Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I am infected


  • Please log in to reply
11 replies to this topic

#1 Sibyl

Sibyl

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:06 PM

Posted 26 February 2011 - 01:00 PM

Ran it in safe mode attached the report

AVG 2011 Anti-Virus command line scanner
Copyright © 1992 - 2010 AVG Technologies
Program version 10.0.1204, engine 10.0.1435
Virus Database: Version 1435/3467 2011-02-25

C:\WINDOWS\system32\svchost.exe (580):\memory_001d0000 Trojan horse Generic21.MLB
C:\WINDOWS\system32\svchost.exe (580) Trojan horse Generic21.MLB
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ead5d214fc73cb0e612be08553294ab_af30a59e-b0bf-45e1-9a3e-05ccfd533f42 Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6fb087a8ed41deeb16b7a231351f04a_af30a59e-b0bf-45e1-9a3e-05ccfd533f42 Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Owner\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Owner\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\drivers\sptd.sys Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 603563
Found infections : 2
Found PUPs : 0
Healed infections : 1
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
Results C:/Windows/system32/svchost.exe (580)/memory Infection Trojan horse generic21.MLB Object is inaccessible
and then again withot memory says it has healed one and not the other but it shows back up with every scan

Can you help me.....I know this computer is infected with something

Internet explorer is constantly re directed and/or is non responsive
Every scan I run infections show up as warnings and are cleared but next time you run internet explorer or mozilla same thing happens

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:06 PM

Posted 26 February 2011 - 06:39 PM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Sibyl

Sibyl
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:06 PM

Posted 26 February 2011 - 07:29 PM

Defogger and DDS tried to download both programs Stopzilla spyware stops both from downloading suggesting they are malware
So now what? Is this for real?

New processes showed up in task manager
AcroRd32.exe
YahooAUservice.exe
6 new iexplore.exe

Don't know if that means anything but

Edited by Sibyl, 26 February 2011 - 07:39 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:06 PM

Posted 26 February 2011 - 08:55 PM

Hello first disable Stopzilla,doesn't it clash with AVG too?

Is this XP,Vista ???

Let's try this

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Sibyl

Sibyl
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:06 PM

Posted 27 February 2011 - 05:33 PM

OK this is not funny at all Rkil wouldn't run at all
Spy ware.....haha 13 hours it ran screen told me it had found 390 infections in which 21 of them were trojans
but when it was through I'm not sure where the scan went....no record of a scan being completed no logs no quarantine list just gone
So I ranMalwarebytes logs follow

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5896

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/27/2011 3:55:27 PM
mbam-log-2011-02-27 (15-54-53).txt

Scan type: Quick scan
Objects scanned: 162545
Time elapsed: 19 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> No action taken.

Files Infected:
c:\documents and settings\Owner\favorites\free porn, sex, tube videos, xxx pics, porno movies - xnxx.com.url (Rogue.Link) -> No action taken.
c:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> No action taken.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> No action taken.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> No action taken.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\setupCfg.xml (PUP.WhiteSmoke) -> No action taken.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5896

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/27/2011 3:56:19 PM
mbam-log-2011-02-27 (15-56-19).txt

Scan type: Quick scan
Objects scanned: 162545
Time elapsed: 19 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.

Files Infected:
c:\documents and settings\Owner\favorites\free porn, sex, tube videos, xxx pics, porno movies - xnxx.com.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\setupCfg.xml (PUP.WhiteSmoke) -> Not selected for removal.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5896

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/27/2011 5:29:28 PM
mbam-log-2011-02-27 (17-29-27).txt

Scan type: Quick scan
Objects scanned: 146094
Time elapsed: 16 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
This last one states nothing malicious found

I went on internet exploreer
my yahoo homepage and again as it loads you see it stating waiting for yieldmanager

What else can I do and what anti virus malware spyware should I have on my computer and how often should I run scans

Thank you I think but I don't think the computer is totally free of it's problems

Any suggestions would be greatly appreciated !

Sibyl

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:06 PM

Posted 27 February 2011 - 07:36 PM

Hi, no it's not. The whitesmoke usually carries a TDSS rootkit. So lets break that up and scan more.
Would you be willing to lose AVG and Stopzilla?
Did RKill ever run?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

I want to run an Online scan,if AVG will not block it.
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Sibyl

Sibyl
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:06 PM

Posted 28 February 2011 - 12:58 AM

Ok well isn't this fun....right :clapping: I won't lose sleep losing AVG or Stopzilla what are suggesting.lol :wink:

Ok here are the logs both things worked

2011/02/27 23:25:53.0720 3316 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/27 23:25:53.0829 3316 ================================================================================
2011/02/27 23:25:53.0829 3316 SystemInfo:
2011/02/27 23:25:53.0829 3316
2011/02/27 23:25:53.0829 3316 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/27 23:25:53.0829 3316 Product type: Workstation
2011/02/27 23:25:53.0829 3316 ComputerName: DELL
2011/02/27 23:25:53.0829 3316 UserName: Owner
2011/02/27 23:25:53.0829 3316 Windows directory: C:\WINDOWS
2011/02/27 23:25:53.0829 3316 System windows directory: C:\WINDOWS
2011/02/27 23:25:53.0829 3316 Processor architecture: Intel x86
2011/02/27 23:25:53.0829 3316 Number of processors: 2
2011/02/27 23:25:53.0829 3316 Page size: 0x1000
2011/02/27 23:25:53.0829 3316 Boot type: Normal boot
2011/02/27 23:25:53.0829 3316 ================================================================================
2011/02/27 23:25:56.0313 3316 Initialize success
2011/02/27 23:26:00.0626 0992 ================================================================================
2011/02/27 23:26:00.0626 0992 Scan started
2011/02/27 23:26:00.0626 0992 Mode: Manual;
2011/02/27 23:26:00.0626 0992 ================================================================================
2011/02/27 23:26:01.0548 0992 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/27 23:26:01.0610 0992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/27 23:26:01.0673 0992 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/02/27 23:26:01.0735 0992 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/02/27 23:26:01.0891 0992 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/27 23:26:01.0985 0992 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/27 23:26:02.0032 0992 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/27 23:26:02.0079 0992 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/27 23:26:02.0141 0992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/27 23:26:02.0220 0992 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/27 23:26:02.0251 0992 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/02/27 23:26:02.0282 0992 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/27 23:26:02.0329 0992 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/02/27 23:26:02.0376 0992 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/02/27 23:26:02.0423 0992 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/02/27 23:26:02.0485 0992 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/02/27 23:26:02.0563 0992 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/02/27 23:26:02.0641 0992 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/02/27 23:26:02.0688 0992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/27 23:26:02.0751 0992 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/02/27 23:26:02.0766 0992 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2011/02/27 23:26:02.0798 0992 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2011/02/27 23:26:02.0845 0992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/27 23:26:02.0907 0992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/27 23:26:02.0923 0992 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/27 23:26:02.0938 0992 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/27 23:26:03.0048 0992 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
2011/02/27 23:26:03.0157 0992 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2011/02/27 23:26:03.0220 0992 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/02/27 23:26:03.0298 0992 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/02/27 23:26:03.0360 0992 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
2011/02/27 23:26:03.0454 0992 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/02/27 23:26:03.0501 0992 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2011/02/27 23:26:03.0595 0992 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2011/02/27 23:26:03.0641 0992 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2011/02/27 23:26:03.0688 0992 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2011/02/27 23:26:03.0704 0992 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
2011/02/27 23:26:03.0766 0992 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2011/02/27 23:26:03.0829 0992 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2011/02/27 23:26:03.0845 0992 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/02/27 23:26:03.0876 0992 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
2011/02/27 23:26:03.0907 0992 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/02/27 23:26:04.0032 0992 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/27 23:26:04.0063 0992 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
2011/02/27 23:26:04.0141 0992 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/27 23:26:04.0173 0992 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/27 23:26:04.0204 0992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/27 23:26:04.0266 0992 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/27 23:26:04.0329 0992 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/27 23:26:04.0360 0992 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/02/27 23:26:04.0438 0992 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/27 23:26:04.0470 0992 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/27 23:26:04.0501 0992 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/27 23:26:04.0532 0992 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/27 23:26:04.0579 0992 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/27 23:26:04.0610 0992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/27 23:26:04.0626 0992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/27 23:26:04.0673 0992 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/27 23:26:04.0704 0992 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/27 23:26:04.0751 0992 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/02/27 23:26:04.0798 0992 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/02/27 23:26:04.0829 0992 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/02/27 23:26:04.0876 0992 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/27 23:26:04.0938 0992 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/27 23:26:05.0048 0992 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/27 23:26:05.0079 0992 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/27 23:26:05.0157 0992 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/27 23:26:05.0188 0992 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/27 23:26:05.0220 0992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/27 23:26:05.0251 0992 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/27 23:26:05.0282 0992 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/27 23:26:05.0298 0992 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/27 23:26:05.0345 0992 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/27 23:26:05.0391 0992 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
2011/02/27 23:26:05.0438 0992 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/27 23:26:05.0485 0992 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/27 23:26:05.0532 0992 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/27 23:26:05.0579 0992 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/27 23:26:05.0626 0992 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/27 23:26:05.0735 0992 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/02/27 23:26:05.0766 0992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/27 23:26:05.0813 0992 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/27 23:26:05.0829 0992 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/27 23:26:05.0860 0992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/27 23:26:05.0876 0992 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/27 23:26:05.0923 0992 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/27 23:26:05.0970 0992 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/27 23:26:06.0016 0992 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/27 23:26:06.0048 0992 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/27 23:26:06.0079 0992 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/27 23:26:06.0110 0992 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/27 23:26:06.0157 0992 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/27 23:26:06.0188 0992 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/27 23:26:06.0220 0992 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/27 23:26:06.0251 0992 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/27 23:26:06.0298 0992 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/27 23:26:06.0313 0992 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/27 23:26:06.0345 0992 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/27 23:26:06.0360 0992 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/27 23:26:06.0391 0992 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/27 23:26:06.0454 0992 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/27 23:26:06.0485 0992 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/27 23:26:06.0532 0992 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/27 23:26:06.0579 0992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/27 23:26:06.0720 0992 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/27 23:26:06.0845 0992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/27 23:26:06.0860 0992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/27 23:26:06.0907 0992 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/27 23:26:06.0970 0992 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/02/27 23:26:07.0016 0992 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/27 23:26:07.0032 0992 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/27 23:26:07.0063 0992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/27 23:26:07.0095 0992 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/27 23:26:07.0141 0992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/27 23:26:07.0173 0992 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/27 23:26:07.0345 0992 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/27 23:26:07.0391 0992 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/27 23:26:07.0423 0992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/27 23:26:07.0532 0992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/27 23:26:07.0579 0992 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/27 23:26:07.0610 0992 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/27 23:26:07.0626 0992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/27 23:26:07.0673 0992 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/27 23:26:07.0688 0992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/27 23:26:07.0766 0992 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/27 23:26:07.0813 0992 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/27 23:26:07.0985 0992 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/27 23:26:08.0032 0992 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/27 23:26:08.0095 0992 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/27 23:26:08.0126 0992 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/27 23:26:08.0188 0992 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/27 23:26:08.0298 0992 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/27 23:26:08.0376 0992 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/27 23:26:08.0376 0992 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/02/27 23:26:08.0407 0992 sptd - detected Locked file (1)
2011/02/27 23:26:08.0485 0992 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/27 23:26:08.0532 0992 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/27 23:26:08.0563 0992 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/27 23:26:08.0595 0992 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/27 23:26:08.0720 0992 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/27 23:26:08.0782 0992 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
2011/02/27 23:26:08.0798 0992 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
2011/02/27 23:26:08.0860 0992 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/27 23:26:08.0907 0992 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/27 23:26:08.0938 0992 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/27 23:26:08.0954 0992 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/27 23:26:09.0048 0992 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/27 23:26:09.0110 0992 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/27 23:26:09.0188 0992 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/27 23:26:09.0204 0992 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/27 23:26:09.0220 0992 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/27 23:26:09.0282 0992 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/27 23:26:09.0298 0992 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/27 23:26:09.0329 0992 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/27 23:26:09.0360 0992 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/27 23:26:09.0407 0992 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/27 23:26:09.0485 0992 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/27 23:26:09.0532 0992 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/27 23:26:09.0626 0992 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/27 23:26:09.0735 0992 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/27 23:26:09.0735 0992 ================================================================================
2011/02/27 23:26:09.0735 0992 Scan finished
2011/02/27 23:26:09.0735 0992 ================================================================================
2011/02/27 23:26:09.0751 3768 Detected object count: 2
2011/02/27 23:27:27.0016 3768 Locked file(sptd) - User select action: Skip
2011/02/27 23:27:27.0032 3768 \HardDisk0 - will be cured after reboot
2011/02/27 23:27:27.0032 3768 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/27 23:27:32.0907 3004 Deinitialize success


well well I exported the file ESETScan log or so I thought I saved it but not on my desktop said there was one threat and I removed it but alas no lof file to attach

what should I do next........... :wacko:

And if I haven't before I do thank you for all the help :thumbsup:

Edited by Sibyl, 28 February 2011 - 12:59 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:06 PM

Posted 28 February 2011 - 01:01 PM

Ok as long as it was removed we are OK. Reboot the PC.

Let's go here and download and save •Avira Antivir to the desktop. DONT install yet.
First go to the icons by the clock and shut down AVG and StopZila.
Now remove AVG and StopZila thru the Control Panel ..Add/Remove programs.

Reboot

Double click the Avira icon. Install.Update and scan..
Let me know how things are.

AND you are most welcome!

Edited by boopme, 28 February 2011 - 01:02 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Sibyl

Sibyl
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:06 PM

Posted 28 February 2011 - 05:30 PM

OK did what you suggested the log follows from Avira.. :thumbup2: ..So what should I run on my computer and how often
I have this and the Malwarebytes on my computer now,,,,

So you think the computer is well and free of viruses now?

:P

Avira AntiVir Personal
Report file date: Monday, February 28, 2011 15:51

Scanning for 2444681 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : DELL

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 19:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 19:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:50:04
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 20:50:04
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 20:50:04
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 20:50:05
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 20:50:05
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 20:50:05
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 20:50:05
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 20:50:05
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 20:50:05
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 20:50:05
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 20:50:06
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 20:50:06
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 20:50:07
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 20:50:07
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 20:50:08
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 20:50:08
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 20:50:09
VBASE019.VDF : 7.11.3.252 2048 Bytes 2/28/2011 20:50:09
VBASE020.VDF : 7.11.3.253 2048 Bytes 2/28/2011 20:50:09
VBASE021.VDF : 7.11.3.254 2048 Bytes 2/28/2011 20:50:09
VBASE022.VDF : 7.11.3.255 2048 Bytes 2/28/2011 20:50:09
VBASE023.VDF : 7.11.4.0 2048 Bytes 2/28/2011 20:50:09
VBASE024.VDF : 7.11.4.1 2048 Bytes 2/28/2011 20:50:10
VBASE025.VDF : 7.11.4.2 2048 Bytes 2/28/2011 20:50:10
VBASE026.VDF : 7.11.4.3 2048 Bytes 2/28/2011 20:50:10
VBASE027.VDF : 7.11.4.4 2048 Bytes 2/28/2011 20:50:10
VBASE028.VDF : 7.11.4.5 2048 Bytes 2/28/2011 20:50:10
VBASE029.VDF : 7.11.4.6 2048 Bytes 2/28/2011 20:50:10
VBASE030.VDF : 7.11.4.7 2048 Bytes 2/28/2011 20:50:10
VBASE031.VDF : 7.11.4.13 24576 Bytes 2/28/2011 20:50:11
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 19:23:26
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 2/28/2011 20:50:20
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 19:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 19:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 19:23:25
AEPACK.DLL : 8.2.4.10 520567 Bytes 2/28/2011 20:50:18
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/28/2011 20:50:17
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 2/28/2011 20:50:17
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/28/2011 20:50:13
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/28/2011 20:50:12
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 19:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/28/2011 20:50:12
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 19:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 19:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 19:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 19:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 19:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 19:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 19:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 19:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 19:23:52

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, February 28, 2011 15:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'YspService.exe' - '1' Module(s) have been scanned
Scan process 'YMailAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '370' files ).



End of the scan: Monday, February 28, 2011 15:51
Used time: 00:40 Minute(s)

The scan has been done completely.

0 Scanned directories
837 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
837 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes

I also ran a full scan with the same results nothing found
Soo what do you suggest now :wink:

OK did what you suggested the log follows from Avira.. ..So what should I run on my computer and how often
I have this and the Malwarebytes on my computer now,,,,

So you think the computer is well and free of viruses now?



Avira AntiVir Personal
Report file date: Monday, February 28, 2011 15:51

Scanning for 2444681 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : DELL

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 19:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 19:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:50:04
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 20:50:04
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 20:50:04
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 20:50:05
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 20:50:05
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 20:50:05
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 20:50:05
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 20:50:05
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 20:50:05
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 20:50:05
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 20:50:06
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 20:50:06
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 20:50:07
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 20:50:07
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 20:50:08
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 20:50:08
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 20:50:09
VBASE019.VDF : 7.11.3.252 2048 Bytes 2/28/2011 20:50:09
VBASE020.VDF : 7.11.3.253 2048 Bytes 2/28/2011 20:50:09
VBASE021.VDF : 7.11.3.254 2048 Bytes 2/28/2011 20:50:09
VBASE022.VDF : 7.11.3.255 2048 Bytes 2/28/2011 20:50:09
VBASE023.VDF : 7.11.4.0 2048 Bytes 2/28/2011 20:50:09
VBASE024.VDF : 7.11.4.1 2048 Bytes 2/28/2011 20:50:10
VBASE025.VDF : 7.11.4.2 2048 Bytes 2/28/2011 20:50:10
VBASE026.VDF : 7.11.4.3 2048 Bytes 2/28/2011 20:50:10
VBASE027.VDF : 7.11.4.4 2048 Bytes 2/28/2011 20:50:10
VBASE028.VDF : 7.11.4.5 2048 Bytes 2/28/2011 20:50:10
VBASE029.VDF : 7.11.4.6 2048 Bytes 2/28/2011 20:50:10
VBASE030.VDF : 7.11.4.7 2048 Bytes 2/28/2011 20:50:10
VBASE031.VDF : 7.11.4.13 24576 Bytes 2/28/2011 20:50:11
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 19:23:26
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 2/28/2011 20:50:20
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 19:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 19:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 19:23:25
AEPACK.DLL : 8.2.4.10 520567 Bytes 2/28/2011 20:50:18
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/28/2011 20:50:17
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 2/28/2011 20:50:17
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/28/2011 20:50:13
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/28/2011 20:50:12
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 19:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/28/2011 20:50:12
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 19:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 19:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 19:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 19:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 19:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 19:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 19:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 19:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 19:23:52

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, February 28, 2011 15:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'YspService.exe' - '1' Module(s) have been scanned
Scan process 'YMailAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '370' files ).



End of the scan: Monday, February 28, 2011 15:51
Used time: 00:40 Minute(s)

The scan has been done completely.

0 Scanned directories
837 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
837 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes

I also ran a full scan with the same results nothing found
Soo what do you suggest now

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:06 PM

Posted 28 February 2011 - 09:50 PM

Hello sybil.
Rerun MBAM (MalwareBytes)once more like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Just want it to come clean..

Run your AVira at least every other week. Update and run MBAM every few days.
You should add Spywareblaster -( prevents spyware from being installed on your PC) Update it when you run your AV scan,it runs by itself in the background and is light on the system.

Have you checked to see if you need to Defrgment your hard drive?

Keep windows updated. I see you did NOT install Service Pack 3 yet.


If after the MBAM scan is clean then now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

So you think the computer is well and free of viruses now?

Yes :clapping:

Edited by boopme, 28 February 2011 - 09:51 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Sibyl

Sibyl
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:06 PM

Posted 28 February 2011 - 11:09 PM

OK did everything MBAM log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5896

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/28/2011 10:35:50 PM
mbam-log-2011-02-28 (22-35-50).txt

Scan type: Quick scan
Objects scanned: 159190
Time elapsed: 15 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I thank you again :thumbsup: and if I have a problem again how can I get a hold of you to help me .....

thank you for your patience and support.....

Is there anything else I can do ?

and oh yeah one more question in MBAM Quarantine should I delete all in quarantine...Whitesmoke is sitting there and I believe you said that was the one that really got me huh......well thank you again :P

Oh one more thing windows service pac 3 where do I get it duh see you really are talking with a computer novice.....lol

Edited by Sibyl, 28 February 2011 - 11:11 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:06 PM

Posted 28 February 2011 - 11:23 PM

OK, this is clean and that whitesmoke was your demon. A file in Quarantine can no longer harm your computer. If all is running well you can empty the Quarantine..
See Clean, Quarantine, or Delete?


How to obtain the latest Windows XP service pack


You're very welcome!!! :thumbup2:

Edited by boopme, 28 February 2011 - 11:24 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users