Is this a malware or virus?

View previous topic View next topic Go down

Is this a malware or virus?

Post by samandbre on Thu Feb 18, 2010 3:12 pm

When I go to my online banking, I'm redirected to a screen asking for my debit card number and pin. I have not entered these. Could this be a malware issue. I have run both my antivirus (AVG) and malwarebytes. Both show no infections? Any suggestions?

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Thu Feb 18, 2010 4:53 pm

I contacted by bank and they said it is spyware. Anyone know of any different programs besides malwarebytes that may catch this?

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Thu Feb 18, 2010 7:46 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Thu Feb 18, 2010 8:32 pm

OTL logfile created on: 2/18/2010 2:39:20 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.40 Gb Free Space | 58.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMTECH
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 14:39:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/01/22 12:16:50 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/22 12:16:50 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/22 12:16:49 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/22 12:16:49 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/22 12:16:45 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/22 12:16:41 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/22 12:16:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/22 10:59:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2008/04/14 09:25:57 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 12:32:36 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2007/02/26 01:03:02 | 016,125,440 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007/01/09 16:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/09 16:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2006/11/05 10:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2006/11/05 10:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/11/05 09:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/10/03 10:39:58 | 000,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/10/03 10:35:42 | 000,221,184 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2002/05/20 01:08:42 | 000,315,392 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 14:39:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2009/11/21 09:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2008/04/13 18:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SNDSrvc)
SRV - [2010/01/22 12:16:41 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/22 12:16:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/22 10:59:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/04/14 09:25:57 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/10 12:18:22 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2007/01/09 16:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 16:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 16:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/09 14:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/05 10:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 10:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/09/14 13:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/06/14 12:48:42 | 000,235,168 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 00:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/22 12:17:25 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/22 12:17:17 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/22 12:17:16 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/10 02:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090610.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/06/10 02:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090610.002\NAVENG.SYS -- (NAVENG)
DRV - [2008/04/14 09:25:58 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/01 03:27:26 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/27 23:57:20 | 000,017,280 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/02/27 23:36:00 | 000,318,464 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/19 22:00:00 | 000,041,600 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/07/24 02:00:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/03/25 06:49:56 | 000,336,256 | R--- | M] (Envara Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wind502u.sys -- (wind502u)
DRV - [2002/08/06 18:54:52 | 000,058,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Plugin Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/10 12:22:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 14:38:46 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/02/18 13:18:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/02/04 16:07:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/04 16:03:16 | 000,000,000 | ---D | C] -- C:\784038b2b23d68d7b5
[2010/02/03 12:53:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/03 12:53:18 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/26 10:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\IObit
[2010/01/26 10:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/01/26 09:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/26 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/26 09:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2010/01/26 09:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/22 12:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/01/22 12:17:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/01/22 12:17:26 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/22 12:17:24 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/22 12:17:17 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/22 12:17:16 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/22 12:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/22 12:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/22 12:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/22 12:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/22 12:15:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/22 12:15:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/22 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/22 11:00:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/22 11:00:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/22 11:00:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/22 10:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 09:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/22 09:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/01/22 09:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/21 15:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/21 14:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/21 14:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiSpam
[2010/01/21 13:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/01/21 13:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 12:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/21 10:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/21 10:36:32 | 016,488,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\User\My Documents\jre-6u18-windows-i586-s.exe
[2010/01/21 08:27:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/21 08:25:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/20 15:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/20 15:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/01/20 15:25:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/16 08:41:48 | 003,326,576 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup226.exe
[2009/05/22 12:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/04/14 12:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2008/04/14 12:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Intuit
[2008/04/10 19:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 14:39:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/02/18 11:15:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 11:14:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 11:14:08 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/02/18 11:13:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/02/18 11:13:46 | 004,822,696 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/02/18 11:00:26 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/18 10:59:48 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2010/02/18 08:24:26 | 055,784,161 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/18 08:19:03 | 000,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 08:19:03 | 000,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/18 08:19:03 | 000,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/17 15:45:54 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Excel 2003.lnk
[2010/02/17 09:05:05 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
[2010/02/17 09:05:04 | 068,820,992 | R--- | M] () -- C:\don_john.qbw
[2010/02/17 09:05:04 | 000,196,608 | R--- | M] () -- C:\don_john.qbw.TLG
[2010/02/17 09:05:04 | 000,000,318 | ---- | M] () -- C:\don_john.qbw.nd
[2010/02/17 08:14:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/03 12:53:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/01 09:28:38 | 000,061,976 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/26 10:06:47 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/26 10:06:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/01/26 08:14:47 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/22 12:17:26 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/22 12:17:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/22 12:17:25 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/22 12:17:17 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/22 12:17:16 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/22 12:17:16 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/22 12:17:01 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/22 12:17:01 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/22 12:17:01 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/22 10:59:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/22 10:59:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/22 10:59:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/22 10:59:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/22 10:59:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/21 10:36:32 | 016,488,224 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\User\My Documents\jre-6u18-windows-i586-s.exe
[2010/01/20 15:33:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 11:00:26 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/18 10:59:42 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2010/02/03 12:53:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 10:06:47 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/26 10:06:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/01/22 12:17:26 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/22 12:17:16 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/22 12:17:01 | 055,784,161 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/22 12:17:01 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/22 12:17:01 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/22 12:16:59 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/26 10:02:57 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/11/26 10:02:57 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/06/17 11:16:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/06/17 10:58:40 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/06/17 10:58:40 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/04/21 12:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2008/04/14 13:01:30 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2008/04/14 09:15:18 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2008/04/14 09:15:18 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/04/14 09:13:58 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2008/04/14 09:13:19 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2008/04/14 09:12:56 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2008/04/14 09:12:56 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2008/04/14 08:32:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2008/04/10 19:01:40 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/10 19:01:39 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/10 13:20:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/10 12:38:55 | 000,092,222 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/04/10 12:37:56 | 000,126,893 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/08/06 17:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/04 06:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/04 06:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 06:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/04 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2002/08/02 22:03:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[1998/05/13 23:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Sam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Corel User Files:Roxio EMC Stream
< End of report >

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Thu Feb 18, 2010 8:43 pm

TL logfile created on: 2/18/2010 2:39:20 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.40 Gb Free Space | 58.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMTECH
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 14:39:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/01/22 12:16:50 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/22 12:16:50 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/22 12:16:49 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/22 12:16:49 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/22 12:16:45 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/22 12:16:41 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/22 12:16:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/22 10:59:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2008/04/14 09:25:57 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 12:32:36 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2007/02/26 01:03:02 | 016,125,440 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007/01/09 16:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/09 16:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2006/11/05 10:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2006/11/05 10:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/11/05 09:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/10/03 10:39:58 | 000,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/10/03 10:35:42 | 000,221,184 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2002/05/20 01:08:42 | 000,315,392 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 14:39:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2009/11/21 09:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2008/04/13 18:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SNDSrvc)
SRV - [2010/01/22 12:16:41 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/22 12:16:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/22 10:59:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/04/14 09:25:57 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/10 12:18:22 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2007/01/09 16:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 16:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 16:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/09 14:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/05 10:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 10:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/09/14 13:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/06/14 12:48:42 | 000,235,168 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 00:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/22 12:17:25 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/22 12:17:17 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/22 12:17:16 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/10 02:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090610.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/06/10 02:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090610.002\NAVENG.SYS -- (NAVENG)
DRV - [2008/04/14 09:25:58 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/01 03:27:26 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/27 23:57:20 | 000,017,280 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/02/27 23:36:00 | 000,318,464 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/19 22:00:00 | 000,041,600 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/07/24 02:00:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/03/25 06:49:56 | 000,336,256 | R--- | M] (Envara Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wind502u.sys -- (wind502u)
DRV - [2002/08/06 18:54:52 | 000,058,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Plugin Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/10 12:22:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 14:38:46 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/02/18 13:18:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/02/04 16:07:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/04 16:03:16 | 000,000,000 | ---D | C] -- C:\784038b2b23d68d7b5
[2010/02/03 12:53:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/03 12:53:18 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/26 10:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\IObit
[2010/01/26 10:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/01/26 09:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/26 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/26 09:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2010/01/26 09:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/22 12:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/01/22 12:17:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/01/22 12:17:26 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/22 12:17:24 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/22 12:17:17 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/22 12:17:16 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/22 12:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/22 12:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/22 12:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/22 12:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/22 12:15:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/22 12:15:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/22 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/22 11:00:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/22 11:00:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/22 11:00:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/22 10:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 09:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/22 09:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/01/22 09:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/21 15:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/21 14:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/21 14:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiSpam
[2010/01/21 13:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/01/21 13:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 12:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/21 10:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/21 10:36:32 | 016,488,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\User\My Documents\jre-6u18-windows-i586-s.exe
[2010/01/21 08:27:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/21 08:25:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/20 15:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/20 15:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/01/20 15:25:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/16 08:41:48 | 003,326,576 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup226.exe
[2009/05/22 12:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/04/14 12:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2008/04/14 12:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Intuit
[2008/04/10 19:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 14:39:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/02/18 11:15:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 11:14:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 11:14:08 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/02/18 11:13:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/02/18 11:13:46 | 004,822,696 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/02/18 11:00:26 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/18 10:59:48 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2010/02/18 08:24:26 | 055,784,161 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/18 08:19:03 | 000,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 08:19:03 | 000,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/18 08:19:03 | 000,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/17 15:45:54 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Excel 2003.lnk
[2010/02/17 09:05:05 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
[2010/02/17 09:05:04 | 068,820,992 | R--- | M] () -- C:\don_john.qbw
[2010/02/17 09:05:04 | 000,196,608 | R--- | M] () -- C:\don_john.qbw.TLG
[2010/02/17 09:05:04 | 000,000,318 | ---- | M] () -- C:\don_john.qbw.nd
[2010/02/17 08:14:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/03 12:53:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/01 09:28:38 | 000,061,976 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/26 10:06:47 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/26 10:06:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/01/26 08:14:47 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/22 12:17:26 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/22 12:17:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/22 12:17:25 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/22 12:17:17 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/22 12:17:16 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/22 12:17:16 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/22 12:17:01 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/22 12:17:01 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/22 12:17:01 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/22 10:59:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/22 10:59:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/22 10:59:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/22 10:59:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/22 10:59:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/21 10:36:32 | 016,488,224 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\User\My Documents\jre-6u18-windows-i586-s.exe
[2010/01/20 15:33:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Thu Feb 18, 2010 10:09 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\Shell - "" = AutoRun
    O33 - MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\Shell\AutoRun - "" = Auto&Play



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Fri Feb 19, 2010 2:27 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3c25d87-0a39-11dd-9a06-001bb9649263}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3c25d87-0a39-11dd-9a06-001bb9649263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3c25d87-0a39-11dd-9a06-001bb9649263}\ not found.

OTL by OldTimer - Version 3.1.30.1 log created on 02192010_082642

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Fri Feb 19, 2010 8:47 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Mon Feb 22, 2010 2:45 pm

ComboFix 10-02-21.02 - User 02/22/2010 8:36.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1419 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\comres(2)(2).dll
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll
c:\windows\winhelp.ini

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-19 14:26 . 2010-02-19 14:26 -------- d-----w- C:\_OTL
2010-02-04 22:07 . 2010-02-04 22:09 -------- dc-h--w- c:\windows\ie8
2010-02-04 22:03 . 2010-02-04 22:09 -------- d-----w- C:\784038b2b23d68d7b5
2010-02-04 19:45 . 2010-02-04 19:45 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-02-03 18:53 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 18:53 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 16:06 . 2010-01-26 16:06 -------- d-----w- c:\documents and settings\User\Application Data\IObit
2010-01-26 16:06 . 2010-01-26 16:06 -------- d-----w- c:\program files\IObit
2010-01-26 15:20 . 2010-01-26 15:20 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 15:20 . 2010-02-18 17:01 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-26 15:19 . 2010-01-26 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-26 15:19 . 2010-01-26 15:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 15:19 . 2010-01-26 15:19 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-01-26 15:18 . 2010-01-26 15:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-25 14:00 . 2010-01-25 14:00 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77632fb8-n\msvcp71.dll
2010-01-25 14:00 . 2010-01-25 14:00 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77632fb8-n\jmc.dll
2010-01-25 14:00 . 2010-01-25 14:00 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77632fb8-n\msvcr71.dll
2010-01-25 14:00 . 2010-01-25 14:00 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5be4230f-n\decora-sse.dll
2010-01-25 14:00 . 2010-01-25 14:00 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5be4230f-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 16:49 . 2008-04-14 19:06 2373 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-02-03 18:53 . 2010-01-22 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 15:28 . 2008-04-10 18:29 61976 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 15:34 . 2008-04-10 19:28 -------- d-----w- c:\program files\Symantec
2010-01-26 15:29 . 2008-04-10 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-26 15:29 . 2008-04-10 19:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-26 15:27 . 2008-04-17 14:00 -------- d-----w- c:\program files\Lavasoft
2010-01-26 15:27 . 2008-04-17 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-22 18:17 . 2010-01-22 18:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-22 18:17 . 2010-01-22 18:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-22 18:17 . 2010-01-22 18:17 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-22 18:17 . 2010-01-22 18:17 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-22 18:16 . 2010-01-22 18:16 -------- d-----w- c:\program files\AVG
2010-01-22 18:16 . 2010-01-22 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-22 16:59 . 2009-10-28 19:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-22 16:58 . 2008-04-10 19:11 -------- d-----w- c:\program files\Java
2010-01-21 21:53 . 2010-01-21 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-21 21:53 . 2010-01-21 21:53 -------- d-----w- c:\program files\CCleaner
2010-01-21 20:20 . 2010-01-21 20:20 -------- d-----w- c:\program files\Norton AntiSpam
2010-01-21 19:47 . 2010-01-21 19:47 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-21 19:46 . 2010-01-21 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-21 16:38 . 2008-04-10 19:11 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 21:44 . 2008-04-10 18:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-08 19:58 . 2008-11-26 16:02 -------- d-----w- c:\program files\MediaFACE II
2010-01-05 10:00 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2008-04-10 18:18 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 14:42 . 2009-12-16 14:41 3326576 ----a-w- c:\program files\ccsetup226.exe
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 14:32 . 2009-12-03 14:32 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 14:32 . 2009-12-03 14:32 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 17:11 . 2004-08-04 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-11 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2007-02-28 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-04-14 100056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-10 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks 2002 Delivery Agent.lnk - c:\program files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe [2008-4-14 315392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-4-10 262144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-22 18:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3458:TCP"= 3458:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/22/2010 12:17 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/22/2010 12:17 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/22/2010 12:16 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/22/2010 12:16 PM 285392]
R3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\windows\system32\drivers\wind502u.sys [4/11/2008 9:14 AM 336256]
S3 SASENUM;SASENUM;\??\c:\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> C:c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-26 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-26 21:30]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Corel Remove Program - d:\corel\AppMan\Setup\remove.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-22 08:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E66EE8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> 0x89e66ee8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950A600
malicious code @ sector 0x0950A603 !
PE file found in sector at 0x0950A619 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2010-02-22 08:43:08
ComboFix-quarantined-files.txt 2010-02-22 14:42

Pre-Run: 46,385,823,744 bytes free
Post-Run: 49,047,711,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1DB841E80C0F806876CE52EB70246945

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Mon Feb 22, 2010 5:18 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

mbr.exe -f

Post the log when done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Mon Feb 22, 2010 5:23 pm

The log automatically closes before I can copy and paste.

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Mon Feb 22, 2010 6:01 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

notepad "C:\Windows\mbr.log"

Does that open the log?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Mon Feb 22, 2010 6:10 pm

No, only shows blank notepad

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Mon Feb 22, 2010 6:11 pm

Please download [You must be registered and logged in to see this link.] to your desktop.
Double click on the MBR.exe to run it. A log will be produced, named MBR.log.
Please open this log in Notepad and post it's contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Mon Feb 22, 2010 6:14 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0950A600
malicious code @ sector 0x0950A603 !
PE file found in sector at 0x0950A619 !

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Mon Feb 22, 2010 6:23 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

%userprofile%\Desktop\mbr.exe -f

Try running that, post the next log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Mon Feb 22, 2010 6:29 pm

Will not allow. Error- Windows cannot find C:/documents

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Mon Feb 22, 2010 6:35 pm

Hello.

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Mon Feb 22, 2010 6:44 pm

12:42:26:531 1504 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31
12:42:26:531 1504 ================================================================================
12:42:26:531 1504 SystemInfo:

12:42:26:531 1504 OS Version: 5.1.2600 ServicePack: 3.0
12:42:26:531 1504 Product type: Workstation
12:42:26:531 1504 ComputerName: COMTECH
12:42:26:531 1504 UserName: User
12:42:26:531 1504 Windows directory: C:\WINDOWS
12:42:26:531 1504 Processor architecture: Intel x86
12:42:26:531 1504 Number of processors: 1
12:42:26:531 1504 Page size: 0x1000
12:42:26:531 1504 Boot type: Normal boot
12:42:26:531 1504 ================================================================================
12:42:26:531 1504 UnloadDriverW: NtUnloadDriver error 2
12:42:26:531 1504 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
12:42:26:562 1504 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
12:42:26:609 1504 UtilityInit: KLMD drop and load success
12:42:26:609 1504 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
12:42:26:609 1504 UtilityInit: KLMD open success
12:42:26:609 1504 UtilityInit: Initialize success
12:42:26:609 1504
12:42:26:609 1504 Scanning Services ...
12:42:26:609 1504 CreateRegParser: Registry parser init started
12:42:26:609 1504 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
12:42:26:609 1504 CreateRegParser: DisableWow64Redirection error
12:42:26:609 1504 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
12:42:26:609 1504 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
12:42:26:609 1504 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:42:26:609 1504 wfopen_ex: Trying to KLMD file open
12:42:26:609 1504 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
12:42:26:609 1504 wfopen_ex: File opened ok (Flags 2)
12:42:26:609 1504 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384AA0
12:42:26:609 1504 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
12:42:26:625 1504 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
12:42:26:625 1504 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:42:26:625 1504 wfopen_ex: Trying to KLMD file open
12:42:26:625 1504 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
12:42:26:625 1504 wfopen_ex: File opened ok (Flags 2)
12:42:26:625 1504 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384990
12:42:26:625 1504 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
12:42:26:625 1504 CreateRegParser: EnableWow64Redirection error
12:42:26:625 1504 CreateRegParser: RegParser init completed
12:42:27:078 1504 GetAdvancedServicesInfo: Raw services enum returned 328 services
12:42:27:078 1504 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
12:42:27:078 1504 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
12:42:27:078 1504
12:42:27:078 1504 Scanning Kernel memory ...
12:42:27:093 1504 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
12:42:27:093 1504 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A6BBC00
12:42:27:093 1504 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
12:42:27:093 1504
12:42:27:093 1504 DetectCureTDL3: DEVICE_OBJECT: 8A6AB9D0
12:42:27:093 1504 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6AB9D0
12:42:27:093 1504 KLMD_ReadMem: Trying to ReadMemory 0x8A6AB9D0[0x38]
12:42:27:093 1504 DetectCureTDL3: DRIVER_OBJECT: 8A6BBC00
12:42:27:093 1504 KLMD_ReadMem: Trying to ReadMemory 0x8A6BBC00[0xA8]
12:42:27:093 1504 KLMD_ReadMem: Trying to ReadMemory 0xE101EF50[0x18]
12:42:27:093 1504 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CREATE : F763DBB0
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CLOSE : F763DBB0
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_READ : F7637D1F
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_WRITE : A445F6F6
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_EA : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F76382E2
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F76383BB
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SHUTDOWN : F76382E2
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_POWER : F7639C82
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F763E99E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA87E
12:42:27:093 1504 TDL3_FileDetect: Processing driver: Disk
12:42:27:093 1504 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
12:42:27:093 1504 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
12:42:27:093 1504 TDL3_FileDetect: Processing driver: Disk
12:42:27:093 1504 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
12:42:27:093 1504 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
12:42:27:093 1504 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
12:42:27:093 1504
12:42:27:093 1504 DetectCureTDL3: DEVICE_OBJECT: 8A6A9AB8
12:42:27:093 1504 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6A9AB8
12:42:27:093 1504 DetectCureTDL3: DEVICE_OBJECT: 8A6A1B78
12:42:27:093 1504 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6A1B78
12:42:27:093 1504 DetectCureTDL3: DEVICE_OBJECT: 8A6B3480
12:42:27:093 1504 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6B3480
12:42:27:093 1504 KLMD_ReadMem: Trying to ReadMemory 0x8A6B3480[0x38]
12:42:27:093 1504 DetectCureTDL3: DRIVER_OBJECT: 8A65A030
12:42:27:093 1504 KLMD_ReadMem: Trying to ReadMemory 0x8A65A030[0xA8]
12:42:27:093 1504 KLMD_ReadMem: Trying to ReadMemory 0xE1021188[0x1A]
12:42:27:093 1504 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CREATE : F74A46F2
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CLOSE : F74A46F2
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_READ : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_WRITE : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_EA : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F74A4712
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A0852
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CLEANUP : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_POWER : F74A473C
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F74AB336
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FA87E
12:42:27:093 1504 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FA87E
12:42:27:093 1504 TDL3_FileDetect: Processing driver: atapi
12:42:27:093 1504 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
12:42:27:093 1504 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
12:42:27:109 1504 KLMD_ReadMem: Trying to ReadMemory 0xF74A1864[0x400]
12:42:27:109 1504 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
12:42:27:109 1504 TDL3_FileDetect: Processing driver: atapi
12:42:27:109 1504 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
12:42:27:109 1504 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
12:42:27:109 1504 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
12:42:27:109 1504
12:42:27:109 1504 Completed
12:42:27:109 1504
12:42:27:109 1504 Results:
12:42:27:125 1504 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
12:42:27:125 1504 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:42:27:125 1504 File objects infected / cured / cured on reboot: 0 / 0 / 0
12:42:27:125 1504
12:42:27:125 1504 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
12:42:27:125 1504 UtilityDeinit: KLMD(ARK) unloaded successfully

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by Belahzur on Mon Feb 22, 2010 7:00 pm

Hello.
Looks good, just some leftover malicious code in your MBR.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is this a malware or virus?

Post by samandbre on Mon Feb 22, 2010 7:07 pm

Ok. Running much better.
Thanks for all your time and help.

samandbre
Novice
Novice

Posts Posts : 42
Joined Joined : 2010-01-21
OS OS : windows xp
Points Points : 25650
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum