Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Live Anti-Virus

Started by trekkwalls , Dec 28 2009 10:56 PM

  • Please log in to reply

#1
trekkwalls
Posted 28 December 2009 - 10:56 PM

trekkwalls

    Member

  • Member
  • PipPip
  • 60 posts
This windows live anti-virus screen popped up. Whenever I tried to run a .exe (i was going to run mbam) it captured it and said it was infected. I ran Super Anti-Spyware and it deleted and removed it (I think) enough that my PC could run an executable agin. Whenever I ran mbam again it found several more pieces and deleted them. Also, the spyware changed my internet settings to use a proxy and redirect any activity back to 127.0.0.1. It seems to be running okay, but I would like someone with more experience than me to make sure. I followed all the steps in the troubleshooting removal thread.

- Ran TFC.
- Ran system restore
- Ran ERUNT
- Ran MBAM and posted Log
- Tried to run GMER, but it had an error and wouldn't run.
- Ran OTL and posted logs (there was no extras log).
  • 0

Advertisements

#2
trekkwalls
Posted 28 December 2009 - 10:58 PM

trekkwalls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Malwarebytes' Anti-Malware 1.42
Database version: 3447
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 8:47:06 PM
mbam-log-2009-12-28 (20-47-06).txt

Scan type: Quick Scan
Objects scanned: 108665
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#3
trekkwalls
Posted 28 December 2009 - 11:00 PM

trekkwalls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
OTL logfile created on: 12/28/2009 9:27:59 PM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Walls\Desktop\Spyware Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 78.16 Gb Free Space | 52.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 279.47 Gb Total Space | 119.17 Gb Free Space | 42.64% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 470.00 Gb Free Space | 67.27% Space Free | Partition Type: NTFS

Computer Name: WALLS-DESKTOP
Current User Name: Walls
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/28 20:21:09 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Walls\Desktop\Spyware Tools\OTL.exe
PRC - [2009/12/19 10:57:43 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/12/13 09:41:23 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/13 09:41:21 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/13 09:41:20 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/24 17:36:23 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/24 17:22:46 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/24 17:22:46 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/17 11:21:20 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/06/10 03:02:50 | 00,904,840 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/10 02:57:40 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/10 02:57:36 | 00,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/01 12:51:52 | 01,468,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/06/01 12:43:46 | 01,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/03/27 23:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/20 15:19:06 | 00,131,072 | ---- | M] () -- C:\Program Files\Multimedia Card Reader\readericon10.exe
PRC - [2008/08/20 09:54:08 | 00,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/07/21 15:54:34 | 00,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 15:53:04 | 00,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/06/24 18:56:52 | 00,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 18:56:38 | 00,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 18:52:18 | 01,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2005/04/29 17:22:26 | 00,266,240 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2005/04/29 17:21:06 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/04/29 17:18:24 | 00,131,136 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/04/29 17:18:08 | 00,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2005/04/14 21:01:46 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/04/05 17:01:36 | 00,282,624 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\FinePixViewer\QuickDCF.exe
PRC - [2005/01/17 00:43:46 | 00,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/11/30 10:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2009/12/28 20:21:09 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Walls\Desktop\Spyware Tools\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 17:22:46 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/23 15:37:30 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/17 11:21:20 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/06/10 02:57:36 | 00,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/03/27 23:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/21 15:53:04 | 00,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/06/24 18:56:38 | 00,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/04/08 08:56:30 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2008/01/22 10:13:26 | 00,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/29 17:21:06 | 00,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005/04/29 17:18:24 | 00,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/04/29 17:18:08 | 00,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 10:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/13 09:41:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 20:40:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 20:40:12 | 00,000,000 | ---D | M]

[2009/08/24 20:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\Mozilla\Extensions
[2009/12/27 13:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\Mozilla\Firefox\Profiles\ka4a62l5.default\extensions
[2009/12/14 18:33:15 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Walls\Application Data\Mozilla\Firefox\Profiles\ka4a62l5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/11/10 21:22:49 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walls\Application Data\Mozilla\Firefox\Profiles\ka4a62l5.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/24 20:59:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\Mozilla\Firefox\Profiles\ka4a62l5.default\extensions\[email protected]
[2009/11/30 22:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\Mozilla\Firefox\Profiles\ka4a62l5.default\extensions\[email protected]
[2009/12/27 13:15:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (25 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowswupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://fpe.acxiom.c...0,2009,327,1607 (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://fpe.acxiom.c...0,2009,327,1558 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://fpe.acxiom.c...llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://fpe.acxiom.c...,2009,0327,1547 (F5 Networks Policy Agent Host Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1251067026921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1251067186343 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://fpe.acxiom.c...0,2009,327,1553 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://fpe.acxiom.c...0,2009,327,1548 (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://fpe.acxiom.c...,2009,0327,1557 (F5 Networks OS Policy Agent)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/23 13:55:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/26 08:23:30 | 00,000,055 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/09/24 16:50:30 | 00,000,055 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/23 08:37:29 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 20:31:58 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/28 19:05:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walls\Desktop\Spyware Tools
[2009/12/28 16:19:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walls\Local Settings\Application Data\fdeqfj
[2009/12/22 21:14:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walls\Desktop\Tabbie Pro 2
[2009/12/22 20:42:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walls\My Documents\HP Photosmart Projects
[2009/12/14 22:10:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walls\Desktop\Sort this stuff
[2009/11/24 17:07:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/24 17:07:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/24 17:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/24 17:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/05/11 22:36:48 | 00,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 14 Days ==========

[2009/12/28 20:26:08 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/28 20:26:07 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/28 20:25:37 | 00,215,715 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/28 20:25:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 20:24:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 20:23:55 | 05,505,024 | ---- | M] () -- C:\Documents and Settings\Walls\NTUSER.DAT
[2009/12/28 17:15:12 | 47,177,190 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/28 09:42:29 | 00,128,154 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/26 21:37:44 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/23 21:54:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2009/12/06 18:06:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/12/06 17:52:24 | 00,000,066 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/12/01 18:05:41 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/12/01 18:05:38 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/11/11 16:41:44 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2009/11/11 16:41:37 | 00,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/11 16:41:37 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/10 18:15:28 | 00,166,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/10 18:15:05 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/05 02:03:24 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Walls\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 17:14:25 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\SoundOut_H264.dll
[2009/08/30 17:14:25 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 21:58:02 | 00,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2009/08/28 21:57:42 | 00,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/08/26 19:43:59 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/25 20:49:58 | 00,038,464 | ---- | C] () -- C:\Documents and Settings\Walls\Application Data\Comma Separated Values (Windows).ADR
[2009/08/25 15:20:57 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Walls\Local Settings\Application Data\fusioncache.dat
[2009/08/25 15:08:56 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/08/25 15:08:27 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/08/25 15:08:11 | 00,000,684 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/08/25 15:00:13 | 00,001,425 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/24 21:34:46 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/08/24 21:34:15 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2009/08/23 22:29:05 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/08/23 21:58:52 | 00,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/08/23 16:36:37 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/08/23 14:20:40 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/08/23 14:20:40 | 00,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/08/23 14:20:38 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/08/23 14:20:38 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/08/23 14:06:06 | 00,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2009/08/23 14:04:51 | 00,005,733 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/23 14:04:50 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/23 14:04:47 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/27 23:03:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/27 23:03:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/03/27 23:03:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/03/27 23:03:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/05 14:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2001/07/06 14:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/09/27 20:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/11/24 17:22:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/08/23 22:02:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/08/23 22:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/08/25 22:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/08/26 16:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/08/23 22:02:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/08/23 21:33:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/23 21:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2009/09/22 19:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/26 18:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/27 21:31:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2009/10/13 21:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\Amazon
[2009/12/01 19:11:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\ElevatedDiagnostics
[2009/09/28 20:12:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\FUJIFILM
[2009/11/10 20:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\iTunes Agent
[2009/11/27 21:31:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\Stardock
[2009/10/21 20:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walls\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/06 13:20:18 | 00,005,467 | ---- | M] () -- C:\latitude.exe


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 06:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/05/17 03:45:08 | 00,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2005/05/17 11:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\OemDir\nvatabus.sys
[2005/05/17 03:45:08 | 00,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2005/05/17 11:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< End of report >
  • 0

#4
trekkwalls
Posted 28 December 2009 - 11:03 PM

trekkwalls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
I don't know if this will be useful, but here is the original Super Anti-Spyware log. After I ran this I was able to run executables again.

***********************
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/28/2009 at 05:23 PM

Application Version : 4.32.1000

Core Rules Database Version : 4417
Trace Rules Database Version: 2244

Scan type : Complete Scan
Total Scan Time : 00:36:37

Memory items scanned : 504
Memory threats detected : 1
Registry items scanned : 6936
Registry threats detected : 39
File items scanned : 24141
File threats detected : 33

Trojan.Agent/Gen-FakeSpy[Broad]
C:\DOCUMENTS AND SETTINGS\WALLS\LOCAL SETTINGS\APPLICATION DATA\FDEQFJ\REBMSYSGUARD.EXE
C:\DOCUMENTS AND SETTINGS\WALLS\LOCAL SETTINGS\APPLICATION DATA\FDEQFJ\REBMSYSGUARD.EXE
C:\WINDOWS\Prefetch\REBMSYSGUARD.EXE-1A4207AE.pf

Trojan.Agent/Gen-FakeSpy[Broad-1]
[tlljdlss] C:\DOCUMENTS AND SETTINGS\WALLS\LOCAL SETTINGS\APPLICATION DATA\FDEQFJ\REBMSYSGUARD.EXE
[tlljdlss] C:\DOCUMENTS AND SETTINGS\WALLS\LOCAL SETTINGS\APPLICATION DATA\FDEQFJ\REBMSYSGUARD.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][1].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt
C:\Documents and Settings\Walls\Cookies\[email protected][2].txt

Rogue.Agent/Gen
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#aazalirt
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#skaaanret
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#jungertab
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#zibaglertz
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#iddqdops
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#ronitfst
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#tobmygers
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#jikglond
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#tobykke
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#klopnidret
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#jiklagka
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#salrtybek
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#seeukluba
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#jrjakdsd
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#krkdkdkee
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#dkewiizkjdks
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#dkekkrkska
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#rkaskssd
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#kuruhccdsdd
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#krujmmwlrra
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#kkwknrbsggeg
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#ktknamwerr
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#iqmcnoeqz
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#ienotas
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#krkmahejdk
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#otpeppggq
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#krtawefg
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#oranerkka
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#kitiiwhaas
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#otowjdseww
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#otnnbektre
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#oropbbsee
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#irprokwks
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#ooorjaas
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#id
HKU\S-1-5-21-57989841-1979792683-1801674531-1003\SOFTWARE\AVSCAN#ready
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP