Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus/trojan - don't know which - 6 months old [Closed] [Solved]


  • This topic is locked This topic is locked

#16
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
ComboFix 10-04-21.01 - user1 04/24/2010 14:14:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.110 [GMT -4:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\user1\System
c:\documents and settings\user1\System\win_qs7.jqx
c:\program files\Common

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-24 21:29 . 2010-04-24 21:29 439816 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup3.10\setup.exe
2010-04-24 20:58 . 2010-04-24 20:58 -------- d-----w- C:\_OTL
2010-04-14 17:17 . 2010-04-14 17:17 -------- d-sh--w- c:\documents and settings\user1\PrivacIE
2010-04-14 17:12 . 2010-04-14 17:12 -------- d-sh--w- c:\documents and settings\user1\IETldCache
2010-04-14 16:59 . 2010-04-14 17:06 -------- dc-h--w- c:\windows\ie8
2010-04-14 16:58 . 2010-04-14 17:08 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-07 15:51 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-07 15:51 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-07 15:51 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-07 15:51 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-07 15:51 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-07 15:51 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-07 15:51 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-07 15:49 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-07 15:49 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-07 15:49 . 2010-04-07 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-07 15:49 . 2010-04-07 15:49 -------- d-----w- c:\program files\Alwil Software
2010-04-07 15:16 . 2010-04-07 15:16 -------- d-----w- c:\program files\ERUNT
2010-03-30 12:13 . 2010-03-30 12:13 52224 ----a-w- c:\documents and settings\user1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-30 12:12 . 2010-03-30 12:12 117760 ----a-w- c:\documents and settings\user1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-30 12:11 . 2010-03-30 12:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-30 12:11 . 2010-03-30 12:11 -------- d-----w- c:\documents and settings\user1\Application Data\SUPERAntiSpyware.com
2010-03-30 12:10 . 2010-03-30 12:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 16:47 . 2007-02-02 18:10 -------- d-----w- c:\documents and settings\user1\Application Data\Skype
2010-04-19 14:46 . 2008-11-06 14:35 -------- d-----w- c:\documents and settings\user1\Application Data\skypePM
2010-04-14 17:57 . 2007-06-19 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-14 17:07 . 2006-01-25 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-04-14 17:07 . 2005-12-07 01:00 -------- d-----w- c:\program files\Yahoo!
2010-03-24 21:05 . 2008-12-26 22:10 2387420 ----a-w- C:\MGtools.exe
2010-03-23 12:16 . 2005-12-29 23:56 -------- d-----w- c:\program files\Google
2010-03-20 23:29 . 2010-03-20 23:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-11 16:57 . 2009-12-31 20:00 1 ----a-w- c:\documents and settings\user1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-24 00:25 . 2004-08-04 04:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-23 23:39 . 2008-12-07 20:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2006-01-16 22:17 . 2006-01-16 22:19 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-11-06 00:06 . 2006-01-02 01:47 104 --sh--r- c:\windows\system32\3DB7F92009.sys
2008-11-06 00:06 . 2006-01-02 01:47 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user1^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\user1\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2004-11-18 02:50 258048 ------w- c:\program files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 07:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 18:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 18:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 18:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
2001-01-23 19:00 794112 ----a-w- c:\windows\system32\LXSUPMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2001-01-23 18:29 36864 ----a-w- c:\windows\system32\spool\drivers\w32x86\2\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
2004-12-09 19:58 86016 ----a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-05-25 19:55 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VF0060 STISvc]
2004-11-01 01:00 36864 ----a-r- c:\windows\system32\V0060Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"MpfService"=3 (0x3)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=3 (0x3)
"McODS"=3 (0x3)
"McNASvc"=3 (0x3)
"mcmscsvc"=3 (0x3)
"McAfee SiteAdvisor Service"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/7/2010 11:51 AM 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/7/2010 11:51 AM 19024]
S1 spusbaudio;USB Microphone;c:\windows\system32\drivers\CA506AA.sys [2/10/2007 7:09 PM 39824]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 SPCA506AV;X10 VA11A Video Capture;c:\windows\system32\drivers\CA506AV.SYS [2/10/2007 7:09 PM 162096]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2/5/2007 6:54 PM 196409]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2010-01-14 c:\windows\Tasks\RegCure.job
  • 0

Advertisements


#17
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
sorry posted log a few times - as system did not show the log posted - so had to edit this post and remove the log.

Edited by mpurchases, 25 April 2010 - 06:47 AM.

  • 0

#18
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
sorry posted log a few times - as system did not show the log posted - so had to edit this post and remove the log.

Edited by mpurchases, 25 April 2010 - 06:49 AM.

  • 0

#19
inzanity

inzanity

    Member

  • Member
  • PipPip
  • 37 posts
Hi,

Please go to VirSCAN
  • Click on Browse.
  • On the File Upload window, copy/paste the text below into the File name box:
    c:\program files\RngInterstitial.dll
  • Click Submit. Allow the file to be scanned. If it says already scanned -- click Reanalyze Now
Please post the results in your next reply.

--Next--

Let's try downloading malwarebytes now.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

To post in your next reply:
1. VirSCAN log.
2. Malwarebytes' log.
3. How is your computer?
  • 0

#20
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Please note - the date on the computer was again incorrect - but I fixed it.

I did not know how to copy the "report" of the virscan program. SO I am uploading it to you as a pdf.


here is the malware log.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4040

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/12/2010 3:10:26 PM
mbam-log-2010-04-12 (15-10-26).txt

Scan type: Quick scan
Objects scanned: 104522
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Attached Files


  • 0

#21
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
the computer is still as slow as ever. IT took 30 minutes to get on internet and open logs on computer. It takes forever to open more than one page, etc.

I truley believe the computer is still severely infected.
  • 0

#22
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I am confused.. I cannot find a place to copy the virscan report. the one I attached as a pdf above came up when I clicked on report. I decided to scanagain, and now I have the following result. I am real confused. Also there is no "submit" button as you indicated in your instructions. Once you browse and enter the file the option is "ok" and then "upload."

VirSCAN.org Scanned Report :
Scanned time : 2010/04/26 15:33:58 (EDT)
Scanner results: Scanners did not find malware!
File Name : RngInterstitial.dll
File Size : 774144 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 77d3a60b2e838e1cc6a682bd9761da63
SHA1 : 57fd5a21e7ef01bf29c96660d9389809227e6f7f
Online report : http://virscan.org/r...59ea0f1c9e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100427030202 2010-04-27 4.98 -
AhnLab V3 2010.04.27.00 2010.04.27 2010-04-27 1.32 -
AntiVir 8.2.1.224 7.10.6.220 2010-04-26 0.26 -
Antiy 2.0.18 20100426.4277466 2010-04-26 0.12 -
Arcavir 2009 201004261538 2010-04-26 0.04 -
Authentium 5.1.1 201004251709 2010-04-25 1.28 -
AVAST! 4.7.4 100426-0 2010-04-26 0.02 -
AVG 8.5.720 271.1.1/2836 2010-04-26 0.24 -
BitDefender 7.81008.5690959 7.31394 2010-04-26 3.59 -
ClamAV 0.95.3 10826 2010-04-26 0.06 -
Comodo 3.13.579 4684 2010-04-26 0.95 -
CP Secure 1.3.0.5 2010.04.26 2010-04-26 0.09 -
Dr.Web 5.0.2.3300 2010.04.26 2010-04-26 6.75 -
F-Prot 4.4.4.56 20100425 2010-04-25 1.30 -
F-Secure 7.02.73807 2010.04.26.14 2010-04-26 10.91 -
Fortinet 4.0.14 11.745 2010-04-25 0.23 -
GData 21.36/21.13 20100426 2010-04-26 6.83 -
ViRobot 20100426 2010.04.26 2010-04-26 0.41 -
Ikarus T3.1.01.80 2010.04.26.75718 2010-04-26 5.85 -
JiangMin 13.0.900 2010.04.26 2010-04-26 1.21 -
Kaspersky 5.5.10 2010.04.26 2010-04-26 0.12 -
KingSoft 2009.2.5.15 2010.4.26.23 2010-04-26 0.68 -
McAfee 5400.1158 5964 2010-04-26 0.02 -
Microsoft 1.5703 2010.04.26 2010-04-26 6.32 -
Norman 6.04.11 6.04.00 2010-04-25 8.01 -
Panda 9.05.01 2010.04.26 2010-04-26 1.76 -
Trend Micro 9.120-1004 7.128.17 2010-04-26 0.04 -
Quick Heal 10.00 2010.04.26 2010-04-26 1.69 -
Rising 20.0 22.45.00.04 2010-04-26 1.14 -
Sophos 3.06.0 4.52 2010-04-27 3.60 -
Sunbelt 3.9.2418.2 6224 2010-04-26 5.40 -
Symantec 1.3.0.24 20100426.003 2010-04-26 0.06 -
nProtect 20100426.01 8045820 2010-04-26 7.49 -
The Hacker 6.5.2.0 v00269 2010-04-26 0.42 -
VBA32 3.12.12.4 20100425.2027 2010-04-25 2.96 -
VirusBuster 4.5.11.10 10.125.5/2034479 2010-04-27 2.45 -
  • 0

#23
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Again, when I click "report" I get a "last scanned file List" in virscan that shows trojans,etc. Just like the pdf I attached to you.
  • 0

#24
inzanity

inzanity

    Member

  • Member
  • PipPip
  • 37 posts
Hi,

Your post #22 is ok.

Let's take a look at your PC again through OTL.

  • Open OTL.exe.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy and paste the following bold text into the box under Custom Scan

    netsvcs
    %SYSTEMDRIVE%\*.exe
    c:\windows\system32\drivers\*.sys /90
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • There will only be a single log produced. OTL.Txt.
    Note:This log can be located in the OTL. folder on you C:\ drive if it fails to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#25
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
OTL logfile created on: 4/28/2010 3:33:15 PM - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 47.00 Mb Available Physical Memory | 19.00% Memory free
604.00 Mb Paging File | 346.00 Mb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.82 Gb Total Space | 0.13 Gb Free Space | 0.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DDVJ1Y81
Current User Name: user1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Documents and Settings\user1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (V0060VID) -- C:\WINDOWS\system32\drivers\V0060Vid.sys (Creative Technology Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (Appdrv) -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys (Dell Inc)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Icam4USB) -- C:\WINDOWS\system32\drivers\Icam4USB.sys (Microsoft Corporation)
DRV - (SPCA506AV) -- C:\WINDOWS\system32\drivers\CA506AV.SYS (X10)
DRV - (spusbaudio) -- C:\WINDOWS\system32\drivers\CA506AA.sys (Windows ® 2000 DDK provider)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb5abe10-1fd6-4eba-996e-238a6f5e01d5}: C:\Program Files\Real\RealTime\Extension\ [2007/05/25 16:19:15 | 000,000,000 | ---D | M]

[2009/09/15 14:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\q7zwk6pb.default\extensions
[2008/10/31 09:53:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\q7zwk6pb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/01/02 13:51:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\q7zwk6pb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/06 11:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/05/25 15:56:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/05 14:06:40 | 000,002,386 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekeen.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Columbus Class) - {E92FA9BB-A1BD-4B56-9C7A-442FF66FA953} - C:\Program Files\Real\RealTime\IEBrowseHlp.dll (RealNetworks, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [VF0060 STISvc] C:\WINDOWS\System32\V0060Pin.dll (Creative Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/01/05 15:38:27 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/01/05 15:38:27 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/01/05 15:38:27 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/01/05 15:38:27 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: Yahoo.com ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...480/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 14:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 15:43:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/24 20:31:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/24 16:58:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/24 15:24:17 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/14 13:17:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\PrivacIE
[2010/04/14 13:12:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IETldCache
[2010/04/14 12:59:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/14 12:58:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/04/12 14:53:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 14:53:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/12 14:51:40 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user1\Desktop\mbam-setup-1.45.exe
[2010/04/07 15:44:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2010/04/07 11:51:13 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/07 11:51:12 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/07 11:51:11 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/07 11:51:09 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/07 11:51:04 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/07 11:51:04 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/07 11:51:04 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/07 11:49:43 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/07 11:49:43 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/07 11:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/07 11:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/07 11:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/07 11:16:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\user1\Desktop\erunt_setup.exe
[2010/04/07 11:06:25 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\TFC.exe
[2010/03/30 08:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/30 08:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\SUPERAntiSpyware.com
[2010/03/30 08:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/01/30 17:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/12/05 14:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/12/05 14:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/11/23 15:12:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/03 11:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/04 09:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2006/01/16 18:19:30 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/12/07 10:50:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/10 15:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/28 15:03:17 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/04/28 15:03:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/28 15:02:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 15:02:36 | 259,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/28 07:41:25 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\user1\NTUSER.DAT
[2010/04/28 07:40:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user1\ntuser.ini
[2010/04/26 15:27:56 | 000,111,866 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\virscan log - april 24, 2010.pdf
[2010/04/24 14:57:43 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/24 14:57:41 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/24 14:57:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/24 14:10:09 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/12 14:53:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 14:52:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/12 14:51:42 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user1\Desktop\mbam-setup-1.45.exe
[2010/04/12 14:44:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/12 09:26:09 | 000,145,401 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\scannerresultsapr2610.mht
[2010/04/12 09:24:22 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 20:58:44 | 000,096,459 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\TaxReturn.pdf
[2010/04/07 15:44:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2010/04/07 14:29:32 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\gmer.zip
[2010/04/07 11:51:16 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/07 11:16:55 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\NTREGOPT.lnk
[2010/04/07 11:16:55 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\ERUNT.lnk
[2010/04/07 11:16:34 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\user1\Desktop\erunt_setup.exe
[2010/04/07 11:06:30 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\TFC.exe
[2010/03/30 10:10:57 | 000,019,456 | ---- | M] () -- C:\March 210seanmccue.doc
[2010/03/30 08:11:44 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 15:27:51 | 000,111,866 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\virscan log - april 24, 2010.pdf
[2010/04/24 14:12:04 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/24 14:12:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/24 14:10:09 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2010/04/12 14:53:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 09:26:08 | 000,145,401 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\scannerresultsapr2610.mht
[2010/04/09 20:58:24 | 000,096,459 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\TaxReturn.pdf
[2010/04/07 14:29:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\gmer.zip
[2010/04/07 11:51:16 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/07 11:16:55 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\NTREGOPT.lnk
[2010/04/07 11:16:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\ERUNT.lnk
[2010/03/30 10:10:57 | 000,019,456 | ---- | C] () -- C:\March 210seanmccue.doc
[2010/03/30 08:11:44 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/27 12:34:27 | 000,002,294 | ---- | C] () -- C:\Documents and Settings\user1\test.prx
[2008/11/30 18:39:02 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/08/02 09:58:06 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2008/08/02 09:47:03 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/02 09:47:03 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/05 12:15:32 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\PFP120JPR.{PB
[2008/01/05 12:15:32 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\PFP120JCM.{PB
[2007/05/31 13:02:47 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/05/31 13:01:56 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/10 19:13:34 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/12/25 16:13:54 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/29 21:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/26 13:14:14 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/25 18:08:46 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/04 18:07:58 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/01/04 18:07:52 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2006/01/01 21:47:59 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/01 21:47:59 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\3DB7F92009.sys
[2005/12/31 21:56:52 | 000,000,276 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2005/12/31 21:54:18 | 000,000,463 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2005/12/07 10:04:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/07 09:56:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/06 21:33:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\fusioncache.dat
[2005/12/06 20:45:47 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\user1\NTUSER.DAT
[2005/12/06 20:45:47 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\user1\ntuser.dat.LOG
[2005/12/06 20:45:47 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\user1\ntuser.ini
[2005/12/06 20:44:53 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/12/06 20:44:53 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/12/01 21:12:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/01 20:57:26 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/01 20:48:41 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/12/01 20:16:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/12/01 20:16:22 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2005/12/01 20:15:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/01 20:15:08 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/04/07 11:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/12/16 08:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/12/27 12:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/23 19:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/01/27 16:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\acccore
[2007/03/08 10:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ICAClient
[2006/06/30 16:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Jamdat
[2005/12/23 11:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Leadertech
[2008/12/27 12:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\NCH Swift Sound
[2009/12/31 15:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\OpenOffice.org
[2007/02/11 18:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\skySpace
[2008/02/10 12:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SmartDraw
[2008/07/13 09:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Viewpoint
[2008/12/05 14:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\WeatherBug
[2010/04/28 15:03:17 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/01/14 11:14:22 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/03/24 17:05:06 | 002,387,420 | ---- | M] () -- C:\MGtools.exe

< c:\windows\system32\drivers\*.sys /90 >
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/02/23 20:25:28 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys
[2010/02/23 20:25:28 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/02/23 20:25:28 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\scecli.dll
< End of report >
  • 0

Advertisements


#26
inzanity

inzanity

    Member

  • Member
  • PipPip
  • 37 posts
Hi,

Am not seeing any malware. Also, please refrain from using RegCure or any registry cleaner as it may do your computer more harm than good.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

--Next--

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 20 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 20 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
--Next--

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
To post in your next reply:
1. MBAM log.
2. Kaspersky log.
  • 0

#27
inzanity

inzanity

    Member

  • Member
  • PipPip
  • 37 posts
Hi,

It's been several days. Do you still need help on this?

This thread will be closed if you don't respond within 48 hours.
  • 0

#28
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
still need help. mom's computer, and she cannot follow your instructions properly - so i have to do it. will run the programs and post the logs in the morning - sorry, thanks.
  • 0

#29
inzanity

inzanity

    Member

  • Member
  • PipPip
  • 37 posts
:)

Thanks for letting us know.
  • 0

#30
mpurchases

mpurchases

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Here is the MBAM LOG.
We have attempted to run kaspersky about 20 times and fail each time. The computer continues to run very very slow and perhaps this slowness is preventing proper scanning. We are trying again for what we hope is a final time. We have run the scan three times today and each time we were unable to "save as" the report. There always seems to be some technical problem with running kaspersky.

MBAM LOG:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/29/2010 3:47:33 PM
mbam-log-2010-04-29 (15-47-33).txt

Scan type: Quick scan
Objects scanned: 118318
Time elapsed: 12 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP