Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/Spyware/ EVERYTHING Virus.. Scanner doesn't complete the scan... Just disappears


  • This topic is locked This topic is locked
14 replies to this topic

#1 afonte2

afonte2

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 04 October 2009 - 02:58 AM

I have been battling trying to fix my computer for the past four days. It started with my computer just restarting and then a blue screen would come up and it would automatically restart. After I would re boot I started to get these things popping up at the bottom of the screen saying my computer was infected and total security was start running itself. I didn't buy it and quickly began to search the web and see what it actually was. Sure enough it was a virus so I came to this website to see what I needed to do. I downloaded that Malware thing and it would load. I tried to rename it didn't work. oh yeah I also tried to do a system restore and it will not let me it is locked saying call my administrator. When I am regular mode I try to press cont alt del and the task manager doesn't pop up. It only allows the task manager to come up on safe mode under administrator. I have downloaded plenty of antivirus scanners. My mcafee isn't working, tried norton not working, pc tools, spyhunter. Some will actually load and scan and when it is like 75% done scanning it just disappears. I've deleted some of those long numbers like 12141123(stuff like that) under system 32 and now I am not getting total security to pop up but antivirus pro 2010 and microsoft phising... I have tried manually deleting things but that is too confusing and quite frankly I don't want to delete something that doesn't need to be. I hope someone can help me. I tried to avoid doing this, but seems like this is my last resort! I've also tried to d/l that gamer and everything that this site has suggested and none of it has worked!


that is what i posted and garmanma told me to download this Win32kDiag.exe but as I tried to open up I got this
C:\Docume~1\Admini~1\Desktop\WIN32K~1.Exe
The NTVDM CPU has encountered an illegal instruction.
CS:0dd2 IP:0111 OP:63 72 69 70 74 Chose 'CLose' to terminate the application. .

I then downloaded peek.bat and this is what I got

Volume in drive C is SQ004101P01
Volume Serial Number is A0FB-FC01

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 07:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 07:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 07:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 07:11 PM 62,464 eventlog.dll
3 File(s) 650,752 bytes

Total Files Listed:
9 File(s) 1,938,432 bytes
0 Dir(s) 63,390,351,360 bytes free

that is the only log I can get.

I tried to download DDS but this is what pops up

C:\documents and settings\administrator\desktop\dds.scr is not a valid win32 application.


So I was directed here... Please help!! Thanks!!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 22 October 2009 - 04:13 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We need to check for rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
    Direct Download
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • RootRepeal log


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 26 October 2009 - 01:06 PM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 27 October 2009 - 03:17 PM

Reopened as requested.

Please see if you can follow the steps I posted. If not do the following.

Download and run Win32kDiag:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 afonte2

afonte2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 27 October 2009 - 03:38 PM

thanks so much for getting back with me.. I've tried the DDS from both links and it opened but did not open notepad. I disabled all my virus scanners and attempted it a second time still nothing. I d/l and started to run RootRepal and it started to run and then disappeared. This is what happens when I try and run MBAM as well. My McAfee virus scanner will not run either. The win32 thing ran here is what it says:


Running from: C:\Documents and Settings\Angela Boudreaux\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Angela Boudreaux\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1f3207366e96c94d45c070496b08a2d4\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5599132effaee562760dce29f8ca8491\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\95b0eb6de61f9c4758f6dd82521ed694\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\msft\windows\windows

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\policy\msft\windows\windows

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\51\msft\windows\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\51\policy\msft\windows\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\windows\net\net

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\policy\msft\windows\networking\networking

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\windows\common\common

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\policy\60\60

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\msft\windows\windows

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 27 October 2009 - 03:47 PM

Hello afonte2,

No problem :( This infection blocks like all scanners and tools. Please follow the steps below.

COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r


In your next reply, please include the following:
  • Combofix.txt
  • Win32kDiag.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 afonte2

afonte2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 28 October 2009 - 10:15 AM

ComboFix 09-10-27.07 - Angela Boudreaux 10/28/2009 10:04.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.313 [GMT -5:00]
Running from: c:\documents and settings\Angela Boudreaux\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1624380954-1207379783-2283124489-1003

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent(2).dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 14:55 . 2009-10-28 14:55 -------- d-----w- c:\windows\system32\LogFiles
2009-10-27 20:07 . 2009-10-28 14:44 -------- d--h--w- c:\windows\PIF
2009-10-27 19:47 . 2009-10-27 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-27 19:46 . 2009-10-27 19:46 -------- d-----w- c:\documents and settings\Angela Boudreaux\Application Data\SUPERAntiSpyware.com
2009-10-27 19:45 . 2009-10-27 19:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-27 19:32 . 2009-10-27 19:32 -------- d-----w- c:\documents and settings\Angela Boudreaux\Application Data\AdobeUM
2009-10-27 19:28 . 2009-10-27 19:28 -------- d-----w- c:\program files\Enigma Software Group
2009-10-27 19:26 . 2009-10-27 19:26 -------- d-----w- c:\documents and settings\Angela Boudreaux\Application Data\Malwarebytes
2009-10-27 19:24 . 2009-10-28 14:55 0 ----a-r- c:\windows\win32k.sys
2009-10-26 02:05 . 2009-10-26 02:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-25 18:16 . 2009-10-25 18:16 -------- d-sh--w- c:\documents and settings\Blair Boudreaux\IETldCache
2009-10-25 17:09 . 2009-10-25 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-10-25 17:08 . 2009-10-25 17:08 139 ----a-w- c:\documents and settings\Angela Boudreaux\Local Settings\Application Data\fusioncache.dat
2009-10-25 16:48 . 2009-10-28 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-25 16:38 . 2009-10-25 16:38 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-23 18:49 . 2009-10-23 18:49 -------- d-sh--w- c:\documents and settings\Angela Boudreaux\PrivacIE
2009-10-23 18:47 . 2009-10-23 18:47 -------- d-sh--w- c:\documents and settings\Angela Boudreaux\IETldCache
2009-10-23 18:41 . 2009-10-26 02:45 -------- d-----w- c:\windows\ie8updates
2009-10-23 18:38 . 2009-10-23 18:39 -------- dc-h--w- c:\windows\ie8
2009-10-23 18:35 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-23 18:35 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-23 18:35 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-23 18:35 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-23 18:35 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-23 18:35 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-23 18:33 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-22 15:04 . 2009-10-22 15:04 -------- d-----w- c:\documents and settings\Angela Boudreaux\Local Settings\Application Data\Adobe
2009-10-19 23:59 . 2009-10-19 23:59 -------- d-----w- c:\documents and settings\Angela Boudreaux\Local Settings\Application Data\Identities
2009-10-19 00:26 . 2009-10-22 20:09 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-17 22:32 . 2009-10-17 22:32 -------- d-----w- c:\documents and settings\Blair Boudreaux\Application Data\Malwarebytes
2009-10-17 22:31 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 22:31 . 2009-10-17 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-17 22:31 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-16 17:37 . 2009-10-16 17:37 -------- d-----w- c:\windows\ServicePackFiles
2009-10-16 17:33 . 2009-10-16 17:33 -------- d-----w- c:\program files\MSXML 4.0
2009-10-15 22:16 . 2009-08-04 12:49 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-15 22:16 . 2009-08-04 12:51 2185984 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-15 22:16 . 2009-08-04 12:02 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-15 22:16 . 2009-08-04 12:02 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-15 22:15 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-15 22:13 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-15 22:13 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-15 22:09 . 2009-03-06 14:00 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-15 22:09 . 2009-02-09 10:01 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-15 22:09 . 2009-02-06 09:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-15 22:09 . 2005-07-26 04:20 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-10-15 22:09 . 2009-02-09 10:01 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-15 22:09 . 2009-02-06 10:22 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-15 22:09 . 2009-02-06 09:41 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-15 22:09 . 2009-02-09 10:01 617984 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-15 22:09 . 2009-02-09 10:01 715264 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-15 18:17 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-15 18:17 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-15 18:17 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-15 18:17 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-15 18:16 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-15 17:52 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-10-15 17:50 . 2009-10-15 17:50 -------- d-----w- c:\documents and settings\Angela Boudreaux\Local Settings\Application Data\Microsoft Help
2009-10-15 17:50 . 2009-10-26 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 17:36 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-15 17:06 . 2009-10-15 18:19 -------- d-----w- c:\documents and settings\Angela Boudreaux\Application Data\GetRightToGo
2009-10-14 19:27 . 2009-04-15 15:11 584192 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-10-14 19:26 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-14 19:25 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-14 19:25 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-14 16:28 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-14 16:28 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-13 18:54 . 2009-10-25 17:08 70448 ----a-w- c:\documents and settings\Angela Boudreaux\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 18:54 . 2009-10-13 18:55 -------- d-----w- c:\documents and settings\Angela Boudreaux\Application Data\Move Networks
2009-10-13 18:41 . 2009-10-13 18:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-13 18:08 . 2009-10-13 18:08 -------- d-----w- c:\documents and settings\Angela Boudreaux\Local Settings\Application Data\Mozilla
2009-10-13 14:34 . 2009-10-13 14:34 33512 ----a-w- c:\documents and settings\Blair Boudreaux\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 14:34 . 2009-10-13 17:35 -------- d-----w- c:\documents and settings\Blair Boudreaux\Application Data\Move Networks
2009-10-13 08:06 . 2009-10-13 08:06 -------- d-----w- c:\documents and settings\Blair Boudreaux\Local Settings\Application Data\Mozilla
2009-10-13 08:00 . 2005-12-29 21:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AOL
2009-10-13 08:00 . 2005-12-29 20:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2009-10-13 08:00 . 2005-12-29 19:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-10-13 08:00 . 2005-12-29 19:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\toshiba
2009-10-13 08:00 . 2005-12-29 18:54 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-10-13 08:00 . 2005-12-29 18:54 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2009-10-13 07:55 . 2009-10-28 15:10 -------- d-----w- c:\windows\system32\DLA
2009-10-13 07:55 . 2005-10-06 12:20 94263 ----a-w- c:\windows\DLA.EXE
2009-10-13 07:55 . 2005-10-06 12:20 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-10-13 07:55 . 2005-09-12 10:30 89264 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-10-13 07:55 . 2005-08-25 19:16 5628 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-10-13 07:55 . 2005-08-25 19:16 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2009-10-13 07:55 . 2005-08-12 12:20 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-10-13 07:54 . 2004-02-23 01:01 192512 ----a-w- c:\windows\system32\AdavVideoDec.dll
2009-10-13 07:54 . 2003-12-18 16:03 126976 ----a-w- c:\windows\system32\AdavAudioDec.dll
2009-10-13 07:54 . 2003-09-19 22:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-10-13 07:52 . 1995-08-01 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-10-13 07:52 . 2002-09-29 17:56 139264 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr
2009-10-13 07:52 . 2009-10-13 07:52 -------- d-----w- c:\program files\ArcSoft
2009-10-13 07:52 . 2009-10-13 07:52 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-13 07:52 . 2009-10-13 07:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-10-13 07:51 . 2009-10-13 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-10-13 07:51 . 2002-11-21 17:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-10-13 07:51 . 2002-11-21 17:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-10-13 07:51 . 2002-11-21 17:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-10-13 07:51 . 2002-11-21 17:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-10-13 07:51 . 2002-11-21 17:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-10-13 07:51 . 2002-11-21 17:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-10-13 07:51 . 2009-10-13 07:51 -------- d-----w- c:\program files\InterVideo
2009-10-13 07:50 . 2005-11-28 21:51 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-10-13 07:49 . 2009-10-13 07:49 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-13 07:48 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 17:12 . 2005-12-29 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-10-22 15:00 . 2006-01-03 07:11 -------- d-----w- c:\program files\Microsoft Works
2009-10-13 08:06 . 2005-12-29 20:20 -------- d-----w- c:\program files\Google
2009-10-13 07:55 . 2005-12-29 19:48 -------- d-----w- c:\program files\Sonic
2009-10-13 07:52 . 2005-12-29 18:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 07:52 . 2009-10-13 18:07 -------- d-----w- c:\documents and settings\Angela Boudreaux\Application Data\Intel
2009-10-13 07:52 . 2009-10-13 08:01 -------- d-----w- c:\documents and settings\Blair Boudreaux\Application Data\Intel
2009-10-13 07:51 . 2005-12-29 18:00 -------- d-----w- c:\program files\Intel
2009-09-11 14:03 . 2005-12-29 06:28 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2005-12-29 06:28 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-12-29 06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2005-12-29 06:29 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11 . 2005-12-29 06:28 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:51 . 2005-12-29 06:28 2185984 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02 . 2004-08-03 22:59 2062976 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 68856]
"SUPERAntiSpyware"="e:\superanti\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 671744]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-14 53248]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-09-30 866200]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-12-05 28672]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-12-28 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-29 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\superanti\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- e:\superanti\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135887705\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

R1 SASDIFSV;SASDIFSV;e:\superanti\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;e:\superanti\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R3 SASENUM;SASENUM;e:\superanti\SASENUM.SYS [10/12/2009 9:24 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Angela Boudreaux\Application Data\Mozilla\Firefox\Profiles\qmy074xj.default\
FF - plugin: c:\documents and settings\Blair Boudreaux\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - e:\malwarebytes' anti-malware\mbam.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-HijackThis - e:\hj\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 10:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
e:\superanti\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1340)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\combofix\CF3291.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 10:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 15:13

Pre-Run: 86,138,204,160 bytes free
Post-Run: 86,259,396,608 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B1348C3D14E55EB6135544DD4B1C08B7





Running from: C:\Documents and Settings\Angela Boudreaux\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Angela Boudreaux\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 28 October 2009 - 10:25 AM

Hello afonte2,
We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Note - if you have MBAM already installed, skip the installation steps. Please make sure its updated before running the scan!

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.


In your next reply, please include the following:
  • Junction log
  • MBAM log
  • A DDS log (please include also attach.txt). For instructions on how to post a DDS log, please see my first post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 afonte2

afonte2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 28 October 2009 - 01:54 PM

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

..
Failed to open \\?\c:\\Documents and Settings\Angela Boudreaux\Desktop\RootRepeal.exe: Access is denied.


.

...

...

...

...

...

...
Failed to open \\?\c:\\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.No reparse points found.





Malwarebytes' Anti-Malware 1.41
Database version: 3047
Windows 5.1.2600 Service Pack 2

10/28/2009 1:49:42 PM
mbam-log-2009-10-28 (13-49-42).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 150487
Time elapsed: 19 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51267417-B33C-4783-A2FB-CCFAFA2247D8}\RP18\A0011896.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.





DDS (Ver_09-10-26.01) - NTFSx86
Run by Angela Boudreaux at 13:51:02.64 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.126 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Malwarebytes' Anti-Malware\ba.exe
C:\Documents and Settings\Angela Boudreaux\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] e:\superanti\SUPERAntiSpyware.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Notify: !SASWinLogon - e:\superanti\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\superanti\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\angela~1\applic~1\mozilla\firefox\profiles\qmy074xj.default\
FF - plugin: c:\documents and settings\blair boudreaux\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;e:\superanti\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;e:\superanti\SASKUTIL.SYS [2009-10-12 74480]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-17 38224]
R3 SASENUM;SASENUM;e:\superanti\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-10-28 18:25:51 95616 ----a-w- c:\windows\junction.exe
2009-10-28 18:24:33 3198 ----a-w- c:\windows\Junction.zip
2009-10-28 15:03:01 0 d-sha-r- C:\cmdcons
2009-10-28 15:01:39 98816 ----a-w- c:\windows\sed.exe
2009-10-28 15:01:39 77312 ----a-w- c:\windows\MBR.exe
2009-10-28 15:01:39 236544 ----a-w- c:\windows\PEV.exe
2009-10-28 15:01:39 161792 ----a-w- c:\windows\SWREG.exe
2009-10-28 14:55:03 0 d-----w- c:\windows\system32\LogFiles
2009-10-27 20:07:22 0 d--h--w- c:\windows\PIF
2009-10-27 19:47:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-27 19:46:40 0 d-----w- c:\docume~1\angela~1\applic~1\SUPERAntiSpyware.com
2009-10-27 19:45:59 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-27 19:28:31 0 d-----w- c:\program files\Enigma Software Group
2009-10-27 19:26:44 0 d-----w- c:\docume~1\angela~1\applic~1\Malwarebytes
2009-10-23 18:49:05 0 d-sh--w- c:\documents and settings\angela boudreaux\PrivacIE
2009-10-23 18:47:35 0 d-sh--w- c:\documents and settings\angela boudreaux\IETldCache
2009-10-23 18:41:41 0 d-----w- c:\windows\ie8updates
2009-10-23 18:38:49 0 dc-h--w- c:\windows\ie8
2009-10-23 18:35:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-23 18:35:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-23 18:35:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-23 18:35:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-23 18:35:13 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-23 18:35:10 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-23 18:33:29 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-21 16:10:22 2838 ----a-w- c:\windows\machine.ver
2009-10-19 00:26:45 0 d-----w- c:\windows\system32\CatRoot_bak
2009-10-17 22:31:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 22:31:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-17 22:31:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-16 17:37:19 0 d-----w- c:\windows\ServicePackFiles
2009-10-16 17:33:57 0 d-----w- c:\program files\MSXML 4.0
2009-10-16 02:49:31 54156 ---ha-w- c:\windows\QTFont.qfn
2009-10-16 02:49:31 1409 ----a-w- c:\windows\QTFont.for
2009-10-15 22:16:31 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-15 22:16:30 2185984 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-15 22:16:30 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-15 22:16:29 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-15 22:15:56 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-15 22:15:56 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-10-15 22:13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-15 22:13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-15 22:09:52 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-10-15 22:09:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-15 22:09:52 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-15 22:09:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-15 22:09:51 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-15 22:09:51 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-15 22:09:51 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-15 22:09:50 715264 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-15 22:09:50 617984 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-15 18:18:56 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-15 18:17:42 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-15 18:17:35 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-15 18:17:28 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-15 18:17:21 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-15 18:16:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-15 17:52:59 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-10-15 17:36:27 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-15 17:06:33 0 d-----w- c:\docume~1\angela~1\applic~1\GetRightToGo
2009-10-15 17:06:01 0 d-----w- c:\windows\system32\PreInstall
2009-10-14 19:27:06 584192 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-10-14 19:26:58 546304 -c----w- c:\windows\system32\dllcache\hhctrl.ocx
2009-10-14 19:26:53 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-14 19:25:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-14 19:25:17 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-14 16:28:33 27496 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-14 16:28:33 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-14 16:28:33 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-13 18:07:37 0 d-----w- c:\docume~1\angela~1\applic~1\AOL
2009-10-13 18:07:36 0 d-----w- c:\docume~1\angela~1\applic~1\You've Got Pictures Screensaver
2009-10-13 18:07:36 0 d-----w- c:\docume~1\angela~1\applic~1\Intuit
2009-10-13 18:07:36 0 d-----w- c:\docume~1\angela~1\applic~1\Intel
2009-10-13 17:48:30 12 ----a-w- c:\windows\dirsaver.ini
2009-10-13 17:35:34 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-13 08:00:44 74252288 ----a-w- c:\windows\QosmioPlayer.iso
2009-10-13 07:57:43 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-10-13 07:55:45 61 ----a-w- c:\windows\smscfg.ini
2009-10-13 07:55:18 94263 ----a-w- c:\windows\DLA.EXE
2009-10-13 07:55:18 89264 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-10-13 07:55:18 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-10-13 07:55:18 5628 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-10-13 07:55:18 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-10-13 07:55:18 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2009-10-13 07:55:18 0 d-----w- c:\windows\system32\DLA
2009-10-13 07:54:57 48128 ----a-w- c:\windows\system32\mpgvideo.ax
2009-10-13 07:54:57 47616 ----a-w- c:\windows\system32\mpgaudio.ax
2009-10-13 07:54:57 21248 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-10-13 07:54:57 192512 ----a-w- c:\windows\system32\AdavVideoDec.dll
2009-10-13 07:54:57 126976 ----a-w- c:\windows\system32\AdavAudioDec.dll
2009-10-13 07:54:57 110592 ----a-w- c:\windows\system32\ArcSpl.ax
2009-10-13 07:52:39 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-10-13 07:52:34 139264 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr
2009-10-13 07:52:07 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-13 07:51:26 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-10-13 07:51:26 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-10-13 07:51:26 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-10-13 07:51:26 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-10-13 07:51:26 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-10-13 07:51:26 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-10-13 07:51:23 0 d-----w- c:\program files\InterVideo
2009-10-13 07:51:15 2238 ----a-w- c:\windows\Gso.ico
2009-10-13 07:50:54 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-10-13 07:48:58 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

==================== Find3M ====================

2009-09-11 14:03:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:51:17 2185984 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02:00 2062976 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 13:51:24.43 ===============








UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/13/2009 3:00:55 AM
System Uptime: 10/28/2009 11:42:32 AM (2 hours ago)

Motherboard: TOSHIBA | | HAQAA
Processor: Genuine Intel® CPU T1300 @ 1.66GHz | U2E1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 80.294 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP18: 10/28/2009 10:09:00 AM - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
ArcSoft Software Suite
CD/DVD Drive Acoustic Silencer
DVD-RAM Driver
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office OneNote 2003
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.3)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
MyConnect Special Offer
mZConfig
Office 2003 Trial Assistant
Pure Networks Port Magic
Quicken 2006
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
sat_screensaver_30mb
SD Secure Module
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SMSC IrCC V5.1.3600.5 SP2
Sonic DLA
Sonic RecordNow!
SpyHunter
SUPERAntiSpyware Free Edition
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (KB974810)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Utility Common Driver
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Yahoo! Music Engine

==== Event Viewer Messages From Past Week ========

10/28/2009 9:52:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'temp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/28/2009 9:45:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
10/28/2009 9:43:43 AM, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 0013021BC330 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/28/2009 9:42:30 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McNASvc service.
10/28/2009 9:42:03 AM, error: Dhcp [1002] - The IP address lease 192.168.2.103 for the Network Card with network address 0013021BC330 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/28/2009 10:09:09 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
10/28/2009 10:08:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'temp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/28/2009 10:04:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/28/2009 10:04:34 AM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
10/27/2009 4:10:10 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MELANIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{09CB7D8D-81AA-4DD. The master browser is stopping or an election is being forced.
10/27/2009 4:06:05 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/27/2009 4:04:44 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
10/27/2009 3:08:03 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
10/27/2009 3:07:02 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/27/2009 3:06:49 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/27/2009 3:06:35 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/27/2009 3:06:24 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/27/2009 2:41:56 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
10/27/2009 12:22:29 AM, error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: Access is denied.
10/27/2009 12:22:28 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
10/27/2009 12:02:56 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer KEVIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{09CB7D8D-81AA-4DDC-. The master browser is stopping or an election is being forced.

==== End Of File ===========================

Attached Files



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 28 October 2009 - 02:28 PM

Hello afonte2,
We need to reset the permissions altered by the malware on a folder.
  • Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe
  • Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:
    "%userprofile%\desktop\inherit" "c:\Documents and Settings\Angela Boudreaux\Desktop\RootRepeal.exe"
    "%userprofile%\desktop\inherit" "c:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
  • If you get a security warning select Run.
  • You will get a "Finish" popup. Click OK.
  • Repeat this for the second line in the codebox as well.

INSTALL ANTIVIRUS
---------------------------
I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


UNINSTALL PROGRAMS
--------------------------------
Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • Viewpoint Media Player
If you are unsure of how to use Add or Remove Programs, then please see this tutorial:
How To Remove An Installed Program From Your Computer


UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


In your next reply, please include the following:
  • Please let me know how everything is running right now.

Edited by elise025, 28 October 2009 - 02:30 PM.
fixed BBcode

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 31 October 2009 - 04:40 AM

Hi afonte, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 afonte2

afonte2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 31 October 2009 - 11:52 AM

Yes, Thanks so much for your help.. seems as if the computer is okay! Thanks again!!

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 31 October 2009 - 12:07 PM

Hello afonte2,

Good to hear everything is fine now. Lets just double check to make sure all is as it should :(

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
In your next reply, please include the following:
  • ESET online scan results
  • A new DDS log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 03 November 2009 - 04:28 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,321 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:04 AM

Posted 05 November 2009 - 06:02 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users