Options

win32: rootkit-gen according to Avast

Unknown
edited July 2009 in Spyware & Virus Removal
I recently installed avast after ending up with the rogue program personal antivirus show up on my computer. The first scan didn't seem to have any problems. Then I opened up my email and it said it detected a virus and repaired it but needed to restart computer and scan. So I did. This time the scan found 2 files. Not sure of the first one and the second one was the win32: rootkit-gen. It was not able to repair it and kept giving me warnings when I tried to delete it since it was in the windows32 file folder. Should I be concerned? What do I need to do to fix it?
I also frequently get blue screens of death, is it possibly related?

Here is my hijack log. Please let me know if you would like any other information.
Thanks so much for your help!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:41 AM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

--
End of file - 3382 bytes

Comments

  • TroganTrogan London, UK
    edited June 2009
    Hi,

    Sorry for the delay. If you still require help, please post a new HijackThis log.
  • thompson92
    edited June 2009
    Trogan wrote:
    Hi,

    Sorry for the delay. If you still require help, please post a new HijackThis log.

    Here is the new hijack this log. AVG came up with a Trojan Horse today so can you please double check that my computer is clean?
    Thanks so much!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:59:47 PM, on 6/19/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

    --
    End of file - 3413 bytes
  • thompson92
    edited June 2009
    The AVG was run again and found 3 trojan horse infections. It could only take care of 1 of them... the other said the file location was not found. So is it really infected? Need to know how to fix if it needs to be...Thanks.
  • thompson92
    edited June 2009
    Help... today my computer keeps restarting itself and having troubles with programs that never had problems before.. like Quicken keeps kicking me out and shutting down. I was trying to post this before and I ended up with a blue screen of death, came up as Page_fault_in_nonpaged_area Stop: 0x00000050 (0XBF0B3AE0, 0X00000000, 0XBF0B3AE0, 0X00000002)
  • thompson92
    edited June 2009
    Yet another blue screen of death and then later the computer restarted itself again...
    this blue screen had Stop: 0X0000008E (0XC0000005, 0XF6B95772, 0XBA52CBB0, 0X00000000) aswmON2.SYS - aDDRESS F6B95772 BASE AT F6B8F000, DATESTAMP 49851EA
  • thompson92
    edited June 2009
    After a disaster day trying to do anything on my computer I ended up uninstalling avast, avg, adaware, and any other malware or antivirus programs I could find after running them without many results. I then reinstalled avast and it found a trojan horse. Below is a new hijack log. Please let me know what else I need to do. What antivirus/malware programs should I reinstall and use?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:30:11 PM, on 6/21/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

    --
    End of file - 2904 bytes
  • TroganTrogan London, UK
    edited June 2009
    Hi,

    Sorry for the delay.

    Please do the following...

    1. Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

    Please post the Malwarebytes log here.
  • thompson92
    edited June 2009
    Malwarebytes' Anti-Malware 1.38
    Database version: 2323
    Windows 5.1.2600 Service Pack 3

    6/22/2009 8:11:24 PM
    mbam-log-2009-06-22 (20-11-24).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 238829
    Time elapsed: 1 hour(s), 21 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Quarantined and deleted successfully.
  • thompson92
    edited June 2009
    Just to note the first time I tried to run the program I got a blue screen of death with the , page_fault_in_nonpaged_area. The second time went through and copied the log. Also just to let you know your link to the progam is no longer good. I downloaded the program from cnet downloads.
  • TroganTrogan London, UK
    edited June 2009
    Hi,
    Also just to let you know your link to the progam is no longer good
    Thanks for letting me know.

    Please do the following...

    1. Please open the ESET Online Scanner in Internet Explorer
    • Tick the box next to YES, I accept the Terms of Use. and click Start
    • Allow the ActiveX control to be installed by Internet Explorer
    • Once the ActiveX has finished loading click Start to initialize and update the scanner
    • When the Computer scan screen appears, leave Remove found threats UN-checked, but check the box next to Scan unwanted applications. Then click Scan to begin the scan.
    • Once complete and the summary page appears, press Start->Run, copy/paste the following command into the box and press OK:
      notepad "C:\Program Files\EsetOnlineScanner\log.txt"
    • The log file should now appear in Notepad, copy and paste the contents in your next response.
    2. ...
    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    3. Please post the following...

    Eset report
    RSIT log
    New HijackThis log.

    Note: you may need several replies to post the required logs.
  • thompson92
    edited June 2009
    ESNET Log
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=6
    # iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
    # OnlineScanner.ocx=1.0.0.5863
    # api_version=3.0.2
    # EOSSerial=f99a5e95af8cc84aa6564e2dc6ef6083
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-06-25 03:51:55
    # local_time=2009-06-24 10:51:55 (-0600, Central Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=769 21 100 100 158629531250
    # scanned=27351
    # found=0
    # cleaned=0
    # scan_time=2383
    # version=6
    # iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
    # OnlineScanner.ocx=1.0.0.5863
    # api_version=3.0.2
    # EOSSerial=f99a5e95af8cc84aa6564e2dc6ef6083
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-06-27 03:45:32
    # local_time=2009-06-27 10:45:32 (-0600, Central Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=769 21 100 100 62443906250
    # scanned=130877
    # found=31
    # cleaned=0
    # scan_time=4125
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\Fonts\elolitu.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\Fonts\elolitu.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\Fonts\vrdevaw.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\inf\rbatnof.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\inf\spva.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\msagent\vatac.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\msagent\vatac.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\Registration\dmcitna.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\repair\golcbdo.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\repair\ipat.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\system\pxeevaw.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\system\taclld.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\system32\inetsrv\rvsteni.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\system32\inetsrv\rvsteni.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\Tasks\cbdorc.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\Tasks\cbdorc.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\Qoobox\Quarantine\C\WINDOWS\Tasks\rbasys.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\cptf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\$NtServicePackUninstall$\gepjmoc.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\$NtServicePackUninstall$\spnib.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\AppPatch\gepjmoc.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\AppPatch\spnib.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\Fonts\aluebew.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\Fonts\elolitu.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\ServicePackFiles\pisab.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\system\ws.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\WINDOWS\Tasks\cbdorc.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\_OTMoveIt\MovedFiles\01292009_210129\windows\inf\agvksid.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\_OTMoveIt\MovedFiles\01292009_210129\windows\msagent\vatac.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
    C:\_OTMoveIt\MovedFiles\01292009_210129\windows\system32\inetsrv\rvsteni.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
  • thompson92
    edited June 2009
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Owner at 2009-06-27 10:49:52
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 59 GB (54%) free of 109 GB
    Total RAM: 959 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:50:04 AM, on 6/27/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

    --
    End of file - 3195 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
    C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agent.exe]
    C:\Program Files\Privacy center\agent.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
    c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe [2003-06-22 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
    c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [2002-10-07 90112]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
    C:\WINDOWS\System32\hphmon05.exe [2003-05-23 483328]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
    c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-05-23 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-12 249856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-12 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2003-02-24 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\System32\NvCpl.dll [2003-05-03 4640768]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
    nview.dll,nViewLoadHook []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet /keeploaded /nodetect []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenScheduledUpdates]
    C:\Program Files\Quicken\bagent.exe [2006-10-30 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    C:\Windows\Creator\Remind_XP.exe [2003-06-17 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-12 106557]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    C:\PROGRA~1\IOGEAR\BLUETO~1\BTTray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-05-13 122880]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2005-07-22 151552]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
    C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    C:\PROGRA~1\Quicken\bagent.exe [2006-10-30 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
    C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE [2003-08-23 16384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE /startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    C:\PROGRA~1\WinZip\WZQKPICK.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Ovulation Calendar.lnk]
    C:\PROGRA~1\OVULAT~1\OVUCAL.EXE []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
    C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoResolveSearch"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
    "C:\WINDOWS\system32\wjview.exe"="C:\WINDOWS\system32\wjview.exe:*:Disabled:Microsoft® VM Command Line Interpreter"
    "C:\Program Files\PhotoParade\PhotoParade.exe"="C:\Program Files\PhotoParade\PhotoParade.exe:*:Enabled:PhotoParade Player"
    "C:\Program Files\EA SPORTS\Madden NFL 06\updater.exe"="C:\Program Files\EA SPORTS\Madden NFL 06\updater.exe:*:Enabled:Updater"
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\EagleSoft\Shared Files\esinetconnect.exe"="C:\EagleSoft\Shared Files\esinetconnect.exe:*:Enabled:Patterson EagleSoft Internet Connection"
    "C:\EagleSoft\Shared Files\ESTechUtil.exe"="C:\EagleSoft\Shared Files\ESTechUtil.exe:*:Enabled:Patterson EagleSoft Technical Utility"
    "C:\EagleSoft\Shared Files\EagleSoft.exe"="C:\EagleSoft\Shared Files\EagleSoft.exe:*:Enabled:Patterson EagleSoft"
    "C:\EagleSoft\Shared Files\techaid.exe"="C:\EagleSoft\Shared Files\techaid.exe:*:Enabled:Patterson EagleSoft Technical Reference"
    "C:\EagleSoft\Shared Files\ESMsgServer.exe"="C:\EagleSoft\Shared Files\ESMsgServer.exe:*:Enabled:Patterson EagleSoft Messenger Server"
    "C:\EagleSoft\Shared Files\ESMessenger.exe"="C:\EagleSoft\Shared Files\ESMessenger.exe:*:Enabled:Patterson EagleSoft Messenger Client"
    "C:\EagleSoft\Shared Files\dbsrv7.exe"="C:\EagleSoft\Shared Files\dbsrv7.exe:*:Enabled:Patterson EagleSoft ODBC Server"
    "C:\EagleSoft\Shared Files\dbeng7.exe"="C:\EagleSoft\Shared Files\dbeng7.exe:*:Enabled:Patterson EagleSoft ODBC Client"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8aa1266-a456-11dd-b2d2-000c6ec1aa03}]
    shell\AutoRun\command - K:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-06-24 22:09:16 ----D---- C:\Program Files\ESET
    2009-06-22 17:53:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-06-21 14:44:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2009-06-12 23:54:59 ----A---- C:\WINDOWS\system32\muweb.dll
    2009-06-12 20:53:07 ----D---- C:\Program Files\Common Files\Uninstall
    2009-06-12 20:52:42 ----D---- C:\Program Files\PAV
    2009-06-10 19:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
    2009-06-10 19:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
    2009-06-10 18:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
    2009-06-10 18:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

    ======List of files/folders modified in the last 1 months======

    2009-06-27 10:50:00 ----D---- C:\WINDOWS\Prefetch
    2009-06-27 09:33:47 ----D---- C:\Program Files\Mozilla Firefox
    2009-06-27 09:01:32 ----D---- C:\WINDOWS\temp
    2009-06-26 23:27:14 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-24 23:08:26 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-24 22:09:19 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-06-24 22:09:16 ----AD---- C:\Program Files
    2009-06-23 18:16:09 ----RASH---- C:\boot.ini
    2009-06-23 18:16:09 ----A---- C:\WINDOWS\win.ini
    2009-06-23 18:16:09 ----A---- C:\WINDOWS\system.ini
    2009-06-23 18:08:55 ----D---- C:\WINDOWS\system32\drivers
    2009-06-22 20:11:24 ----D---- C:\WINDOWS\system32
    2009-06-21 17:20:56 ----D---- C:\PINOCHLE
    2009-06-21 15:46:17 ----AD---- C:\WINDOWS
    2009-06-21 15:44:50 ----HD---- C:\Config.Msi
    2009-06-21 14:33:58 ----D---- C:\Program Files\Lavasoft
    2009-06-21 14:33:55 ----SHD---- C:\WINDOWS\Installer
    2009-06-21 14:33:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-06-21 14:19:06 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2009-06-21 14:19:06 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2009-06-21 14:19:04 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-06-21 13:36:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-06-21 10:42:15 ----D---- C:\Program Files\Quicken
    2009-06-21 00:47:30 ----HD---- C:\$AVG8.VAULT$
    2009-06-14 21:24:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-06-14 18:10:37 ----D---- C:\My Download Files
    2009-06-12 22:47:27 ----AD---- C:\Program Files\Common Files
    2009-06-12 21:21:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-06-12 19:40:34 ----SD---- C:\WINDOWS\Tasks
    2009-06-12 19:21:17 ----HD---- C:\WINDOWS\inf
    2009-06-10 19:38:24 ----D---- C:\WINDOWS\Debug
    2009-06-10 19:24:45 ----D---- C:\Program Files\Internet Explorer
    2009-06-10 19:20:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-06-10 19:20:37 ----HD---- C:\WINDOWS\$hf_mig$
    2009-06-10 18:49:21 ----D---- C:\WINDOWS\system32\en-US
    2009-06-01 11:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-05-29 08:41:38 ----D---- C:\WINDOWS\Minidump

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-09-22 43672]
    R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
    R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
    R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
    R2 CX23880;MSI 8606 Video Capture; C:\WINDOWS\system32\drivers\CX88Vid.SYS [2003-08-28 181574]
    R2 CX88AUD;MSI 8606 Audio Capture; C:\WINDOWS\system32\drivers\cx88aud.sys [2002-11-21 10334]
    R2 CX88XBAR;MSI 8606 Crossbar; C:\WINDOWS\system32\drivers\CX88XBar.SYS [2003-03-19 9159]
    R2 CXTUNE;MSI 8606 Tuner; C:\WINDOWS\system32\drivers\CX88Tune.SYS [2003-08-21 95804]
    R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
    R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-08-23 28276]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-05-03 1312555]
    R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
    R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-04-21 54784]
    R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
    R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
    S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]
    S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
    S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
    S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
    S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
    S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
    S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
    S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
    S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
    S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-02-14 68922]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
    S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
    S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
    S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\system32\Drivers\SYMIDSCO.SYS []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-15 152984]
    R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-05-03 69632]
    R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-26 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
    S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
    S4 ESCameraService;ESCameraService; C:\EagleSoft\Shared Files\ESCameraService.exe [2007-02-12 49152]
    S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2002-08-07 1541784]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
    EOF
  • thompson92
    edited June 2009
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:52:54 AM, on 6/27/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

    --
    End of file - 3078 bytes
  • thompson92
    edited June 2009
    When I ran the rsit it never came up with a second log file. I copied the only one it made which opened maximized. There was nothing minimized.
  • TroganTrogan London, UK
    edited June 2009
    Hi,

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases
        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer
        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save Report As button:
        • Change Save as type: to Text file
        • Save this as Kaspersky scan to your Desktop
        [*]Post the Kaspersky report in your next reply.
      • thompson92
        edited July 2009
        I have tried now multiple times to run this but it doesn't finish... it takes forever so I leave the room and when I come back my computer has restarted. It usually runs for about 10 minutes before it restarts the computer and then it is usually only 2-3% through the process according to it. I usually try to check on it every 5 minutes or so while it is running and I have never caught it when it does restart but I know it never gets far unless it starts going really fast after 3%. This has happened now 3 times or more.
      • TroganTrogan London, UK
        edited July 2009
        Hi,

        I apologise for the delay in responding.

        Can you update Malwarebytes and run a new scan please. Post the report back here.
      • thompson92
        edited July 2009
        Malwarebytes' Anti-Malware 1.38
        Database version: 2401
        Windows 5.1.2600 Service Pack 3

        7/9/2009 10:37:29 PM
        mbam-log-2009-07-09 (22-37-29).txt

        Scan type: Full Scan (C:\|D:\|)
        Objects scanned: 245941
        Time elapsed: 1 hour(s), 22 minute(s), 26 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)
      • TroganTrogan London, UK
        edited July 2009
        Hi,

        The logs appear to be clean. How is the computer running? Are the problems still present?
      • thompson92
        edited July 2009
        Thanks for the help... We are still dealing with blue screens of death on a regular basis but now that our antivirus will at least run assume it is not related to previous problems, as I assume we have a bad stick of ram.
      • TroganTrogan London, UK
        edited July 2009
        Whilst we appreciate that you may be busy, it has been 5 days or more since we heard from you. This topic is now closed.

        Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

        If you are not the user who started this thread, you must start your own Thread instead :)
      Sign In or Register to comment.