Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possiable Infection Type Unknown


  • This topic is locked This topic is locked
13 replies to this topic

#1 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:12:11 PM

Posted 24 October 2010 - 04:16 PM

Hi All,

First off I want to say that I notice a lot has changed since my last visit to this site, and it's all looking good too.

Now to my problem. Due to ill health, and everything that goes along with it, I haven't been using this machine very often, however, here of late I have been noticing what I consider to be strange behavior with both my COMODO Anti Virus, and COMODO Firewall, both are the free version.

They both seems to have lost their minds here of late.

First for the firewall. All of a sudden it has reset itself and has been constantly popping up Alerts on just about every program or application that I use, all of which I had previously set as trusted.

And the problem keeps returning every time I attempt to run anything, even though I had just reinstated the permission, and marked it as Trusted only moments before.

Then when I attempted to run a virus scan I find that COMODO AV hasn't updated itself since 10 Jan 2010! So I click on the Update Now button and within two seconds I get a message saying that the update failed because the PC isn't connected to the Internet, which I know is not correct.

So I ran Malwarebytes, updated it and did a full system scan. It found and quarantined a whole slew slew of nasties, including 1 Trojan. I deleted all of what it had found, yet on the next run all of that trash had reappeared, and all of it was lurking about in System Restore both times.

I turned off System Restore to all drives, then did a cold reboot, turned System Restore back on and made 1 new restore point.

Then I once again opened the COMODO Console, which is supposed to automatically check for updates every time that it is called up. The update failed instantly, so I went to their site and attempted to download a new copy of their AV program, but something kept blocking the download.

So now I'm pretty sure that I have something evil in my machine. I am running the latest version of FF, my operating system is Windows XP with SP 2 with all updates installed.

Any and all help or advice will be appreciated.

THANKS Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 AM

Posted 24 October 2010 - 08:02 PM

Hi Wendy, let's try this and review the logs. I'll go with XP here.

Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:12:11 PM

Posted 25 October 2010 - 06:02 PM

Hi boopme, Thanks for the quick reply.

I followed your advice, and I have to say that I learned something new in so doing. I have never used the Safe Mode With Networking before and had no Idea that I could connect to the Internet that way. I know that my browser won't even open in the regular Safe Mode.

Anyway, as soon as I opened FF and discovered that I was connected to the Internet I had then opened my COMODO Anti Virus program, and when I did it had instantly updated itself, however I was unable to get it to run a scan. I failed to copy the error message that the system generated, however, I'll make a point of doing so if that is abnormal.

Next I downloaded the file that you recommended and allowed the information to be merged with the registry.

Next I was able to download and run RKILL with no problem.

Next I downloaded and updated SAS. I also made sure that the settings were set as you described, however, when I ran the program it did not close FF. I don't know if that makes a difference in the scan outcome or not, but figured it worth mentioning.

Here is the SAS Scan Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2010 at 08:53 AM

Application Version : 4.44.1000

Core Rules Database Version : 5745
Trace Rules Database Version: 3557

Scan type : Complete Scan
Total Scan Time : 03:32:23

Memory items scanned : 309
Memory threats detected : 0
Registry items scanned : 6051
Registry threats detected : 0
File items scanned : 83336
File threats detected : 0

Next, I'm not too sure if we missed a step here or not

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Anyway, I had not ran MBAM in Safe Mode, only in normal mode. Here is the log it generated:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4940

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10/25/2010 2:27:53 PM
mbam-log-2010-10-25 (14-27-53).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 213571
Time elapsed: 3 hour(s), 38 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Next I started to run a full system scan with COMODO and when I opened the user interface console it is once again showing that the AV database hasn't been updated since 5 Jan 2010, and several attempts to update the program failed instantly, again because I was supposedly not connected to the Internet.

Then when I click on the View AV Events button I find a whole slew of evil little creatures that were detected, supposedly killed, and then quarantined. All of which I have also deleted, or at least thought I had deleted from the system on a couple of previous occasions.

It appears as though it is like maybe 16 of those things that just keep coming back over and over again, and all of them are supposedly in System Restore, if I'm reading the results correctly.

I can't figure out how to copy those suckers so as to be able to add them to this reply, however, I did figure out how to export them to a .htm FF document, but I still don't know how to get it to where you can view it.

The most worrisome thing is that several of those suckers are keyloggers.

Any suggestions?

Thanks

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 AM

Posted 25 October 2010 - 11:04 PM

Hi Wendy, I think we are almost clear.

It appears as though it is like maybe 16 of those things that just keep coming back over and over again, and all of them are supposedly in System Restore, if I'm reading the results correctly.

I can't figure out how to copy those suckers so as to be able to add them to this reply, however, I did figure out how to export them to a .htm FF document, but I still don't know how to get it to where you can view it.


I think if we do the steps below to deal with the above items and then you run Comodo again we may be good.


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:12:11 PM

Posted 29 October 2010 - 01:08 AM

Hi boopme Thanks for the reply,

When you said

Hi Wendy, I think we are almost clear.

I'm not too sure about that right this moment.

Since I made my last reply my troubles have kind of multiplied somewhat. I am still unable to update COMODO'S Virus Signature Database anywhere except while in Safe Mode with Networking, and I can't run a Virus Scan with it while I'm in Safe Mode.

Then just as fast as I reboot into Normal Mode COMODO is telling me that it hasn't been updated since 5 Jan 2010, and every attempt to update in Normal Mode fails almost instantly.

Heck, I was even being blocked from accessing the Internet while working in Safe Mode for awhile, until I managed to find a workaround and get FF to connect to the Internet.

Once I was connected I decided to try a Free online scan at Kaspersky but their online scanner was down, so I opted for a 30 Trial of one of their AV Pro programs. After I had gotten it downloaded and was attempting to get it setup, setup had to abort and gave me a notice that I had a Virus and setup could not continue.

It also suggested that I download and run one of their Virus Removal Tools, and provided me with a link to that tool. My first 2 attempts at getting that tool failed, however, I got it to download on my third attempt.

I promptly installed, and set it up to scan every last bit or byte of everything on my machine. Here's the log that it generated, note the top 4 lines, and the last 4 lines. The last 4 lines were from the second run, after I thought that this tool had terminated or disinfected them, so I know that there is still a Trojan running rampant in my Windows\system32.

Autoscan: completed 42 minutes ago (events: 21, objects: 481778, time: 06:34:01)
10/28/2010 8:36:10 AM Detected: Trojan.Win32.Qhost.mcf C:\WINDOWS\system32\drivers\etc\hosts.20090512-074818.backup
10/28/2010 5:45:09 AM Detected: Trojan.Win32.Qhost.mcf C:\WINDOWS\system32\drivers\etc\hosts.20090512-074818.backup
10/28/2010 4:10:09 AM Detected: http://www.viruslist.com/en/advisories/39036 C:\Program Files\IrfanView\i_view32.exe
10/28/2010 6:34:56 AM Detected: http://www.viruslist.com/en/advisories/39036 C:\Program Files\IrfanView\i_view32.exe
10/28/2010 7:29:18 AM Detected: http://www.viruslist.com/en/advisories/39036 C:\Program Files\IrfanView\i_view32.exe
10/28/2010 4:34:41 AM Detected: http://www.viruslist.com/en/advisories/40070 C:\Program Files\OpenOffice.org 3\program\soffice.bin
10/28/2010 6:33:32 AM Detected: http://www.viruslist.com/en/advisories/40070 C:\Program Files\OpenOffice.org 3\program\soffice.exe
10/28/2010 7:41:02 AM Detected: http://www.viruslist.com/en/advisories/40070 C:\Program Files\OpenOffice.org 3\program\soffice.bin
10/28/2010 8:32:45 AM Detected: http://www.viruslist.com/en/advisories/41065 C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
10/28/2010 8:32:44 AM Detected: http://www.viruslist.com/en/advisories/41065 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
10/28/2010 5:41:33 AM Detected: http://www.viruslist.com/en/advisories/41065 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
10/28/2010 5:41:34 AM Detected: http://www.viruslist.com/en/advisories/41065 C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
10/28/2010 8:36:43 AM Detected: http://www.viruslist.com/en/advisories/41434 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
10/28/2010 5:45:56 AM Detected: http://www.viruslist.com/en/advisories/41434 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
10/28/2010 2:35:33 AM Detected: http://www.viruslist.com/en/advisories/41811 C:\Documents and Settings\ADMIN\Desktop\httpd.exe
10/28/2010 6:31:23 AM Detected: http://www.viruslist.com/en/advisories/41811 C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
10/28/2010 6:34:55 AM Detected: http://www.viruslist.com/en/advisories/41811 C:\Documents and Settings\ADMIN\Desktop\httpd.exe
10/28/2010 8:59:58 AM Task completed
10/28/2010 2:25:47 AM Task started
10/28/2010 8:36:10 AM Untreated: Trojan.Win32.Qhost.mcf C:\WINDOWS\system32\drivers\etc\hosts.20090512-074818.backup Postponed
10/28/2010 5:45:10 AM Untreated: Trojan.Win32.Qhost.mcf C:\WINDOWS\system32\drivers\etc\hosts.20090512-074818.backup Postponed

The next thing that I did was to Download a try before you buy copy of AVAST! Internet Security Pro, to a renamed folder on C:\, and ran the setup from there. Then before I ran the program I had ran through it and renamed all of the .exe files that I could find

Once I had it set up, more or less in PARANOID Mode, I ran a couple of scans, almost back to back. The first scan picked up 2 low priority items, which I moved to the Virus Chest. I can't figure out how to copy the log but they were:

What appears to be --> C:\hp\bin\killlt.exe listed as PUP.Win32.KillApp-W [PUP]

I can't be sure about the killlt part as it is tiny and my eyes can't tell if I have too many 'l' things in what I'm looking at or not, and I'm not actually sure that the last letter is a 't'.

The second item was --> C:\Windows\system32\kbhookdll.dll listed as PUP.WIN32.AntiKeyLog[Tool]

The next 2 scans came back clean.

I currently have System Restore turned off as whatever it was that COMODO kept picking up was located at: C:\System Volume Information\_restore

COMODO was Detecting and Quarantining the same thing 15 times a second. I finally figured out how to Export the Virus Log to a HTML thing but I don't know how to get it posted on here for you to see.

I seem to have been able to Kill off the Win32.Monitor.KeyLogger with COMODO as it made its last appearance on 25 Oct.

Then an ApplicUnsafe Win32.Hide~AB@833268 made its first appearance and kept getting Detected and Quarantined 14-16 times a second until 25 Oct when a TrojWare.Win32.Agent.NVP@651429 made its first appearance.

Now, as of 27 Oct C:\WINDOWS\temp\_avast5_\unp99386109.tmp TrojWare.Win32.AdWare.NirCmd.A@424028 has started popping up, and was last Quarantined at 11:20 on 28 Oct by COMODO.

OK, so far I have followed your instructions down to the Disk Cleanup part. After that something caused explorer to cash, then something caused Dr Watson Postmortem to crash, and as of right this moment my Toolbar seems to have crashed also as I can no longer get a response from the system when I click on the Start button.

Anyway, as things stand right this minute, I have had System restore turned off, on both the C:\ and D:\ drives, in an attempt to prevent whatever EVIL little entity that has been plaguing my machine, for the past several weeks from having a hiding spot from which to re-infect my system.

I realize that this is not the recommended procedure, and that I will have no restore point to go to in an attempt to reset my PC to an earlier date, however as I have never had any success in doing that in the past I don't believe that it really matters at this point in time.

It appears that I am going to have to reboot to release whatever it is that has those utilities frozen right now. Hopefully that will resolve that issue.

However, before I reboot I am going to try using MS CONFIG to shut down all non essential components so that my machine will boot faster, then manually start the programs that I need one at a time.

If you have any other recommendations please let me know.


Thanks for your time and help with this stuff..., it's about to drive me to take drastic action, i.e. beat this hunk of plastic with a 12 pound sledge hammer for an hour or two.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 AM

Posted 29 October 2010 - 09:37 PM

Hello, Wendy, there is a lot of conflicting or convoluted occurances. I feel we ought to get a more thorough look and then proceed.
Did you install an app named I Hate Keyloggers?
Is there now more than 1 active Antivirus app installed?


We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:12:11 PM

Posted 30 October 2010 - 10:14 PM

Hi boopme, Thanks for the reply.

To answer your first question,

Did you install an app named I Hate Keyloggers?



"Yes" I had, like way over a year or so ago. But as soon as my virus scanner had picked it up as a keylogger I had went ahead and quarantined it, then after a couple of months I had deleted it from quarantine, and I thought out of my system.

As for your second question,

Is there now more than 1 active Antivirus app installed?



The answer is both, No and Yes. Up until all of this started I only had COMODO. But then when COMODO went all Ga-Ga on me and started refusing to update, then updated in Safe Mode, only to lose its mind and drop back to 5 Jan 2010 as its last update once I got back in normal mode, then turned off its firewall for a couple of days running, and told me there was no such interface when I tried to run a virus scan I decided it was time to make sure that I had at least one working AV program with a working firewall so I got AVAIST!

I know that 2 AV programs running at the same time can conflict with each other, but all of my problems with COMODO started before I got AVAIST!

Now I'm off to follow the rest of your advice.

Thanks for your help, I'll be back later to let you know what happens.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#8 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:12:11 PM

Posted 31 October 2010 - 09:11 PM

Hi boopme,

I seem to have ran into something that I can't figure out while, attempting to follow your instructions, dealing with that DDS thingy.

I am uncertain as to just how to go about making sure that I have disabled any script blocking stuff that I might have running as per the instructions that I have been trying to follow.

As far as I know I don't have script blocking enabled as I am constantly getting little notices about scripts being stuck. It gives me the option to leave them alone to see if they will go ahead and run, or to stop the unresponsive script.

Where do I need to look to see if I have scripts disabled or not? When I tried running DDS all I got was a DOS window fussing at me for not having followed the instructions right, it didn't run anything, and closed within about 45 seconds without generating any kind of log so I know I need to find out where to look to see what my settings are.

Can you give me a walk through on how to do that so that I can run DDS?

EDITED: By the way, is there ANY way, that you know of to manually update the Virus Signature Database in COMODO Internet Security, as opposed to using the automatic update feature? Which, in my case, doesn't seem to want to work.

Thanks for your help.

Wendy

Edited by Wendy K. Walker, 31 October 2010 - 10:40 PM.

TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 AM

Posted 31 October 2010 - 11:21 PM

Hello Wendy, the script blocker is usually tour Antivirus and most times usually only important if you run Symantec/Norton..
They are explained here Do I have a script blocker, ad blocker, or pop-up blocker?. If this is a bit much than just proceed on and if needed the Malware log tech will disab;e what they need.



Download Complete Antivirus Database

The complete CIS database is available for download. This is useful for those users that wish to manually replace the existing database or would like access to the database for other reasons. Note the complete, downloadable database is updated approximately every two days so may not contain all the latest definitions as shown in the table above.

DOWNLOAD COMPLETE DATABASE

Step by step instructions on manually updating CIS definitions can be found here

http://www.comodo.com/home/internet-security/updates/vdp/database.php


Try using OTL instead of DDS..

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:12:11 PM

Posted 03 November 2010 - 01:32 AM

Hi boopme, Thanks for your continuing help here.

Thanks for that link to the COMODO thing, I'll bookmark that page for later use as for some odd reason COMODO decided to update itself again, but now its Firewall had stopped responding.

OK, so here are the two logs, only the first one named itself and it is on top here. The one that minimized itself didn't name itself so I'm sending it as is.

EDITED: Hey, on another note, is there a legitimate reason for IE or NOTEPAD, or any other program, to all of a sudden be wanting to access my keyboard directly? I ask because I've just had several firewall alerts regarding those requests popping up in the past couple of days.

OTL logfile created on: 11/3/2010 4:14:08 AM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.00 Mb Total Physical Memory | 13.00 Mb Available Physical Memory | 10.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.05 Gb Total Space | 36.05 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.92 Gb Free Space | 18.87% Space Free | Partition Type: FAT32
Drive E: | 678.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WENDY | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/03 04:09:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2010/10/30 19:30:12 | 001,797,880 | ---- | M] () -- C:\Program Files\Comodo\Comodo Internet Security\cfp.exe
PRC - [2010/10/29 07:07:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 15:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\ABOMB\ABOMB2\ABOMBvastUI.exe
PRC - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\ABOMB\ABOMB2\AvastSvc.exe
PRC - [2010/09/07 15:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\ABOMB\ABOMB2\afwServ.exe
PRC - [2010/05/25 19:10:34 | 005,475,403 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2010/05/17 14:57:18 | 002,162,176 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2010/02/01 00:45:22 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2009/05/03 04:07:22 | 000,278,264 | ---- | M] (COMODO) -- C:\Program Files\Comodo\SafeSurf\cssurf.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/18 20:53:30 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/03/16 05:51:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\S3apphk.exe


========== Modules (SafeList) ==========

MOD - [2010/11/03 04:09:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/16 05:51:02 | 000,045,056 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3appdll.dll
MOD - [2001/11/11 15:41:07 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\ODETJ.exe -- (ODETJ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\ABOMB\ABOMB2\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\ABOMB\ABOMB2\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\ABOMB\ABOMB2\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/07 15:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\ABOMB\ABOMB2\afwServ.exe -- (avast! Firewall)
SRV - [2009/05/03 04:03:00 | 000,614,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2006/01/18 20:53:30 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom)
DRV - [2010/09/07 14:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/09/07 14:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/09/07 14:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/09/07 14:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 14:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 14:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 14:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 14:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 14:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/07 14:24:46 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 18:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/09 02:29:49 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/06/03 05:45:18 | 000,217,536 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/05/03 04:03:10 | 000,099,856 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/05/03 04:03:10 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/05/03 04:03:10 | 000,031,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/01/18 20:53:30 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2005/04/13 22:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/10/08 01:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 05:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 20:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/04/20 06:06:11 | 000,028,100 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/03/27 01:20:22 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/03/21 05:35:56 | 000,144,860 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trid3dm.sys -- (trid3d)
DRV - [2002/03/19 09:18:26 | 000,187,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/14 17:25:00 | 000,094,679 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2002/03/14 17:25:00 | 000,088,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2002/03/14 17:25:00 | 000,052,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2002/03/14 17:25:00 | 000,034,743 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2002/03/14 17:25:00 | 000,023,607 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2002/03/14 17:25:00 | 000,013,847 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2002/03/14 17:25:00 | 000,006,327 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2002/03/14 17:25:00 | 000,004,119 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2002/03/14 17:25:00 | 000,002,203 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/03/09 23:53:00 | 000,909,501 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/02/15 17:21:00 | 000,078,048 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/02/12 16:56:00 | 000,040,096 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/01/29 07:04:04 | 000,005,589 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/01/29 07:03:18 | 000,022,963 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2001/12/27 10:52:58 | 000,027,136 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/12/08 04:26:00 | 000,013,502 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/18 04:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 19:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 20:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 20:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 20:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 20:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 20:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 20:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 20:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 20:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 20:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 20:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/19 14:20:14 | 000,037,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/06/04 20:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://my.att.net/"
FF - prefs.js..extensions.enabledItems: toolbar@duckduckgo.com:1.2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 07:08:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 07:09:01 | 000,000,000 | ---D | M]

[2009/05/10 05:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2009/05/03 04:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions
[2009/05/03 04:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/27 21:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions
[2009/06/06 20:14:18 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/10 07:47:22 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/05/21 00:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\toolbar@duckduckgo.com
[2010/11/03 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions
[2009/11/02 09:57:58 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/02/24 00:26:11 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/11/01 04:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/08/04 14:58:35 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/07/22 06:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\toolbar@duckduckgo.com
[2010/11/03 00:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/22 05:35:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/05/03 05:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/17 13:11:43 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll

O1 HOSTS File: ([2010/03/01 17:33:31 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\Comodo Internet Security\cfp.exe ()
O4 - HKLM..\Run: [COMODO SafeSurf] C:\Program Files\COMODO\SafeSurf\cssurf.exe (COMODO)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3apphk] C:\WINDOWS\System32\S3apphk.exe ()
O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: ImTranslator - C:\Program Files\Smart Link\ImTranslator for IE\startup.html ()
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/20 04:16:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 06:24:46 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 04:08:58 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/11/02 10:58:47 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1748698.sys
[2010/11/02 10:58:47 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\17486981.sys
[2010/11/02 10:58:47 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\17486982.sys
[2010/11/02 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\Virus Removal Tool
[2010/11/01 05:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\QuickScan
[2010/10/31 08:15:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Recent
[2010/10/31 06:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\DESKTOP DOWNLOAD FOLDER
[2010/10/30 23:46:25 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\87109712.sys
[2010/10/30 23:45:35 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\87109711.sys
[2010/10/30 23:44:26 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\8710971.sys
[2010/10/30 06:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\Downloads
[2010/10/30 06:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/28 01:15:54 | 000,000,000 | ---D | C] -- C:\VKBOMBirus Removal Tool
[2010/10/27 00:29:11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/10/27 00:29:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/27 00:29:08 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/10/27 00:29:02 | 000,099,792 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/10/27 00:28:09 | 000,190,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/10/27 00:28:08 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/27 00:28:06 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/27 00:28:04 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/27 00:28:04 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/27 00:28:02 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/27 00:21:03 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/10/27 00:21:01 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/27 00:21:00 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/27 00:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/26 23:32:58 | 000,000,000 | ---D | C] -- C:\ABOMB
[2010/10/26 08:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/10/25 03:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/25 03:22:56 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe
[2010/10/23 02:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\ATT&T EMAIL
[2010/10/22 05:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/22 05:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/17 06:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\MALWARE LOGS
[2010/10/16 01:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\MY SCANNED STUFF
[2010/10/07 07:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\JAIL BIRDS

========== Files - Modified Within 30 Days ==========

[2010/11/03 04:09:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/11/03 02:22:21 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/11/03 02:20:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 01:22:24 | 000,059,646 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG 3
[2010/11/02 23:56:38 | 000,000,284 | -HS- | M] () -- C:\BOOT.INI
[2010/11/02 20:28:07 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utmyndey.sys
[2010/11/02 11:03:16 | 000,313,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/02 11:03:16 | 000,040,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/02 10:43:34 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\VOTE POST.wps
[2010/11/02 08:37:02 | 000,031,752 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG2
[2010/11/01 05:21:32 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\QuickScan Folder.lnk
[2010/10/31 03:44:29 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SPELL CHECK.wps
[2010/10/31 03:18:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ADMIN\defogger_reenable
[2010/10/30 19:15:03 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/10/30 01:46:51 | 000,072,699 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG
[2010/10/28 09:50:16 | 000,001,468 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2010/10/28 01:21:22 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Start.lnk
[2010/10/27 00:28:05 | 000,002,614 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/25 22:42:16 | 000,016,558 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\EVIL LITTLE CREATURES.htm
[2010/10/25 03:31:30 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/25 03:25:54 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe
[2010/10/25 01:40:14 | 000,134,539 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\54.JPG
[2010/10/24 04:37:33 | 000,148,187 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\53.JPG
[2010/10/13 05:31:17 | 000,162,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/11 04:56:50 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\HP Officejet 4300 series.lnk
[2010/10/11 04:38:19 | 000,109,976 | ---- | M] () -- C:\WINDOWS\hpoins08.dat

========== Files Created - No Company Name ==========

[2010/11/03 01:22:23 | 000,059,646 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG 3
[2010/11/02 23:56:33 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
[2010/11/02 23:56:33 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk.disabled
[2010/11/02 23:56:31 | 000,002,180 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk.disabled
[2010/11/02 10:43:33 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\VOTE POST.wps
[2010/11/02 08:37:02 | 000,031,752 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG2
[2010/11/01 05:21:20 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\QuickScan Folder.lnk
[2010/10/31 03:18:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ADMIN\defogger_reenable
[2010/10/30 21:34:37 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utmyndey.sys
[2010/10/30 19:36:55 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Start.lnk
[2010/10/30 01:46:45 | 000,072,699 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG
[2010/10/27 00:29:12 | 000,001,468 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2010/10/25 22:42:15 | 000,016,558 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\EVIL LITTLE CREATURES.htm
[2010/10/25 03:31:30 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/25 01:40:09 | 000,134,539 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\54.JPG
[2010/10/24 04:37:30 | 000,148,187 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\53.JPG
[2010/10/11 04:56:50 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\HP Officejet 4300 series.lnk
[2010/10/11 04:09:56 | 000,109,976 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/10/11 04:09:55 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/10/11 00:27:45 | 000,110,056 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/10/11 00:27:45 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2009/11/02 05:39:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/08 02:55:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/06 01:35:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/06/06 00:40:36 | 000,003,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/03 04:30:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/05/25 01:55:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/25 01:50:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2009/05/09 05:09:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2009/05/09 05:06:40 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/05/09 05:05:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/05/03 03:28:22 | 000,143,096 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/03 03:15:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2009/05/03 02:29:50 | 000,000,058 | ---- | C] () -- C:\WINDOWS\BGH 2005 SS 1.ini
[2006/05/29 13:47:31 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/05/29 13:47:29 | 000,000,055 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/02/21 15:22:46 | 008,940,869 | ---- | C] () -- C:\Program Files\Adobe.zip
[2006/02/02 15:04:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/02/01 23:06:51 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/01/18 20:45:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/01/18 20:45:09 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2006/01/18 20:45:09 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2006/01/18 20:45:09 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2005/12/30 21:10:01 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/12/30 03:02:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/04/26 03:23:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/21 00:24:15 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2002/04/21 00:24:15 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2002/04/21 00:16:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/04/21 00:16:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/04/20 06:28:06 | 000,004,478 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/04/20 06:19:46 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/04/20 05:26:01 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2002/04/20 05:26:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2002/04/20 05:25:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/04/20 04:20:31 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/20 04:04:05 | 000,000,666 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/19 21:08:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/03/30 01:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/27 21:37:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/03/12 10:25:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/09/01 05:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 20:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/19 14:20:14 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1997/06/18 06:00:00 | 001,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 06:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 06:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/06/22 00:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Auslogics
[2009/05/10 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\ieSpell
[2010/10/16 00:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Image Zone Express
[2002/04/20 06:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\InterTrust
[2009/06/09 02:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\NCH Swift Sound
[2009/11/03 01:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\OpenOffice.org
[2010/11/02 08:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\QuickScan
[2009/05/04 02:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Template
[2009/06/03 06:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TrueCrypt
[2002/04/20 06:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\VERITAS
[2010/10/27 00:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/03 03:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/02/19 10:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2010/08/05 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/07/20 12:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/23 18:46:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/16 19:51:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/02/23 18:46:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/05/16 19:51:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2006/02/23 18:46:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/16 19:51:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/02/23 18:46:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/05/16 19:51:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Comodo\Comodo Internet Security\cfp.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\ADMIN\Desktop\mbk622n2.exe:SummaryInformation

< End of report >


And here's the other one: HEY wait a minute here, That's the only one it made, There isn't one minimized. Is that a bad thing?

Thanks again for your help Boo.


Wendy

Edited by Wendy K. Walker, 03 November 2010 - 01:54 AM.

TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 AM

Posted 03 November 2010 - 08:34 PM

No problem Wen... I just need you to repodt the OTL log here Virus, Trojan, Spyware, and Malware Removal Logs

Include this link to this topic please..
http://www.bleepingcomputer.com/forums/topic356033.html/page__gopid__2002625#entry2002625

Edited by boopme, 03 November 2010 - 08:35 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:12:11 PM

Posted 04 November 2010 - 01:06 AM

Hi boopme, Thanks for all of your help here in this forum.

OK, but first I'm going to give the OTL thingy another go to see if it will generate that second log before I post in that other forum.

BTY: You didn't answer my question in the EDITED: thing that I added to my last reply. I don't know if what is happening is normal, or if it might be something EVIL trying to follow my keystrokes.

But for some ODD reason my COMODO firewall has started doing a WHOLE LOT of Alerting on the fact that NOTEPAD and IE are trying to access my keyboard directly, and that is something that it has NEVER done before.

Let me know what your thoughts on that are, OK?

Thanks again for all of the help that you have given me here.

Wendy K. Walker
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 AM

Posted 04 November 2010 - 01:16 PM

Hey Wen, you do have active malware and it is most likely altering things as it does it's thing.. Yes they are not good or normal, but they will be dealt with. We just need the more inteb=nsive log info so we know what/how to deal with it safely and finally.

have a great day !!

boop
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:11 AM

Posted 05 November 2010 - 12:18 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic358542.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users