdate = dword:0mPolicies-Explorer: NoDFSTab = dword:0mPolicies-Explorer: NoWindowsUpdate = dword:0mPolicies-Explorer: NoEncryptOnMove = dword:0mPolicies-Explorer: NoRunasInstallPrompt = dword:0mPolicies-Explorer: NoResolveTrack = dword:0mPolicies-Explorer: NoStartMenuSubFolders = dword:0mPolicies-System: NoDispAppearancePage = dword:0mPolicies-System: NoDispSettingsPage = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoViewOnDrive = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: DisableLocalMachineRun = dword:0mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0mPolicies-Explorer: DisableCurrentUserRun = dword:0mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:0mPolicies-Explorer: NoFile = dword:0mPolicies-Explorer: HideClock = dword:0mPolicies-Explorer: NoDevMgrUpdate = dword:0mPolicies-Explorer: NoDFSTab = dword:0mPolicies-Explorer: NoWindowsUpdate = dword:0mPolicies-Explorer: NoEncryptOnMove = dword:0mPolicies-Explorer: NoRunasInstallPrompt = dword:0mPolicies-Explorer: NoResolveTrack = dword:0mPolicies-Explorer: NoStartMenuSubFolders = dword:0mPolicies-System: NoDispAppearancePage = dword:0mPolicies-System: NoDispSettingsPage = dword:0IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cabDPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www6.iepdirect.com/ScriptX_6_5/smsx.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://e-talk1.whps.org/dwa7W.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dllFF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: c:\program files\nos\bin\np_gp.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpiFF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.============= SERVICES / DRIVERS ===============.R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-11-17 112656]R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-11-17 729544]S2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-11-8 568832]S2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\ekenbarger's\application data\defaulttab\defaulttab\DTUpdate.exe [2012-11-11 107520]S2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2006-5-21 34916]S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-10 5120]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-18 34248]S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-18 40552]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896].=============== Created Last 30 ================.2012-11-17 21:17:57 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys2012-11-17 16:41:17 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys2012-11-17 13:23:12 150712 ----a-w- c:\windows\system32\WRusr.dll2012-11-17 13:23:12 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys2012-11-17 13:23:09 -------- d-----w- c:\program files\Webroot2012-11-17 13:21:19 -------- d-----w- c:\documents and settings\all users\application data\WRData2012-11-17 12:58:59 -------- d-----w- C:\CCE_Quarantine2012-11-17 09:33:02 -------- d-----w- c:\documents and settings\ekenbarger's\application data\Utduu2012-11-17 09:33:02 -------- d-----w- c:\documents and settings\ekenbarger's\application data\Bykegy2012-11-11 12:08:39 -------- d-----w- c:\program files\DefaultTab2012-11-11 12:08:28 -------- d-----w- c:\documents and settings\ekenbarger's\application data\DefaultTab2012-11-06 22:50:59 -------- d-----w- c:\program files\Spybot - Search & Destroy2012-11-06 00:54:32 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro2012-10-30 22:48:56 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe.==================== Find3M ====================.2012-10-30 22:48:56 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-09-24 22:56:12 417792 ------w- c:\windows\Setup1.exe2012-09-24 22:56:10 73216 ----a-w- c:\windows\ST6UNST.EXE2012-09-17 14:09:15 56 --sh--r- c:\windows\system32\86307A10A8.sys2012-09-17 14:09:15 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-08-28 15:14:52 1469440 ---h--w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07:15 385024 ---ha-w- c:\windows\system32\html.iec2012-08-24 13:53:22 177664 ---ha-w- c:\windows\system32\wintrust.dll2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-08-21 17:01:22 106928 ---ha-w- c:\windows\system32\GEARAspi.dll2012-08-21 13:33:26 2148864 ---ha-w- c:\windows\system32\ntoskrnl.exe2012-08-21 12:58:09 2027520 ---ha-w- c:\windows\system32\ntkrnlpa.exe.============= FINISH: 8:10:02.42 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-07.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 9/20/2005 7:58:34 PMSystem Uptime: 11/18/2012 7:59:01 AM (1 hours ago).Motherboard: Dell Inc. | | 0X8582Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 146 GiB total, 88.342 GiB free.D: is CDROM ()E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1331: 8/8/2012 5:11:21 AM - System CheckpointRP1332: 8/9/2012 6:05:24 AM - System CheckpointRP1333: 8/10/2012 7:00:43 AM - System CheckpointRP1334: 8/11/2012 7:54:45 AM - System CheckpointRP1335: 8/12/2012 8:49:36 AM - System CheckpointRP1336: 8/13/2012 9:26:33 AM - System CheckpointRP1337: 8/14/2012 10:20:49 AM - System CheckpointRP1338: 8/15/2012 11:15:03 AM - System CheckpointRP1339: 8/15/2012 8:00:17 PM - Software Distribution Service 3.0RP1340: 8/16/2012 8:20:22 PM - System CheckpointRP1341: 8/17/2012 9:14:20 PM - System CheckpointRP1342: 8/18/2012 9:33:22 PM - System CheckpointRP1343: 8/19/2012 10:55:05 PM - System CheckpointRP1344: 8/20/2012 11:26:30 PM - System CheckpointRP1345: 8/22/2012 12:20:33 AM - System CheckpointRP1346: 8/23/2012 1:14:46 AM - System CheckpointRP1347: 8/24/2012 1:41:48 AM - System CheckpointRP1348: 8/25/2012 2:35:58 AM - System CheckpointRP1349: 8/26/2012 3:30:15 AM - System CheckpointRP1350: 8/27/2012 4:25:33 AM - System CheckpointRP1351: 8/28/2012 5:20:47 AM - System CheckpointRP1352: 8/29/2012 6:16:11 AM - System CheckpointRP1353: 8/30/2012 7:25:33 AM - System CheckpointRP1354: 8/31/2012 8:04:39 AM - System CheckpointRP1355: 9/1/2012 11:07:15 AM - System CheckpointRP1356: 9/2/2012 11:53:21 AM - System CheckpointRP1357: 9/3/2012 12:56:42 PM - System CheckpointRP1358: 9/4/2012 1:48:12 PM - System CheckpointRP1359: 9/5/2012 1:53:11 PM - System CheckpointRP1360: 9/6/2012 2:27:28 PM - System CheckpointRP1361: 9/7/2012 2:34:12 PM - System CheckpointRP1362: 9/8/2012 3:51:01 PM - System CheckpointRP1363: 9/9/2012 4:10:08 PM - System CheckpointRP1364: 9/10/2012 5:19:29 PM - System CheckpointRP1365: 9/11/2012 6:02:17 PM - System CheckpointRP1366: 9/12/2012 6:56:26 PM - System CheckpointRP1367: 9/12/2012 8:00:16 PM - Software Distribution Service 3.0RP1368: 9/13/2012 8:50:41 PM - System CheckpointRP1369: 9/14/2012 9:45:05 PM - System CheckpointRP1370: 9/16/2012 7:58:00 AM - System CheckpointRP1371: 9/17/2012 8:31:00 AM - System CheckpointRP1372: 9/18/2012 9:23:31 AM - System CheckpointRP1373: 9/19/2012 10:17:53 AM - System CheckpointRP1374: 9/20/2012 11:12:06 AM - System CheckpointRP1375: 9/21/2012 12:06:20 PM - System CheckpointRP1376: 9/21/2012 8:00:16 PM - Software Distribution Service 3.0RP1377: 9/22/2012 8:20:32 PM - System CheckpointRP1378: 9/23/2012 8:59:04 PM - System CheckpointRP1379: 9/24/2012 7:01:47 PM - Printer Driver Amyuni PDF Converter 2.07 InstalledRP1380: 9/25/2012 7:37:03 PM - System CheckpointRP1381: 9/26/2012 8:31:29 PM - System CheckpointRP1382: 9/27/2012 8:46:55 PM - System CheckpointRP1383: 9/28/2012 8:48:24 PM - System CheckpointRP1384: 9/29/2012 9:20:59 PM - System CheckpointRP1385: 9/30/2012 10:11:15 PM - System CheckpointRP1386: 10/1/2012 11:03:59 PM - System CheckpointRP1387: 10/2/2012 11:08:15 PM - System CheckpointRP1388: 10/3/2012 11:53:58 PM - System CheckpointRP1389: 10/5/2012 12:49:35 AM - System CheckpointRP1390: 10/6/2012 1:43:57 AM - System CheckpointRP1391: 10/7/2012 2:38:22 AM - System CheckpointRP1392: 10/8/2012 3:32:45 AM - System CheckpointRP1393: 10/9/2012 4:25:49 AM - System CheckpointRP1394: 10/10/2012 5:20:04 AM - System CheckpointRP1395: 10/11/2012 6:00:58 AM - System CheckpointRP1396: 10/11/2012 8:00:17 PM - Software Distribution Service 3.0RP1397: 10/12/2012 8:21:37 PM - System CheckpointRP1398: 10/13/2012 9:17:01 PM - System CheckpointRP1399: 10/14/2012 9:54:14 PM - System CheckpointRP1400: 10/15/2012 10:09:47 PM - System CheckpointRP1401: 10/16/2012 11:03:50 PM - System CheckpointRP1402: 10/17/2012 11:57:50 PM - System CheckpointRP1403: 10/19/2012 12:03:03 AM - System CheckpointRP1404: 10/20/2012 12:25:17 AM - System CheckpointRP1405: 10/21/2012 1:19:49 AM - System CheckpointRP1406: 10/22/2012 2:14:18 AM - System CheckpointRP1407: 10/23/2012 3:11:16 AM - System CheckpointRP1408: 10/24/2012 3:59:05 AM - System CheckpointRP1409: 10/25/2012 4:46:09 AM - System CheckpointRP1410: 10/26/2012 5:22:58 AM - System CheckpointRP1411: 10/27/2012 6:17:06 AM - System CheckpointRP1412: 10/28/2012 7:11:14 AM - System CheckpointRP1413: 10/29/2012 8:21:12 AM - System CheckpointRP1414: 10/30/2012 8:29:42 AM - System CheckpointRP1415: 10/31/2012 8:47:06 AM - System CheckpointRP1416: 11/1/2012 9:41:31 AM - System CheckpointRP1417: 11/2/2012 10:37:09 AM - System CheckpointRP1418: 11/3/2012 11:43:21 AM - System CheckpointRP1419: 11/4/2012 1:55:24 PM - System Checkpoint.==== Installed Programs ======================.ABBYY FineReader 6.0 SprintAcrobat.comAdobe Reader X (10.1.4)AOL Coach Version 1.0(Build:20040229.1 en)AOL Uninstaller (Choose which Products to Remove)AOLIconApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft Software SuiteATI Control PanelATI Display DriverBonjourCompatibility Pack for the 2007 Office systemCreative MediaSourceDAO 3.5DB CIF CamDefaultTabDefaultTab ChromeDell Media ExperienceDell Photo AIO Printer 924Dell Picture Studio v3.0Dell Support 3.2.1Dell System RestoreEarthLink setup filesERUNT 1.1jESET Online Scanner v3FoneSyncGet High Speed Internet!GIMP 2.6.6Google ChromeGoogle DriveGoogle EarthGoogle SketchUp 6Google Toolbar for Internet ExplorerGoogle Update HelperGoogle UpdaterHigh Definition Audio Driver Package - KB835221Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB942288-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Intel Matrix Storage ManagerIntel® 537EP V9x DF PCI ModemIntel® PRO Network Connections Software v9.2.4.11Intel® PROSafe for Wired ConnectionsInternet Explorer Default PageiTunesJasc Paint Shop Photo Album 5Jasc Paint Shop Pro Studio, Dell EditonJava Auto UpdaterJava 6 Update 31LiveUpdate 3.2 (Symantec Corporation)Macromedia Flash PlayerMalwarebytes Anti-Malware version 1.62.0.1300Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Picture It! Publishing 2001Microsoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30411Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Word 2000 SR-1Microsoft Works 2001 Setup LauncherMicrosoft Works 6.0Microsoft Works Suite Add-in for Microsoft WordMobileMe Control PanelModem Event MonitorModem HelperModem On HoldMove Networks Media Player for Internet ExplorerMozilla Firefox 10.0.2 (x86 en-US)MSNMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 6 Service Pack 2 (KB973686)Musicmatch for Windows Media PlayerNetZeroInstallersNickToons RacingNikon Message CenterNorton GhostPdf995PdfEdit995Photo ClickPictureProjectPowerDVD 5.5QuickBooks Simple Start Special EditionQuicken Basic 2000QuickTimeRayman Raving RabbidsRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealUpgrade 1.1SafariSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969897)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972260)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)ShockwaveSonic DLASonic RecordNow AudioSonic RecordNow CopySonic RecordNow DataSonic Update ManagerSound Blaster Live! 24-bitSPORE™SPORE™ Galactic AdventuresSTICKIDSTaxCut Basic 2006Type to Learn 3Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB972636)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB942763)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Viewpoint Media PlayerWebFldrs XPWebroot SecureAnywhereWindows Genuine Advantage v1.3.0254.0Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Installer Clean UpWindows Internet Explorer 8Windows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 11Windows PowerShell 1.0Windows XP Service Pack 3WordPerfect Office 12Works Suite OS PackWorks Synchronization.==== Event Viewer Messages From Past Week ========.11/18/2012 8:01:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm11/17/2012 9:31:43 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.11/17/2012 8:54:52 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.11/17/2012 8:13:33 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SymSnapService service, but this action failed with the following error: An instance of the service is already running.11/17/2012 8:12:33 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).11/17/2012 8:12:33 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).11/17/2012 8:12:33 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).11/17/2012 8:12:33 PM, error: Service Control Manager [7031] - The SymSnapService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).11/17/2012 8:12:32 PM, error: Service Control Manager [7031] - The Norton Ghost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.11/17/2012 8:12:32 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/17/2012 7:48:02 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: An instance of the service is already running.11/17/2012 7:47:52 PM, error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.11/11/2012 9:30:10 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.11/11/2012 9:29:45 PM, error: SRService [104] - The System Restore initialization process failed.11/11/2012 9:05:21 PM, error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).11/11/2012 8:52:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/11/2012 8:26:15 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 87bdf097, parameter3 ba4f7a90, parameter4 ba4f778c.11/11/2012 7:38:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}11/11/2012 7:30:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv11/11/2012 7:08:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}.==== End Of File ===========================RogueKiller V8.3.0 [Nov 18 2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Website: http://tigzy.geekstogo.com/roguekiller.phpBlog: http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Safe mode with network supportUser : Ekenbarger's [Admin rights]Mode : Scan -- Date : 11/18/2012 08:19:14¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 6 ¤¤¤[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Infection : Root.MBR ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Maxtor 6Y160M0 +++++--- User ---[MBR] e8c4ef311439380bf8161fe3e04c23d1[bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknownPartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 MoUser != LL1 ... KO!--- LL1 ---[MBR] 1234b9627f851ba5c40b58d46ae5bfa5[bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown [possible maxSST in 3!]Partition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312496380 | Size: 1 MoUser != LL2 ... KO!--- LL2 ---[MBR] 1234b9627f851ba5c40b58d46ae5bfa5[bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown [possible maxSST in 3!]Partition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312496380 | Size: 1 Mo+++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 +++++Error reading User MBR!User = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1]_S_11182012_02d0819.txt >>RKreport[1]_S_11182012_02d0819.txt Link to post Share on other sites More sharing options...
caewe12 Posted November 18, 2012 Author ID:614396 Share Posted November 18, 2012 Hi,Right after posting Webroot SecureAnywhere found this file: wgsdgsdgdsgsd.exeNot taking action...let me know. CAE Link to post Share on other sites More sharing options...
MrCharlie Posted November 18, 2012 ID:614397 Share Posted November 18, 2012 Please create a new system restore point before running Malwarebytes Anti-Rootkit.MBAR tutorialDownload Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.When done......Please run the fixdamage tool in the Malwarebytes Anti-Rootkit folder and reboot.MrC Link to post Share on other sites More sharing options...
MrCharlie Posted November 18, 2012 ID:614401 Share Posted November 18, 2012 Hi,Right after posting Webroot SecureAnywhere found this file: wgsdgsdgdsgsd.exeNot taking action...let me know. CAEDelete it, it's malware.....MrC (be back later) Link to post Share on other sites More sharing options...
caewe12 Posted November 18, 2012 Author ID:614444 Share Posted November 18, 2012 Can you clarify if I should stay in safe mode? Thanks. CAE Link to post Share on other sites More sharing options...
MrCharlie Posted November 18, 2012 ID:614505 Share Posted November 18, 2012 You can run it in regular mode or safe if needed. MrC Link to post Share on other sites More sharing options...
caewe12 Posted November 18, 2012 Author ID:614576 Share Posted November 18, 2012 Hi,I downloaded the Malwarebytes Anti-Rootkit but ran into a problem. I was not in safe mode. I got as far as beginning the scan and the the screen flicked, then an all too familiar blue screen appeared. It said Windows had shut down..........dumping physical memory etc. I rebooted in safe mode and tried to run it again but rec'd an error message that said could not load protection driver. It's just sitting there now. Help. Cheryl Link to post Share on other sites More sharing options...
MrCharlie Posted November 19, 2012 ID:614585 Share Posted November 19, 2012 Do this instead:Download and unzip the attached TDSSKiller to your desktop.When you run it...Please don't Update it when asked!!!Here's how:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Put a checkmark beside loaded modules.A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.Click the Start Scan button.The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue.Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.~~~~~~~~~~~~~~~~~~~~You can attach the logs if they're too long:Bottom right corner of this page.New window that comes up.MrC Link to post Share on other sites More sharing options...
caewe12 Posted November 19, 2012 Author ID:614677 Share Posted November 19, 2012 Hi,Ran TDSSKiller. Logs too long to post. See attached. Thanks. CAETDSSKiller.2.8.7.0_18.11.2012_21.01.44_log.txtTDSSKiller.2.8.7.0_18.11.2012_21.05.56_log.txtTDSSKiller.2.8.7.0_18.11.2012_21.14.25_log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted November 19, 2012 ID:614681 Share Posted November 19, 2012 Run TDSSKiller again and choose Delete for this one only: (no need to check the Loaded Modules" box or post the log)21:10:24.0828 2236 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user21:10:24.0828 2236 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip~~~~~~~~~~~~~~~~~~~~~~~~~~Lets run ComboFix to clean up any leftovers.....Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC (be back in the AM) Link to post Share on other sites More sharing options...
caewe12 Posted November 20, 2012 Author ID:615004 Share Posted November 20, 2012 Hi,TDSSKiller didn't find anything. I ran Combofix. Here is the log. Thanks. CherylComboFix 12-11-19.02 - Ekenbarger's 11/19/2012 18:42:53.4.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2034 [GMT -5:00]Running from: c:\documents and settings\Ekenbarger's\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTabc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\addon.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\amazon_ie.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfgc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dllc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exec:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dllc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DT.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DTUpdate.exec:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\ebay_ie.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\facebook_ie.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\imdb_ie.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\search_here_ie.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\searchhere.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\twitter_ie.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exec:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\wikipedia_ie.icoc:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\youtube_ie.icoc:\windows\system32\URTTempc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\regtlib.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_DEFAULTTABSEARCH-------\Service_DefaultTabSearch-------\Legacy_DefaultTabUpdate-------\Legacy_DefaultTabUpdate-------\Service_DefaultTabUpdate-------\Service_DefaultTabUpdate..((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))..2012-11-19 02:10 . 2012-11-19 02:10 -------- d-----w- C:\TDSSKiller_Quarantine2012-11-17 21:17 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys2012-11-17 16:41 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys2012-11-17 13:23 . 2012-11-17 13:23 150712 ----a-w- c:\windows\system32\WRusr.dll2012-11-17 13:23 . 2012-11-17 13:23 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys2012-11-17 13:23 . 2012-11-17 13:23 -------- d-----w- c:\program files\Webroot2012-11-17 13:21 . 2012-11-19 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData2012-11-17 12:58 . 2012-11-17 12:59 -------- d-----w- C:\CCE_Quarantine2012-11-17 09:33 . 2012-11-17 13:31 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Utduu2012-11-17 09:33 . 2012-11-17 13:06 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Bykegy2012-11-11 12:08 . 2012-11-17 13:24 -------- d-----w- c:\program files\DefaultTab2012-11-11 12:08 . 2012-11-19 23:50 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\DefaultTab2012-11-06 22:50 . 2012-11-12 00:28 -------- d-----w- c:\program files\Spybot - Search & Destroy2012-11-06 00:54 . 2012-11-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro2012-10-30 22:48 . 2012-10-30 22:48 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-30 22:48 . 2011-08-22 17:27 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-09-24 22:56 . 2012-09-24 22:55 417792 ------w- c:\windows\Setup1.exe2012-09-24 22:56 . 2012-09-24 22:55 73216 ----a-w- c:\windows\ST6UNST.EXE2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:14 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-08-28 15:14 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec2012-08-24 13:53 . 2004-08-10 17:51 177664 ---ha-w- c:\windows\system32\wintrust.dll2012-03-12 01:37 . 2012-03-12 01:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-17 729544].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"DisableLocalMachineRun"= 0 (0x0)"DisableLocalMachineRunOnce"= 0 (0x0)"DisableCurrentUserRun"= 0 (0x0)"DisableCurrentUserRunOnce"= 0 (0x0)"NoFile"= 0 (0x0)"HideClock"= 0 (0x0)"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/17/2012 8:23 AM 112656]R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/17/2012 8:23 AM 729544]R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper.Contents of the 'Scheduled Tasks' folder.2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 22:48].2012-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2012-11-19 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:26].2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17].2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17].2012-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47].2012-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47].2012-11-19 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.cox.net/uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sTrusted Zone: microsoft.com\www.updateTCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpiFF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension..------- File Associations -------.JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*.- - - - ORPHANS REMOVED - - - -.BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dllSafeBoot-35727893.sysSafeBoot-90234348.sysAddRemove-DefaultTab - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-11-19 18:52Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.scanning hidden files ... ..c:\docume~1\EKENBA~1\LOCALS~1\Temp\ArmUI.ini 170356 bytes.scan completed successfullyhidden files: 1.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\RDPCDD]"ImagePath"="System32\DRIVERS\RDPCDD.sy@".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]"datasecu"=hex:b8,87,05,22,55,50,53,a9,ec,08,ab,ed,c9,96,3f,46,66,fb,36,1a,02, 51,fe,f6,ea,e2,e1,69,b8,f4,0e,d2,dc,90,61,e7,71,97,13,16,55,fa,93,dd,2e,43,\"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(1252)c:\windows\system32\WRusr.dllc:\windows\system32\WININET.dllc:\program files\Common Files\AOL\ACS\WLHook.dllc:\program files\Google\Drive\googledrivesync32.dllc:\windows\system32\ieframe.dllc:\windows\system32\msi.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\CTsvcCDA.EXEc:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exec:\program files\Norton Ghost\Agent\VProSvc.exec:\windows\wanmpsvc.exec:\windows\system32\MsPMSPSv.exec:\windows\system32\wscntfy.exec:\windows\system32\msdtc.exec:\windows\stsystra.exec:\program files\iPod\bin\iPodService.exec:\program files\Common Files\Java\Java Update\jucheck.exe.**************************************************************************.Completion time: 2012-11-19 18:59:38 - machine was rebootedComboFix-quarantined-files.txt 2012-11-19 23:59ComboFix2.txt 2012-03-03 23:09ComboFix3.txt 2012-02-21 20:37ComboFix4.txt 2012-02-16 02:12.Pre-Run: 91,982,397,440 bytes freePost-Run: 92,117,921,792 bytes free.- - End Of File - - BABBD38B7E78B2D02FE4EAE844CAF779 Link to post Share on other sites More sharing options...
MrCharlie Posted November 20, 2012 ID:615180 Share Posted November 20, 2012 Using ComboFix......1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the quotebox below into it:4. If ComboFix wants to update.....please allow it to.File::c:\windows\system32\drivers\cIdshrGq.sysc:\windows\system32\drivers\tYMsoVkA.sysDriver::cIdshrGqtYMsoVkAClearJavaCache::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeCAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.After reboot, (in case it asks to reboot)......Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.MrC Link to post Share on other sites More sharing options...
caewe12 Posted November 23, 2012 Author ID:616373 Share Posted November 23, 2012 Hi, Ran ComboFix. Here is log. ComboFix 12-11-22.03 - Ekenbarger's 11/23/2012 8:27.5.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1867 [GMT -5:00]Running from: c:\documents and settings\Ekenbarger's\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Ekenbarger's\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}.FILE ::"c:\windows\system32\drivers\cIdshrGq.sys""c:\windows\system32\drivers\tYMsoVkA.sys"..((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))..2012-11-19 02:10 . 2012-11-19 02:10 -------- d-----w- C:\TDSSKiller_Quarantine2012-11-17 21:17 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys2012-11-17 16:41 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys2012-11-17 13:23 . 2012-11-17 13:23 150712 ----a-w- c:\windows\system32\WRusr.dll2012-11-17 13:23 . 2012-11-17 13:23 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys2012-11-17 13:23 . 2012-11-17 13:23 -------- d-----w- c:\program files\Webroot2012-11-17 13:21 . 2012-11-21 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData2012-11-17 12:58 . 2012-11-17 12:59 -------- d-----w- C:\CCE_Quarantine2012-11-17 09:33 . 2012-11-17 13:31 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Utduu2012-11-17 09:33 . 2012-11-17 13:06 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Bykegy2012-11-11 12:08 . 2012-11-17 13:24 -------- d-----w- c:\program files\DefaultTab2012-11-11 12:08 . 2012-11-19 23:50 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\DefaultTab2012-11-06 22:50 . 2012-11-12 00:28 -------- d-----w- c:\program files\Spybot - Search & Destroy2012-11-06 00:54 . 2012-11-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro2012-10-30 22:48 . 2012-10-30 22:48 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-30 22:48 . 2011-08-22 17:27 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-09-24 22:56 . 2012-09-24 22:55 417792 ------w- c:\windows\Setup1.exe2012-09-24 22:56 . 2012-09-24 22:55 73216 ----a-w- c:\windows\ST6UNST.EXE2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:14 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-08-28 15:14 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec2012-03-12 01:37 . 2012-03-12 01:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-17 729544].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"DisableLocalMachineRun"= 0 (0x0)"DisableLocalMachineRunOnce"= 0 (0x0)"DisableCurrentUserRun"= 0 (0x0)"DisableCurrentUserRunOnce"= 0 (0x0)"NoFile"= 0 (0x0)"HideClock"= 0 (0x0)"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/17/2012 8:23 AM 112656]R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/17/2012 8:23 AM 729544]R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper.Contents of the 'Scheduled Tasks' folder.2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 22:48].2012-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2012-11-22 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:26].2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17].2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17].2012-11-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47].2012-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47].2012-11-23 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.cox.net/uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sTrusted Zone: microsoft.com\www.updateTCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpiFF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-11-23 08:34Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\RDPCDD]"ImagePath"="System32\DRIVERS\RDPCDD.sy@".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]"datasecu"=hex:b8,87,05,22,55,50,53,a9,ec,08,ab,ed,c9,96,3f,46,66,fb,36,1a,02, 51,fe,f6,ea,e2,e1,69,b8,f4,0e,d2,dc,90,61,e7,71,97,13,16,55,fa,93,dd,2e,43,\"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(3712)c:\windows\system32\WRusr.dllc:\windows\system32\WININET.dllc:\program files\Google\Drive\googledrivesync32.dllc:\windows\system32\ieframe.dllc:\windows\system32\msi.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2012-11-23 08:37:46ComboFix-quarantined-files.txt 2012-11-23 13:37ComboFix2.txt 2012-11-19 23:59ComboFix3.txt 2012-03-03 23:09ComboFix4.txt 2012-02-21 20:37ComboFix5.txt 2012-11-23 13:22.Pre-Run: 92,060,700,672 bytes freePost-Run: 92,097,626,112 bytes free.- - End Of File - - 678281CC67CBEB968CF48460B21881BA Link to post Share on other sites More sharing options...
MrCharlie Posted November 23, 2012 ID:616379 Share Posted November 23, 2012 See if you can manually delete these two files:c:\windows\system32\drivers\cIdshrGq.sysc:\windows\system32\drivers\tYMsoVkA.sysLet me know.....MrC Link to post Share on other sites More sharing options...
caewe12 Posted November 26, 2012 Author ID:617473 Share Posted November 26, 2012 I deleted them and now have the dreaded blue screen. I can't even use safe mode. HELP! Link to post Share on other sites More sharing options...
MrCharlie Posted November 27, 2012 ID:617521 Share Posted November 27, 2012 It can't be because you deleted these two files, it has to be something else:c:\windows\system32\drivers\cIdshrGq.sysc:\windows\system32\drivers\tYMsoVkA.sysAre you absolutely sure you didn't delete anything else by mistake??Can you try Last Know Good Configuration?MrC Link to post Share on other sites More sharing options...
caewe12 Posted November 27, 2012 Author ID:617531 Share Posted November 27, 2012 Absolutely sure......no, but fairly certain I didn't delete anything else. I trie Last known conf....no go, just back to blue screen. Link to post Share on other sites More sharing options...
MrCharlie Posted November 27, 2012 ID:617533 Share Posted November 27, 2012 Any error message?? MrC Link to post Share on other sites More sharing options...
caewe12 Posted November 27, 2012 Author ID:617539 Share Posted November 27, 2012 Yes. A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. if the screen appears again follow these steps: check for viruses on your computer remove any newly installed hard drives for hard drive controllers check your hard drive to make sure it's properly configured and terminated. Run CHKDSK /F to check for hard drive corruption and then restart your computer. Technical information: stop: 0x0000007B y(0xF789E524, 0xC0000034, 0x00000000,0x00000000) Link to post Share on other sites More sharing options...
MrCharlie Posted November 27, 2012 ID:617541 Share Posted November 27, 2012 Can you get to the Windows Advanced Options Menu as shown here:http://www.oucs.ox.ac.uk/helpcentre/troubleshooting/winxp/index.xml?ID=body.1_div.3MrC Link to post Share on other sites More sharing options...
caewe12 Posted November 27, 2012 Author ID:617542 Share Posted November 27, 2012 Yes Link to post Share on other sites More sharing options...
MrCharlie Posted November 27, 2012 ID:617544 Share Posted November 27, 2012 Can you try to get to.............Safe Mode with Command PromptMrC Link to post Share on other sites More sharing options...
caewe12 Posted November 27, 2012 Author ID:617547 Share Posted November 27, 2012 Sure. Which operating system Windows Recovery Console or XP? Link to post Share on other sites More sharing options...
Recommended Posts