Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Microsoft Security Essentials Alert - Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Microsoft Security Essentials Alert - Virus

Unread postby richope » October 9th, 2010, 12:56 pm

I rebooted in safe mode and ran Hijack this only 3 of the programs were there. I restarted the computer and it was in a loop and the regular sign in screen never came up. I had to boot in safe mode to get to the login screen. I checked hijack this and the 3 programs I deleted were not there.

Here is the extras log:

OTL Extras logfile created on: 10/7/2010 5:09:24 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Hope\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.23 Gb Total Space | 83.05 Gb Free Space | 37.04% Space Free | Partition Type: NTFS
Drive D: | 8.63 Gb Total Space | 0.39 Gb Free Space | 4.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHOPE88
Current User Name: Hope
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.com [@ = ComFile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:itunes
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NO1 DVD Ripper\#1 DVD Ripper.exe" = C:\Program Files\NO1 DVD Ripper\#1 DVD Ripper.exe:*:Enabled:#1 DVD Ripper -- (dvdtox.com)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Disabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Disabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\iTunes\iTunesPhotoProcessor.exe" = C:\Program Files\iTunes\iTunesPhotoProcessor.exe:*:Enabled:iTunesPhotoProcessor.exe -- (Apple Inc.)
"C:\Program Files\BLS2010\bls2010.exe" = C:\Program Files\BLS2010\bls2010.exe:*:Enabled:BLS-2010 -- (CDE Software)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)
"C:\Program Files\Sony\Sony Picture Utility\Announce\SPUAnnounce.exe" = C:\Program Files\Sony\Sony Picture Utility\Announce\SPUAnnounce.exe:*:Enabled:Information Tool -- (Sony Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#1 DVD Ripper_is1" = #1 DVD Ripper 3.1
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BB53CBD-B1FC-469F-9564-2C447AC3D2A8}" = BLS-2009
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24011CA6-DABF-7D23-018F-60D0B5C11FA9}" = Antivirus 2010
"{25EF00AC-F17B-11D6-88EA-000476CD2443}" = Verizon Service Fulfillment Platform
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2875A5F5-E613-4F99-9B47-8882C9DD24A5}" = OfotoNow
"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FAF5A9F-7EDE-4F1A-B082-C95A9F420630}" = Media Bar 3.2.11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{3E54A849-D29D-4105-9184-C07219055007}" = LG Outlook Sync
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
"{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{5FF58521-5E44-11D4-A433-00105A8547C6}" = PictureGear 5.1
"{601B53EE-509D-4649-9173-14A864F1E807}" = VAIOWorld
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65980EBF-C4B5-4555-823A-94DB7F709E53}" = Secure Online Account Numbers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8139011A-4039-46C7-8614-A3F8948121AD}" = PicoPlayer
"{8168D841-C358-4F9B-B92E-EAE9EB715A74}" = Bing Bar Platform
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}" = PrintMaster
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A0F11C0B-FED9-4E83-9997-802D727FE948}" = BLS-2010 Clipart
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A228A09C-4826-42E0-A3D8-95B2BAAB5049}" = OpenMG Secure Module
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6692334-2483-4A07-8F84-38F95BB9EB47}" = BLS-2011
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}" = Caricature Studio Green 3.6
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B5B0ABC0-3177-11D3-AC45-0000F879D920}" = VisualFlow 2.1
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BBF80896-049C-497E-BB94-E57F0F9054F0}" = BLS-2010
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D4A49B00-02F8-11D5-B64D-00C04F790F76}" = MovieShaker 3.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D717EE1D-8623-4E53-A2C8-2D53CACA1309}" = WinLABS
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{DC4DD556-DD03-422A-926B-470746D8B50D}" = Microsoft Office Outlook Connector for MSN
"{E2069DE3-5924-4766-A385-CDA273885A31}" = DigitalPrint 1.0
"{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7E254C0-94AA-4B33-AF6D-5276A169A680}" = TONKA Search & Rescue 2
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Intel® Viiv™ Software
"{EF1989B2-F482-49D3-BB19-7C81E3EAAB39}" = PCmover
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F1000BF5-C7BC-48E2-9FD5-74824ED4F0F9}" = BLS-2008 Clipart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}" = SonicStage CD-R Writing Module
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090805
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3DGroove" = 3D Groove Playback Engine
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PhotoDeluxe 2.0" = Adobe PhotoDeluxe 2.0
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Gadgets 2.70" = AIM Gadgets 2.70
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Corel Applications" = Corel Applications
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DISCover" = DISCover
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DVD Express A/V Pak" = DVDExpress
"EL" = Intel(R) Quick Resume Technology Drivers
"eTrust Suite Personal" = CA Internet Security Suite
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{EF1989B2-F482-49D3-BB19-7C81E3EAAB39}" = PCmover
"InterActual Player" = InterActual Player
"KartRider" = KartRider
"KODAK Picture CD Volume 2 Issue 4" = KODAK Picture CD Volume 2 Issue 4
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"Netscape Browser" = Netscape Browser (remove only)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Penguins!" = Penguins! (remove only)
"PhotoFrame_V1.0" = PhotoFrame_V1.0
"PhotoPrinter 2000 Pro" = PhotoPrinter 2000 Pro
"Picasa 3" = Picasa 3
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"PROSet" = Intel(R) PRO Network Connections Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"RealProducer 8.5" = RealProducer Basic 8.5
"Rhapsody" = Rhapsody
"ScanCraft CS-P" = ScanCraft CS-P
"Shockwave" = Shockwave
"VETWIN32Vp5" = CA Anti-Virus
"Videora iPod Converter" = Videora iPod Converter 3.07
"Videora iPod touch Converter" = Videora iPod touch Converter 4.08
"ViewpointMediaPlayer" = Viewpoint Media Player
"WeatherBug" = WeatherBug
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hpmedia Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare Streaming Audio Recorder_is1" = Wondershare Streaming Audio Recorder(Build 1.0.4.0)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
"YIP2_SONY" = Sony on Yahoo!
"YouTube Downloader App" = YouTube Downloader App 1.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2010 2:17:23 AM | Computer Name = RICHOPE88 | Source = ESENT | ID = 455
Description = wuaueng.dll (632) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/7/2010 2:17:33 AM | Computer Name = RICHOPE88 | Source = ESENT | ID = 489
Description = wuauclt (632) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/7/2010 2:17:33 AM | Computer Name = RICHOPE88 | Source = ESENT | ID = 455
Description = wuaueng.dll (632) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/7/2010 2:17:53 AM | Computer Name = RICHOPE88 | Source = ESENT | ID = 489
Description = wuauclt (3376) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/7/2010 2:17:53 AM | Computer Name = RICHOPE88 | Source = ESENT | ID = 455
Description = wuaueng.dll (3376) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/7/2010 2:18:03 AM | Computer Name = RICHOPE88 | Source = ESENT | ID = 489
Description = wuauclt (3376) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/7/2010 2:18:03 AM | Computer Name = RICHOPE88 | Source = ESENT | ID = 455
Description = wuaueng.dll (3376) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/7/2010 6:56:20 AM | Computer Name = RICHOPE88 | Source = Application Error | ID = 1000
Description = Faulting application nmsrvc.exe, version 10.0.8093.0, faulting module
nmcore.dll, version 10.2.8216.0, fault address 0x001a16f4.

Error - 10/7/2010 7:09:09 AM | Computer Name = RICHOPE88 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/7/2010 7:09:09 AM | Computer Name = RICHOPE88 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 10/7/2010 5:07:01 PM | Computer Name = RICHOPE88 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 10/7/2010 5:07:21 PM | Computer Name = RICHOPE88 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/7/2010 5:08:30 PM | Computer Name = RICHOPE88 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm Klif Klpf Klpid KmxAgent KmxFile KmxFw KmxStart VET-FILT VET-REC VETEFILE
VETMONNT


< End of report >
richope
Regular Member
 
Posts: 24
Joined: December 13th, 2008, 8:11 pm
Advertisement
Register to Remove

Re: Microsoft Security Essentials Alert - Virus

Unread postby deltalima » October 9th, 2010, 2:07 pm

Hi richope,

The computer is in quite a bad way, and there is no guarantee that we will be able to fix it.

The first thing to do is to use the USB memory stick to copy ALL your important documents from the computer to another working computer so that they are safe.

Once this has been done, download Combofix to a working computer and transfer it to the infected computer using the memory stick then run in safe mode using the following instruction.

Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials Alert - Virus

Unread postby richope » October 10th, 2010, 6:45 pm

OK. Made it through that. Ran the combofix.exe and it first said that it found rootkill and had to restart the computer. It would not let me not do that. So restarted computer. Started back up in safe mode and combofix started back up. It ran for a little while. Then it restarted without asking any questions. Still will not start up regular only safe mode. I am now able to get to the internet in safe mode.

here is the log from combo fix. I know you said to disable the anti virus software but I don't see where or how to do that in safe mode. When I attempt to open the CA suite it says it can't.

ComboFix 10-10-09.06 - Hope 10/10/2010 15:23:18.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1758 [GMT -4:00]
Running from: C:\Documents and Settings\Hope\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.
richope
Regular Member
 
Posts: 24
Joined: December 13th, 2008, 8:11 pm

Re: Microsoft Security Essentials Alert - Virus

Unread postby deltalima » October 11th, 2010, 3:41 am

Hi richope,

The log from Combofix is incomplete. Please check the file C:\ComboFix.txt and post the contents if different from the contents of your previous post.

I am now able to get to the internet in safe mode.


Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Documents and Settings\Hope\Application Data\17674.js

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Please repeat the process with the following file.

C:\WINDOWS\System32\calcuery.dll


Please post both logs in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials Alert - Virus

Unread postby richope » October 11th, 2010, 10:55 am

OK. Here is the log from the first one. It did not give a log so I have the print of the screen. The 2nd file is no longer there. I did a search for it and it is in C:\Qoobox\Quarantine\C\Windows and C\Windows|System32 with the same name of calcuery.dll.vrx

VT Community Sign in ? My account ? Sign out Signing out... Languages ?
VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.comSign in to VT Community
Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.

email
password
Keep me logged in
Sign in
Signing in, please wait...
Login failed, please try again
Forgot your password? Create an account
Edit my profile
View my profile
Inbox

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: 17674.js
Submission date: 2010-10-11 14:13:14 (UTC)
Current status: queued (#3) queued (#3) analysing finished


Result: 3/ 43 (7.0%)
VT Community

not reviewed
Safety score: -

Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.11.00 2010.10.11 -
AntiVir 7.10.12.173 2010.10.11 -
Antiy-AVL 2.0.3.7 2010.10.11 -
Authentium 5.2.0.5 2010.10.11 -
Avast 4.8.1351.0 2010.10.11 -
Avast5 5.0.594.0 2010.10.11 -
AVG 9.0.0.851 2010.10.11 -
BitDefender 7.2 2010.10.11 -
CAT-QuickHeal 11.00 2010.10.11 -
ClamAV 0.96.2.0-git 2010.10.11 -
Comodo 6353 2010.10.11 -
DrWeb 5.0.2.03300 2010.10.11 -
Emsisoft 5.0.0.50 2010.10.11 -
eSafe 7.0.17.0 2010.10.07 -
eTrust-Vet 36.1.7904 2010.10.11 -
F-Prot 4.6.2.117 2010.10.11 -
F-Secure 9.0.15370.0 2010.10.11 -
Fortinet 4.2.249.0 2010.10.11 -
GData 21 2010.10.11 -
Ikarus T3.1.1.90.0 2010.10.11 -
Jiangmin 13.0.900 2010.10.11 -
K7AntiVirus 9.65.2713 2010.10.09 -
Kaspersky 7.0.0.125 2010.10.11 -
McAfee 5.400.0.1158 2010.10.11 -
McAfee-GW-Edition 2010.1C 2010.10.11 Heuristic.BehavesLike.JS.CodeUnfolding.F
Microsoft 1.6201 2010.10.11 Rogue:JS/FakePAV
NOD32 5520 2010.10.11 -
Norman 6.06.07 2010.10.11 -
nProtect 2010-10-11.01 2010.10.11 -
Panda 10.0.2.7 2010.10.10 -
PCTools 7.0.3.5 2010.10.11 -
Prevx 3.0 2010.10.11 -
Rising 22.69.00.01 2010.10.11 -
Sophos 4.58.0 2010.10.11 Troj/FakeAvJs-G
Sunbelt 7036 2010.10.11 -
SUPERAntiSpyware 4.40.0.1006 2010.10.10 -
Symantec 20101.2.0.161 2010.10.11 -
TheHacker 6.7.0.1.054 2010.10.10 -
TrendMicro 9.120.0.1004 2010.10.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.11 -
VBA32 3.12.14.1 2010.10.11 -
ViRobot 2010.10.4.4074 2010.10.11 -
VirusBuster 12.67.11.0 2010.10.10 -
Additional informationShow all
MD5 : 80fae3cff8a0f0c26c809f0754b96bf4
SHA1 : 18b81d46f98d4cce8068dfdab8379fcc3a26ffe5
SHA256: 8f9630ac0b4bfd74e4b0295f65710d6af421fa42e511f72817c217161781a4b1
ssdeep: 192:kNFg31he47eRqU7hM577hahyFTs4TLS+UgVWX1:kNFg3nb7eV7h477hsyFTbLzp6
File size : 6244 bytes
First seen: 2010-10-11 14:13:14
Last seen : 2010-10-11 14:13:14
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (F-Prot): eval


VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
text -- strikethrough
Code: Select all
text
-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware Malware Spam attachment/link
P2P download Propagating via IM Network worm
Drive-by-download



Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.

Preview commentEdit comment Post comment Posting comment...
Comment successfully posted









ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com- Terms of Service & Privacy Policy
richope
Regular Member
 
Posts: 24
Joined: December 13th, 2008, 8:11 pm

Re: Microsoft Security Essentials Alert - Virus

Unread postby deltalima » October 11th, 2010, 12:18 pm

Hi richope,

Download SystemLook and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\Qoobox  /nodirs
    C:\ /nodirs
    :contents
    C:\ComboFix.txt
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials Alert - Virus

Unread postby richope » October 11th, 2010, 1:45 pm

OK. Here is the log

SystemLook 04.09.10 by jpshortstuff
Log created at 13:44 on 11/10/2010 by Hope
Administrator - Elevation successful

========== dir ==========

C:\Qoobox - Parameters: "/nodirs"

---Files---
None found.

C: - Parameters: "/nodirs"

---Files---
AUTOEXEC.BAT ------- 100 bytes [04:02 31/08/2005] [15:28 01/09/2006]
avgun.log ------- 4869 bytes [23:40 25/02/2004] [23:42 25/02/2004]
Boot.bak --a---- 279 bytes [19:34 30/12/2006] [14:53 20/06/2009]
boot.ini -rahs-- 325 bytes [22:34 30/08/2005] [19:10 10/10/2010]
caavsetupLog.txt --a---- 36044 bytes [20:22 10/04/2009] [11:07 07/10/2010]
caEntitlementLog.txt --a---- 340 bytes [12:09 02/10/2010] [19:58 06/10/2010]
caisslog.txt --a---- 2780559 bytes [00:30 10/12/2008] [19:01 10/10/2010]
cmldr -r-hs-- 260272 bytes [19:34 30/12/2006] [21:00 09/08/2004]
CONFIG.SYS ------- 0 bytes [04:02 31/08/2005] [04:02 31/08/2005]
hpWebHelper.log ------- 51 bytes [15:36 01/09/2006] [15:36 01/09/2006]
Incoming Mails.csv --a---- 168686 bytes [04:09 13/11/2009] [20:04 29/09/2010]
IO.SYS -r-hs-- 0 bytes [04:02 31/08/2005] [04:02 31/08/2005]
IPH.PH --ah--- 2073 bytes [19:20 30/12/2006] [10:57 14/10/2009]
JavaRa.log --a---- 11310 bytes [22:13 22/12/2008] [22:14 22/12/2008]
klsfdb32.dat ------- 187288 bytes [00:01 26/02/2004] [19:22 04/12/2004]
klsfdbM.dat ------- 292408 bytes [05:49 26/02/2004] [19:25 04/12/2004]
MSDOS.SYS -r-hs-- 0 bytes [04:02 31/08/2005] [04:02 31/08/2005]
nothing_frm.pdf ------- 55446 bytes [22:29 19/01/2007] [22:29 19/01/2007]
NTDETECT.COM -r-hs-- 47564 bytes [11:00 10/08/2004] [21:00 09/08/2004]
ntldr -r-hs-- 250048 bytes [11:00 10/08/2004] [16:13 29/08/2008]
pagefile.sys --ahs-- 2145386496 bytes [10:58 30/09/2010] [10:16 11/10/2010]
PDOXUSRS.NET --a---- 13030 bytes [19:45 15/01/2005] [12:57 14/06/2009]
rkill.log --a---- 479 bytes [21:18 03/10/2010] [18:00 10/10/2010]
s254 ------- 16 bytes [19:30 19/02/2005] [19:30 19/02/2005]
s284 ------- 16 bytes [03:04 04/08/2006] [03:04 04/08/2006]
s298 ------- 16 bytes [15:23 24/03/2005] [15:23 24/03/2005]
s2ec ------- 16 bytes [01:02 04/12/2005] [01:02 04/12/2005]
s2j0 ------- 16 bytes [19:36 17/11/2005] [19:36 17/11/2005]
s2mo ------- 16 bytes [06:12 06/04/2006] [06:12 06/04/2006]
s2u4 ------- 0 bytes [11:16 12/11/2005] [11:16 12/11/2005]
s35o ------- 16 bytes [02:27 10/12/2005] [02:27 10/12/2005]
s378 ------- 16 bytes [02:45 17/06/2006] [02:45 17/06/2006]
s39s ------- 16 bytes [04:26 17/02/2005] [04:26 17/02/2005]
s3c0 ------- 3036 bytes [11:05 29/07/2006] [11:05 29/07/2006]
s3eg ------- 16 bytes [04:03 10/01/2006] [04:03 10/01/2006]
s3p8 ------- 16 bytes [20:42 01/08/2006] [20:42 01/08/2006]
sf8 ------- 16 bytes [23:10 14/12/2005] [23:10 14/12/2005]
T4Metrics.log ---h--- 454 bytes [19:20 30/12/2006] [19:21 30/12/2006]
XceedZip50.dll.manifest --a---- 8848 bytes [20:13 08/03/2010] [20:13 08/03/2010]

========== contents ==========

C:\ComboFix.txt - Unable to open file.

-= EOF =-
richope
Regular Member
 
Posts: 24
Joined: December 13th, 2008, 8:11 pm

Re: Microsoft Security Essentials Alert - Virus

Unread postby deltalima » October 11th, 2010, 2:44 pm

Hi richope,

I need to check a couple of points with some experts elsewhere and will be back as soon as possible.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials Alert - Virus

Unread postby deltalima » October 11th, 2010, 4:55 pm

Hi richope,

We need a full scan with Combofix, it seems that the HIPS part of CA is interfering.

We need to uninstall CA Internet Security Suite and run Combofix again, please unplug the network cable before uninstalling CA, reboot then run Combofix in Safe Mode.

Please copy the log using the USB memory stick to another computer and post in your next reply.

Please keep the infected computer disconnected from the Internet and do not reinstall CA yet.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials Alert - Virus

Unread postby richope » October 11th, 2010, 10:26 pm

OK. CA Internet Security Suite will not uninstall. It says that there is an error with caunst.exe. So I did a search of all files and found 2 files. Once in C:\program files\CA\CA\caunst.exe and one other. So I just renamed them and then ran the combofix program. This time I believe I got a good log file. Here it is.

ComboFix 10-10-11.01 - Hope 10/11/2010 22:10:29.4.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1575 [GMT -4:00]
Running from: c:\documents and settings\Hope\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\Hope\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\Hope\g2mdlhlpx.exe
c:\documents and settings\Hope\GoToAssistDownloadHelper.exe
c:\windows\calcuery.dll
c:\windows\desktop\ImageStation.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\pef325.dll
c:\windows\system\Thelc___.fon
c:\windows\system32\calcuery.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USERINIT


((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-08 03:40 . 2010-10-08 03:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-10-07 11:07 . 2010-10-11 10:41 -------- d-----w- c:\documents and settings\Hope\Application Data\CallingID
2010-10-07 11:07 . 2008-08-27 22:44 250544 ----a-w- c:\windows\system32\KeyHelp.ocx
2010-10-07 11:07 . 2010-10-07 11:07 -------- d-----w- c:\program files\Common Files\Scanner
2010-10-07 11:07 . 2010-10-10 22:40 91472 ----a-w- c:\windows\system32\isafprod.dll
2010-10-07 11:07 . 2010-10-10 22:40 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2010-10-07 11:07 . 2010-10-10 22:40 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2010-10-07 11:07 . 2010-10-10 22:40 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2010-10-07 11:07 . 2010-10-10 22:40 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2010-10-07 11:07 . 2010-10-10 22:40 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2010-10-07 11:07 . 2010-10-10 22:40 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2010-10-07 11:07 . 2008-08-30 19:14 83256 ----a-w- c:\windows\system32\vetredir.dll
2010-10-07 11:07 . 2008-08-30 19:14 99568 ----a-w- c:\windows\system32\isafeif.dll
2010-10-04 02:10 . 2010-10-04 02:10 388096 ----a-r- c:\documents and settings\Hope\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-04 00:20 . 2010-10-04 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-10-04 00:20 . 2010-10-04 00:20 -------- d-----w- c:\program files\Common Files\XoftSpySE
2010-10-04 00:20 . 2010-10-04 00:20 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-10-04 00:20 . 2010-10-04 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-10-04 00:20 . 2010-10-04 00:20 -------- d-----w- c:\program files\XoftSpySE6
2010-10-03 23:32 . 2010-10-03 23:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-03 23:32 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 23:32 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 21:21 . 2010-10-03 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-10-03 21:21 . 2010-10-03 22:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-01 20:33 . 2010-10-04 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 23:25 . 2010-09-30 23:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-09-30 21:30 . 2010-09-30 21:30 -------- d-----w- c:\documents and settings\Hope\Application Data\Netscape
2010-09-26 12:58 . 2010-09-26 12:58 -------- d-----w- c:\program files\iPod
2010-09-26 12:55 . 2010-09-26 12:55 -------- d-----w- c:\program files\Bonjour
2010-09-22 21:14 . 2010-09-22 21:14 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-09-22 21:14 . 2010-09-22 21:14 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-09-22 21:14 . 2010-09-22 21:14 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-09-22 21:14 . 2010-09-22 21:14 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-09-22 21:14 . 2010-09-22 21:14 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-09-22 21:14 . 2010-09-22 21:14 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-09-22 21:14 . 2010-09-22 21:14 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-09-22 21:13 . 2010-09-22 21:14 -------- d-----w- c:\program files\QuickTime
2010-09-22 21:08 . 2010-09-26 12:59 -------- d-----w- c:\program files\iTunes
2010-09-18 03:29 . 2010-09-18 03:29 -------- d-----w- c:\program files\ISSThirdParty

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2004-09-09 1597440]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2010-09-22 1721680]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-14 185896]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe" [2010-03-16 243032]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-10-23 4854040]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2010-10-10 230736]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\documents and settings\Amy\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-1 27136]

c:\documents and settings\Rich\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-1 27136]

c:\documents and settings\Hope\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-1 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-9-1 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 19:27 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Family & Friends Reminders.LNK
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Defender Pro Firewall.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Defender Pro Firewall.lnk
backup=c:\windows\pss\Defender Pro Firewall.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hope^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Hope\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure Online Account Numbers]
2007-02-02 21:11 233472 ----a-w- c:\progra~1\Discover\SOAN\SOAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
2005-09-03 03:50 302528 ----a-w- c:\program files\WildTangent\Apps\CDA\CDAEngine0400.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NO1 DVD Ripper\\#1 DVD Ripper.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\iTunes\\iTunesPhotoProcessor.exe"=
"c:\\Program Files\\BLS2010\\bls2010.exe"=
"c:\\Program Files\\Sony\\Sony Picture Utility\\Announce\\SPUAnnounce.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service

S0 Klpid;Klpid;c:\windows\system32\Drivers\klpid.sys --> c:\windows\system32\Drivers\klpid.sys [?]
S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/8/2009 10:02 AM 108024]
S1 Klpf;Klpf;c:\windows\system32\Drivers\Klpf.sys --> c:\windows\system32\Drivers\Klpf.sys [?]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [12/23/2009 11:29 AM 78840]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [3/21/2008 4:00 PM 45584]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [3/19/2008 11:56 AM 115216]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [9/17/2010 11:28 PM 206160]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 8:05 AM 135664]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/4/2008 12:27 PM 134648]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [3/21/2008 4:00 PM 66576]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [8/4/2009 10:42 AM 887288]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [7/13/2009 10:39 AM 760664]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [7/27/2009 3:40 PM 227832]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 4:59 PM 24652]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [9/30/2009 4:51 PM 239608]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [5/3/2006 10:19 AM 4736]
S3 PhotoFrame;PhotoFrame_2.0 Device;c:\windows\system32\drivers\PhotoFrame.sys [9/21/2008 3:05 PM 30208]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [5/3/2006 10:19 AM 8960]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [10/7/2010 7:07 AM 185680]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [9/9/2009 10:06 PM 16640]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [10/23/2009 5:58 PM 582424]
.
Contents of the 'Scheduled Tasks' folder

2010-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-07 c:\windows\Tasks\CAAntiSpywareScan_Daily as Hope at 7 07 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2010-10-07 22:40]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 12:05]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 12:05]

2010-10-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-23 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: ca.com\homeofficeforum
Trusted Zone: mbamupdates.com\data-cdn
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-HitmanPro35 - c:\program files\Hitman Pro 3.5\HitmanPro35.exe
HKU-Default-Run-Vfopafabipereweh - c:\windows\pef325.dll
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~2.DLL
AddRemove-CANONIJINBOXADDON100 - c:\program files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE
AddRemove-eTrust Suite Personal - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-aph - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-as - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-av - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-pfw - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-pp - c:\program files\CA\CA Internet Security Suite\caunst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Canon]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D2CD3FE8-774B-6F54-0EED-FFED53CAB325}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D3DD300E-3124-6087-8737-C450CCCD37DC}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\UmxWnp.Dll

- - - - - - - > 'explorer.exe'(480)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-11 22:15:57
ComboFix-quarantined-files.txt 2010-10-12 02:15

Pre-Run: 162,116,071,424 bytes free
Post-Run: 162,086,162,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 16BA642BA5DC661CA86A219DB97CB90E
richope
Regular Member
 
Posts: 24
Joined: December 13th, 2008, 8:11 pm

Re: Microsoft Security Essentials Alert - Virus

Unread postby deltalima » October 12th, 2010, 4:19 am

Hi richope,

This time I believe I got a good log file


Well done! That is the full log that we needed.

So I just renamed them


That worked, please rename them back to their original names now.


Please try to reboot into normal mode, if successful run the following scans in normal mode, if not run them in safe mode.

Please run a quick scan with Malwarebytes, remove any infections detected and post the log in your next reply.

Please run another scan with OTL and post the OTL.txt log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials Alert - Virus

Unread postby richope » October 12th, 2010, 12:30 pm

OK not able to boot regularly only in safe mode here are the logs. not able to post extras log in the reply. let me know if you want it.

mbam log

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4799

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/12/2010 6:32:09 AM
mbam-log-2010-10-12 (06-32-09).txt

Scan type: Quick scan
Objects scanned: 177400
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL log

OTL logfile created on: 10/12/2010 6:38:35 AM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Hope\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.23 Gb Total Space | 150.99 Gb Free Space | 67.34% Space Free | Partition Type: NTFS
Drive D: | 8.63 Gb Total Space | 0.39 Gb Free Space | 4.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHOPE88
Current User Name: Hope
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Hope\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Hope\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (VETMSGNT) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (CA, Inc.)
SRV - (PPCtlPriv) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (XoftSpyService) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe (Computer Associates International, Inc.)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (ITMRTSVC) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ELService) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)


========== Driver Services (SafeList) ==========

DRV - (Klpid) -- C:\WINDOWS\System32\Drivers\klpid.sys File not found
DRV - (Klpf) -- C:\WINDOWS\System32\Drivers\Klpf.sys File not found
DRV - (Klif) -- C:\WINDOWS\System32\Drivers\klif.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Hope\LOCALS~1\Temp\catchme.sys File not found
DRV - (VETEFILE) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (VETMONNT) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VET-FILT) -- C:\WINDOWS\System32\drivers\vet-filt.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT) -- C:\WINDOWS\System32\drivers\vetfddnt.sys (Computer Associates International, Inc.)
DRV - (VET-REC) -- C:\WINDOWS\System32\drivers\vet-rec.sys (Computer Associates International, Inc.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (KmxStart) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (WsAudioDevice_383) -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys (Wondershare)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (KmxCF) -- C:\WINDOWS\system32\drivers\KmxCF.sys (CA)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (KmxSbx) -- C:\WINDOWS\system32\drivers\KmxSbx.sys (CA)
DRV - (KmxFile) -- C:\WINDOWS\system32\drivers\KmxFile.sys (CA)
DRV - (KmxFw) -- C:\WINDOWS\system32\drivers\KmxFw.sys (CA)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (PhotoFrame) -- C:\WINDOWS\system32\drivers\PhotoFrame.sys (ETC)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iastor.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\Elmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\Elkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\Elmou.sys (Intel Corporation)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\Elhid.sys (Intel Corporation)
DRV - (PLUsbbc2) -- C:\WINDOWS\system32\drivers\usbbc2.sys (Prolific Technology Inc.)
DRV - (LLUSBFLT) -- C:\WINDOWS\system32\drivers\llusbflt.sys (Laplink Software, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsx) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/14 05:39:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\Firefox [2010/03/21 17:20:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/12 03:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox [2010/10/07 07:07:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2010/10/07 07:07:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/09/30 17:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/09/22 17:14:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2010/10/07 07:07:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/10 15:36:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (DeskshopBrowserHelper Class) - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [XoftSpySE] C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Hope\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ca.com ([homeofficeforum] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mbamupdates.com ([data-cdn] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWe ... taller.CAB (PogoWebLauncher Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/e/37.09 ... oader2.cab (UploadListView Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Fac ... loader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3880203671 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://games.pogo.com/online2/pogo/chai ... uncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWi ... ontrol.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} http://hoylegames.sierra.com/cab/WONWeb ... ontrol.cab (WONWebLauncher Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b34246.cab (ZoneIntro Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Fac ... der4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Hope\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hope\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 11:28:53 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/12 06:00:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/11 22:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/11 22:09:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/11 22:07:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/10 15:02:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/10 15:02:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/10 15:02:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/10 15:02:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/10 15:02:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/08 03:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/10/07 23:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/10/07 07:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hope\Application Data\CallingID
[2010/10/07 07:07:08 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\WINDOWS\System32\KeyHelp.ocx
[2010/10/07 07:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/10/07 07:07:03 | 000,739,696 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2010/10/07 07:07:03 | 000,161,008 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2010/10/07 07:07:03 | 000,133,520 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2010/10/07 07:07:03 | 000,099,568 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2010/10/07 07:07:03 | 000,091,472 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2010/10/07 07:07:03 | 000,083,256 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2010/10/07 07:07:03 | 000,026,352 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2010/10/07 07:07:03 | 000,021,488 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2010/10/07 07:07:03 | 000,021,104 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2010/10/06 15:41:21 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.exe
[2010/10/03 20:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/10/03 20:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2010/10/03 20:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2010/10/03 20:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/10/03 20:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2010/10/03 19:32:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/03 19:32:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/03 17:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/03 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/01 16:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/01 16:32:56 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hope\Desktop\mbam-setup-1.46.exe
[2010/09/30 19:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/09/30 17:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hope\Application Data\Netscape
[2010/09/29 22:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/26 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/26 08:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/22 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/22 17:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/17 23:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[8 C:\Documents and Settings\Hope\My Documents\*.tmp files -> C:\Documents and Settings\Hope\My Documents\*.tmp -> ]
[52 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/12 06:25:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/12 06:24:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 06:19:38 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Hope\ntuser.dat
[2010/10/12 06:19:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Hope\ntuser.ini
[2010/10/11 22:14:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/11 22:09:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/10/11 22:06:45 | 003,876,948 | R--- | M] () -- C:\Documents and Settings\Hope\Desktop\ComboFix.exe
[2010/10/11 13:39:42 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\SystemLook.exe
[2010/10/10 18:40:21 | 000,739,696 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2010/10/10 18:40:21 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2010/10/10 18:40:21 | 000,133,520 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2010/10/10 18:40:21 | 000,091,472 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2010/10/10 18:40:21 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2010/10/10 18:40:21 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2010/10/10 18:40:21 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2010/10/10 16:59:15 | 000,003,064 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/10 16:59:10 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/10 15:36:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/10 15:10:14 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2010/10/08 21:38:39 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.lnk
[2010/10/07 16:30:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/07 07:10:22 | 000,986,092 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/10/07 07:10:22 | 000,000,345 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/10/07 07:10:22 | 000,000,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/10/07 07:09:42 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/07 07:07:28 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Hope at 7 07 AM.job
[2010/10/07 07:01:38 | 110,436,864 | ---- | M] (CA) -- C:\Documents and Settings\Hope\My Documents\issdm_en_32.exe
[2010/10/07 06:56:02 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/07 06:26:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/10/06 10:38:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\ng423voc.exe
[2010/10/06 10:38:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.exe
[2010/10/03 23:26:44 | 002,110,520 | -H-- | M] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\IconCache.db
[2010/10/03 21:58:09 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.msi
[2010/10/03 20:20:56 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/10/03 18:34:26 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.com
[2010/10/03 18:33:08 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.scr
[2010/10/03 18:32:48 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.exe
[2010/10/03 17:21:13 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/10/01 15:45:24 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hope\Desktop\mbam-setup-1.46.exe
[2010/09/30 23:12:23 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\fixme.bat
[2010/09/29 16:13:43 | 000,006,244 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\17674.js
[2010/09/29 16:09:14 | 1183,966,208 | ---- | M] () -- C:\Documents and Settings\Hope\My Documents\Outlook.pst
[2010/09/29 16:04:40 | 000,168,686 | ---- | M] () -- C:\Incoming Mails.csv
[2010/09/27 21:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/27 19:03:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/22 17:13:51 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/22 17:10:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/20 01:27:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/18 13:30:07 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Hope\My Documents\Mom Prescription List.doc
[2010/09/15 07:04:05 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create & Print Home.url
[2010/09/15 06:34:43 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/09/15 03:15:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 03:13:42 | 000,000,609 | ---- | M] () -- C:\WINDOWS\win.ini
[8 C:\Documents and Settings\Hope\My Documents\*.tmp files -> C:\Documents and Settings\Hope\My Documents\*.tmp -> ]
[52 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 13:43:42 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\SystemLook.exe
[2010/10/10 15:02:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/10 15:02:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/10 15:02:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/10 15:02:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/10 15:02:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/10 15:00:50 | 003,876,948 | R--- | C] () -- C:\Documents and Settings\Hope\Desktop\ComboFix.exe
[2010/10/07 07:07:28 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Hope at 7 07 AM.job
[2010/10/06 15:41:21 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\ng423voc.exe
[2010/10/03 22:10:57 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.lnk
[2010/10/03 22:10:41 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.msi
[2010/10/03 20:28:15 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/10/03 20:20:56 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/10/03 19:08:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\rkill.scr
[2010/10/03 19:08:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\rkill.exe
[2010/10/03 19:08:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\rkill.com
[2010/10/03 17:21:13 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/09/30 23:12:23 | 000,000,526 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\fixme.bat
[2010/09/29 16:13:43 | 000,006,244 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\17674.js
[2010/09/26 09:00:00 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/22 23:40:13 | 000,986,092 | ---- | C] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/09/22 17:13:51 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/20 01:27:58 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/18 08:41:14 | 000,000,345 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/09/18 08:41:14 | 000,000,209 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/09/18 08:41:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/09/18 08:41:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2009/07/10 18:09:26 | 000,027,209 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\Personal Address Book.ADR
[2009/04/10 16:28:36 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2009/04/10 15:42:22 | 000,009,179 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/10 18:16:50 | 000,000,226 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/09/17 19:20:01 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\wklnhst.dat
[2007/09/12 03:01:07 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/21 17:39:44 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\fusioncache.dat
[2007/01/17 19:20:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/12/30 16:39:36 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/12/28 12:23:50 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/01 12:02:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 11:37:55 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/01 11:32:23 | 000,014,314 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/01 11:32:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/01 11:29:03 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 11:19:13 | 000,000,352 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 11:18:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 11:14:28 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/01 11:13:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 11:09:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 11:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll
[2006/09/01 11:06:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/01 10:48:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/01 10:48:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/01 10:48:26 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/27 00:06:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/05/27 00:04:21 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/05/27 00:04:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/03/06 21:06:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PrintWiz.INI
[2005/12/01 20:13:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/11 16:13:49 | 000,000,185 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/05 21:29:28 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2004/11/16 22:42:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\ExportModeller.dll
[2004/11/16 22:42:03 | 000,049,223 | ---- | C] () -- C:\WINDOWS\crtslv.dll
[2004/11/16 22:42:02 | 000,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2004/11/16 22:42:02 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2004/11/16 22:41:59 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 07:00:00 | 000,528,816 | ---- | C] () -- C:\WINDOWS\System32\msmevili.dll
[2004/08/10 00:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ONETW.DRV
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/07/23 18:01:23 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\ir32.dll
[2004/07/15 23:27:28 | 000,000,914 | ---- | C] () -- C:\WINDOWS\System32\automatic_scoring.ini
[2004/06/06 22:13:13 | 000,000,074 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2004/05/31 15:00:18 | 000,000,005 | ---- | C] () -- C:\WINDOWS\Modemx.dll
[2004/05/16 18:30:35 | 000,000,251 | ---- | C] () -- C:\WINDOWS\PicEdit.INI
[2004/03/16 18:41:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/03/11 20:05:54 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/03/06 16:58:43 | 000,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/02/17 21:02:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/02/17 20:44:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/17 01:29:49 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2004/02/16 13:35:26 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2004/02/16 13:35:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/02/16 13:35:23 | 000,000,807 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2004/01/31 13:33:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/01/31 13:33:50 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\macrovsn.dll
[2004/01/31 13:33:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MMDVDROM.dll
[2001/09/08 14:06:47 | 000,000,051 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2001/09/08 14:03:28 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/09/08 14:03:27 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2001/09/08 13:58:38 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/09/08 13:58:38 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2001/09/08 13:58:16 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2001/09/08 13:53:08 | 000,000,989 | ---- | C] () -- C:\WINDOWS\photoprn.ini
< End of report >
[2010/10/11 22:12:28 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/11 22:06:45 | 003,876,948 | R--- | M] () -- C:\Documents and Settings\Hope\Desktop\ComboFix.exe
[2010/10/11 13:39:42 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\SystemLook.exe
[2010/10/10 16:59:10 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/08 21:38:39 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.lnk
[2010/10/07 07:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Scanner
[2010/10/06 16:01:14 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/06 10:38:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\ng423voc.exe
[2010/10/06 10:38:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.exe
[2010/10/03 21:58:09 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.msi
[2010/10/03 20:20:56 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/10/03 20:20:56 | 000,000,000 | ---D | M] -- C:\Program Files\XoftSpySE6
[2010/10/03 20:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\XoftSpySE
[2010/10/03 20:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\ParetoLogic
[2010/10/03 20:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/03 18:34:26 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.com
[2010/10/03 18:33:08 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.scr
[2010/10/03 18:32:48 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.exe
[2010/10/03 18:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2010/10/03 17:21:13 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/10/01 15:45:24 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hope\Desktop\mbam-setup-1.46.exe
[2010/09/30 23:12:23 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\fixme.bat
[2010/09/30 18:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/09/29 17:56:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/27 19:13:57 | 000,000,000 | ---D | M] -- C:\Program Files\BLS2011
[2010/09/27 19:03:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/26 08:59:58 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/26 08:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/26 08:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Apple
[2010/09/26 08:55:23 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/09/22 17:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/09/22 17:13:51 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/22 17:10:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/22 17:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/09/20 01:27:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/20 01:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/09/17 23:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2010/09/17 23:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\ISSThirdParty
[2010/09/17 23:07:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Kaspersky Lab
[2010/09/15 07:04:05 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create & Print Home.url
[2010/09/15 06:34:43 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk

========== Files - Modified Within 30 Days ==========

[2010/10/12 06:25:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/12 06:24:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 06:19:38 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Hope\ntuser.dat
[2010/10/12 06:19:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Hope\ntuser.ini
[2010/10/11 22:14:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/11 22:09:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/10/11 22:06:45 | 003,876,948 | R--- | M] () -- C:\Documents and Settings\Hope\Desktop\ComboFix.exe
[2010/10/11 13:39:42 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\SystemLook.exe
[2010/10/10 18:40:21 | 000,739,696 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2010/10/10 18:40:21 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2010/10/10 18:40:21 | 000,133,520 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2010/10/10 18:40:21 | 000,091,472 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2010/10/10 18:40:21 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2010/10/10 18:40:21 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2010/10/10 18:40:21 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2010/10/10 16:59:15 | 000,003,064 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/10 16:59:10 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/10 15:36:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/10 15:10:14 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2010/10/08 21:38:39 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.lnk
[2010/10/07 16:30:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/07 07:10:22 | 000,986,092 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/10/07 07:10:22 | 000,000,345 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/10/07 07:10:22 | 000,000,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/10/07 07:10:22 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/10/07 07:10:22 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/10/07 07:09:42 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/07 07:07:28 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Hope at 7 07 AM.job
[2010/10/07 07:01:38 | 110,436,864 | ---- | M] (CA) -- C:\Documents and Settings\Hope\My Documents\issdm_en_32.exe
[2010/10/07 06:56:02 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/07 06:26:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/10/06 10:38:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\ng423voc.exe
[2010/10/06 10:38:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.exe
[2010/10/03 23:26:44 | 002,110,520 | -H-- | M] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\IconCache.db
[2010/10/03 21:58:09 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\HiJackThis.msi
[2010/10/03 20:20:56 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/10/03 18:34:26 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.com
[2010/10/03 18:33:08 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.scr
[2010/10/03 18:32:48 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\rkill.exe
[2010/10/03 17:21:13 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/10/01 15:45:24 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Hope\Desktop\mbam-setup-1.46.exe
[2010/09/30 23:12:23 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\fixme.bat
[2010/09/29 16:13:43 | 000,006,244 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\17674.js
[2010/09/29 16:09:14 | 1183,966,208 | ---- | M] () -- C:\Documents and Settings\Hope\My Documents\Outlook.pst
[2010/09/29 16:04:40 | 000,168,686 | ---- | M] () -- C:\Incoming Mails.csv
[2010/09/27 21:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/27 19:03:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/22 17:13:51 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/22 17:10:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/20 01:27:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/18 13:30:07 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Hope\My Documents\Mom Prescription List.doc
[2010/09/15 07:04:05 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create & Print Home.url
[2010/09/15 06:34:43 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/09/15 03:15:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 03:13:42 | 000,000,609 | ---- | M] () -- C:\WINDOWS\win.ini
[8 C:\Documents and Settings\Hope\My Documents\*.tmp files -> C:\Documents and Settings\Hope\My Documents\*.tmp -> ]
[52 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

< End of report >
richope
Regular Member
 
Posts: 24
Joined: December 13th, 2008, 8:11 pm

Re: Microsoft Security Essentials Alert - Virus

Unread postby deltalima » October 12th, 2010, 2:35 pm

Hi richope,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Documents and Settings\Hope\Desktop\ng423voc.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "UpdatesDisableNotify" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0
    :files
    C:\Documents and Settings\Hope\Application Data\17674.js
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Create a bootlog

  1. Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  2. Select Enable Boot Logging option and press enter.
  3. Windows prompts for you to select a Windows Installation (even if there is only one windows installation)

This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows folder which can later be accessed to see if there was a troublesome driver.

Now reboot into safe mode and post the contents of the file C:\Windows\ntbtlog.txt in your next reply.

Also please let me know if you have a bootable Windows XP SP3 CD.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials Alert - Virus

Unread postby richope » October 12th, 2010, 6:34 pm

OK. Did the virus total here is the log
Antivirus Version Last update ResultAhnLab-V3 2010.10.13.00 2010.10.12 -AntiVir 7.10.12.193 2010.10.12 -Antiy-AVL 2.0.3.7 2010.10.12 -Authentium 5.2.0.5 2010.10.12 -Avast 4.8.1351.0 2010.10.12 -Avast5 5.0.594.0 2010.10.12 -AVG 9.0.0.851 2010.10.12 -BitDefender 7.2 2010.10.12 -CAT-QuickHeal 11.00 2010.10.12 -ClamAV 0.96.2.0-git 2010.10.12 -Comodo 6368 2010.10.12 -DrWeb 5.0.2.03300 2010.10.12 -eSafe 7.0.17.0 2010.10.12 Win32.TrojanHorseeTrust-Vet 36.1.7907 2010.10.12 -F-Prot 4.6.2.117 2010.10.12 -F-Secure 9.0.15370.0 2010.10.12 -Fortinet 4.2.249.0 2010.10.12 -GData 21 2010.10.12 -Ikarus T3.1.1.90.0 2010.10.12 -Jiangmin 13.0.900 2010.10.12 -K7AntiVirus 9.65.2733 2010.10.12 -McAfee 5.400.0.1158 2010.10.12 -McAfee-GW-Edition 2010.1C 2010.10.12 -NOD32 5525 2010.10.12 -Norman 6.06.07 2010.10.12 -nProtect 2010-10-12.01 2010.10.12 -Panda 10.0.2.7 2010.10.12 -PCTools 7.0.3.5 2010.10.12 -Prevx 3.0 2010.10.13 -Rising 22.69.01.04 2010.10.12 -Sophos 4.58.0 2010.10.12 -Sunbelt 7046 2010.10.12 -SUPERAntiSpyware 4.40.0.1006 2010.10.12 -Symantec 20101.2.0.161 2010.10.12 -TheHacker 6.7.0.1.055 2010.10.12 -TrendMicro 9.120.0.1004 2010.10.12 -TrendMicro-HouseCall 9.120.0.1004 2010.10.12 -VBA32 3.12.14.1 2010.10.12 -ViRobot 2010.9.25.4060 2010.10.12 -VirusBuster 12.67.14.0 2010.10.12 -MD5: f80f6e09e7f4bafe478ca0da6137e1e2SHA1: 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722SHA256: 682fd0d13d7caf4b17a1eb9bafa0a3c3598139bb3623d3f5fba3bfbd0a6d424aFile size: 293376 bytesScan date: 2010-10-12 22:02:23 (UTC)"Antivirus", "Version", "Last update", "Result"
"AhnLab-V3", "2010.10.13.00", "2010.10.12", "-"
"AntiVir", "7.10.12.193", "2010.10.12", "-"
"Antiy-AVL", "2.0.3.7", "2010.10.12", "-"
"Authentium", "5.2.0.5", "2010.10.12", "-"
"Avast", "4.8.1351.0", "2010.10.12", "-"
"Avast5", "5.0.594.0", "2010.10.12", "-"
"AVG", "9.0.0.851", "2010.10.12", "-"
"BitDefender", "7.2", "2010.10.12", "-"
"CAT-QuickHeal", "11.00", "2010.10.12", "-"
"ClamAV", "0.96.2.0-git", "2010.10.12", "-"
"Comodo", "6368", "2010.10.12", "-"
"DrWeb", "5.0.2.03300", "2010.10.12", "-"
"eSafe", "7.0.17.0", "2010.10.12", "Win32.TrojanHorse"
"eTrust-Vet", "36.1.7907", "2010.10.12", "-"
"F-Prot", "4.6.2.117", "2010.10.12", "-"
"F-Secure", "9.0.15370.0", "2010.10.12", "-"
"Fortinet", "4.2.249.0", "2010.10.12", "-"
"GData", "21", "2010.10.12", "-"
"Ikarus", "T3.1.1.90.0", "2010.10.12", "-"
"Jiangmin", "13.0.900", "2010.10.12", "-"
"K7AntiVirus", "9.65.2733", "2010.10.12", "-"
"McAfee", "5.400.0.1158", "2010.10.12", "-"
"McAfee-GW-Edition", "2010.1C", "2010.10.12", "-"
"NOD32", "5525", "2010.10.12", "-"
"Norman", "6.06.07", "2010.10.12", "-"
"nProtect", "2010-10-12.01", "2010.10.12", "-"
"Panda", "10.0.2.7", "2010.10.12", "-"
"PCTools", "7.0.3.5", "2010.10.12", "-"
"Prevx", "3.0", "2010.10.13", "-"
"Rising", "22.69.01.04", "2010.10.12", "-"
"Sophos", "4.58.0", "2010.10.12", "-"
"Sunbelt", "7046", "2010.10.12", "-"
"SUPERAntiSpyware", "4.40.0.1006", "2010.10.12", "-"
"Symantec", "20101.2.0.161", "2010.10.12", "-"
"TheHacker", "6.7.0.1.055", "2010.10.12", "-"
"TrendMicro", "9.120.0.1004", "2010.10.12", "-"
"TrendMicro-HouseCall", "9.120.0.1004", "2010.10.12", "-"
"VBA32", "3.12.14.1", "2010.10.12", "-"
"ViRobot", "2010.9.25.4060", "2010.10.12", "-"
"VirusBuster", "12.67.14.0", "2010.10.12", "-"
"MD5", "f80f6e09e7f4bafe478ca0da6137e1e2"
"SHA1", "719082766cf4f60c8bdaa2b2c9f6967ecbcf8722"
"SHA256", "682fd0d13d7caf4b17a1eb9bafa0a3c3598139bb3623d3f5fba3bfbd0a6d424a"
"File size", "293376 bytes"
"Scan date", "2010-10-12 22:02:23 (UTC)"
<table id="filescan">
<tr>
<th>Antivirus</th>
<th>Version</th>
<th>Last update</th>
<th>Result</th>
</tr>
<tr>
<td>AhnLab-V3</td>
<td>2010.10.13.00</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>AntiVir</td>
<td>7.10.12.193</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Antiy-AVL</td>
<td>2.0.3.7</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Authentium</td>
<td>5.2.0.5</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Avast</td>
<td>4.8.1351.0</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Avast5</td>
<td>5.0.594.0</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>AVG</td>
<td>9.0.0.851</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>BitDefender</td>
<td>7.2</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>CAT-QuickHeal</td>
<td>11.00</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>ClamAV</td>
<td>0.96.2.0-git</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Comodo</td>
<td>6368</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>DrWeb</td>
<td>5.0.2.03300</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>eSafe</td>
<td>7.0.17.0</td>
<td>2010.10.12</td>
<td class="positive">Win32.TrojanHorse</td>
</tr>
<tr>
<td>eTrust-Vet</td>
<td>36.1.7907</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>F-Prot</td>
<td>4.6.2.117</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>F-Secure</td>
<td>9.0.15370.0</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Fortinet</td>
<td>4.2.249.0</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>GData</td>
<td>21</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Ikarus</td>
<td>T3.1.1.90.0</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Jiangmin</td>
<td>13.0.900</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>K7AntiVirus</td>
<td>9.65.2733</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>McAfee</td>
<td>5.400.0.1158</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>McAfee-GW-Edition</td>
<td>2010.1C</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>NOD32</td>
<td>5525</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Norman</td>
<td>6.06.07</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>nProtect</td>
<td>2010-10-12.01</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Panda</td>
<td>10.0.2.7</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>PCTools</td>
<td>7.0.3.5</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Prevx</td>
<td>3.0</td>
<td>2010.10.13</td>
<td>-</td>
</tr>
<tr>
<td>Rising</td>
<td>22.69.01.04</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Sophos</td>
<td>4.58.0</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Sunbelt</td>
<td>7046</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>SUPERAntiSpyware</td>
<td>4.40.0.1006</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>Symantec</td>
<td>20101.2.0.161</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>TheHacker</td>
<td>6.7.0.1.055</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro</td>
<td>9.120.0.1004</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro-HouseCall</td>
<td>9.120.0.1004</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>VBA32</td>
<td>3.12.14.1</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>ViRobot</td>
<td>2010.9.25.4060</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<tr>
<td>VirusBuster</td>
<td>12.67.14.0</td>
<td>2010.10.12</td>
<td>-</td>
</tr>
<table>

<table id="fileinfo">
<tr>
<th>Additional information</th>
</tr>
<tr>
<td><strong>MD5:</strong> f80f6e09e7f4bafe478ca0da6137e1e2</td>
</tr>
<tr>
<td><strong>SHA1:</strong> 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722</td>
</tr>
<tr>
<td><strong>SHA256:</strong> 682fd0d13d7caf4b17a1eb9bafa0a3c3598139bb3623d3f5fba3bfbd0a6d424a</td>
</tr>
<tr>
<td><strong>File size:</strong> 293376 bytes</td>
</tr>
<tr>
<td><strong>Scan date:</strong> 2010-10-12 22:02:23 (UTC)</td>
</tr>
</table>
Antivirus results
AhnLab-V3 - 2010.10.13.00 - 2010.10.12 - -
AntiVir - 7.10.12.193 - 2010.10.12 - -
Antiy-AVL - 2.0.3.7 - 2010.10.12 - -
Authentium - 5.2.0.5 - 2010.10.12 - -
Avast - 4.8.1351.0 - 2010.10.12 - -
Avast5 - 5.0.594.0 - 2010.10.12 - -
AVG - 9.0.0.851 - 2010.10.12 - -
BitDefender - 7.2 - 2010.10.12 - -
CAT-QuickHeal - 11.00 - 2010.10.12 - -
ClamAV - 0.96.2.0-git - 2010.10.12 - -
Comodo - 6368 - 2010.10.12 - -
DrWeb - 5.0.2.03300 - 2010.10.12 - -
eSafe - 7.0.17.0 - 2010.10.12 - Win32.TrojanHorse
eTrust-Vet - 36.1.7907 - 2010.10.12 - -
F-Prot - 4.6.2.117 - 2010.10.12 - -
F-Secure - 9.0.15370.0 - 2010.10.12 - -
Fortinet - 4.2.249.0 - 2010.10.12 - -
GData - 21 - 2010.10.12 - -
Ikarus - T3.1.1.90.0 - 2010.10.12 - -
Jiangmin - 13.0.900 - 2010.10.12 - -
K7AntiVirus - 9.65.2733 - 2010.10.12 - -
McAfee - 5.400.0.1158 - 2010.10.12 - -
McAfee-GW-Edition - 2010.1C - 2010.10.12 - -
NOD32 - 5525 - 2010.10.12 - -
Norman - 6.06.07 - 2010.10.12 - -
nProtect - 2010-10-12.01 - 2010.10.12 - -
Panda - 10.0.2.7 - 2010.10.12 - -
PCTools - 7.0.3.5 - 2010.10.12 - -
Prevx - 3.0 - 2010.10.13 - -
Rising - 22.69.01.04 - 2010.10.12 - -
Sophos - 4.58.0 - 2010.10.12 - -
Sunbelt - 7046 - 2010.10.12 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.10.12 - -
Symantec - 20101.2.0.161 - 2010.10.12 - -
TheHacker - 6.7.0.1.055 - 2010.10.12 - -
TrendMicro - 9.120.0.1004 - 2010.10.12 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.10.12 - -
VBA32 - 3.12.14.1 - 2010.10.12 - -
ViRobot - 2010.9.25.4060 - 2010.10.12 - -
VirusBuster - 12.67.14.0 - 2010.10.12 - -
File info:
MD5: f80f6e09e7f4bafe478ca0da6137e1e2
SHA1: 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722
SHA256: 682fd0d13d7caf4b17a1eb9bafa0a3c3598139bb3623d3f5fba3bfbd0a6d424a
File size: 293376 bytes
Scan date: 2010-10-12 22:02:23 (UTC)

Here is the log from the OTL

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
========== FILES ==========
C:\Documents and Settings\Hope\Application Data\17674.js moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Amy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Hope
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32950405 bytes
->Java cache emptied: 327156661 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: HP_Administrator

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 135352 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 11261 bytes
->Flash cache emptied: 70254 bytes

User: Rich
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1317 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58408 bytes
%systemroot%\System32 .tmp files removed: 56996369 bytes
%systemroot%\System32\dllcache .tmp files removed: 383360 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 530077 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 399.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10122010_181042

I was not able to create the ntbtlog during a regular boot up. The computer still loops when starting up. I have to boot in safe mode. Even when I tried to boot up with logging the computer would only boot in safe mode. I have the ntbtlog.txt file.
thanks.
richope
Regular Member
 
Posts: 24
Joined: December 13th, 2008, 8:11 pm

Re: Microsoft Security Essentials Alert - Virus

Unread postby deltalima » October 13th, 2010, 5:38 am

Hi richope,

I was not able to create the ntbtlog during a regular boot up. The computer still loops when starting up. I have to boot in safe mode. Even when I tried to boot up with logging the computer would only boot in safe mode.


If you try to boot with logging enable and it goes into a loop, then reboot into safe mode without logging there should be the ntbtlog.txt file from the failed boot. If so then please post that file.

It's looking like the infection has been removed, the failure to boot into normal mode may be due to a system file that has been damaged by the infection.

Do you have a bootable Windows XP SP3 CD that we can use to repair the system?

Let's do a full scan for any remaining infections.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 469 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware