Antivirus 2010 and cant search

View previous topic View next topic Go down

Antivirus 2010 and cant search

Post by awood517 on Thu 16 Sep 2010, 1:38 pm

I have some program called Antivirus 2010 that started popping up. Also, I can't google anything; it either doesnt connect or if it does connect, the links take me somewhere other than where it should.

here is the otl.txt


OTL logfile created on: 9/15/2010 10:24:34 PM - Run 5
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\awwood\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 152.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 7.24 Gb Free Space | 19.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GNV-1ZBJLB1
Current User Name: AWWOOD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/08 22:59:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\awwood\Desktop\OTL.com
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/01/19 09:37:10 | 001,150,976 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/11/26 11:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/10/24 12:44:34 | 000,872,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/07/10 00:07:00 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2008/07/09 18:08:16 | 001,036,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2008/07/09 18:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
PRC - [2005/07/21 12:15:14 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMHost.exe
PRC - [2005/07/21 12:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
PRC - [2004/08/21 18:04:48 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 09:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/08/04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/09/08 22:59:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\awwood\Desktop\OTL.com
MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 15:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -- (FwcAgent)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\authenticat.exe ra[144.195.160.209] -- (8e6 Authenticator)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/07/09 18:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2005/07/21 12:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)
SRV - [2004/08/04 15:00:00 | 000,126,976 | ---- | M] () [Auto | Stopped] -- \\.\globalroot\systemroot\system32\usеrinit.exe [WARNING: \\.\globalroot\systemroot\system32\us?rinit.exe] -- (userinit)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/05/15 17:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2007/04/13 03:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/07/14 10:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/06/29 19:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/06 14:32:44 | 000,104,735 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/04 02:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 02:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/07/20 12:14:06 | 000,258,160 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/07/09 13:47:54 | 000,091,823 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2004/06/10 22:57:04 | 000,746,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 15:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.mactec.com;*.mactec.biz;*.fortordcleanup.com;*.fodis.net;*.maps-sonomamarintrain.org;*.nexdss.com;*.clientwebservices.biz;*.pes.com;*.lucentfst.com;*.wspan.com;*.cingular-sms.com;*.sprint-sms.com;*.recovery.com;170.130.*;144.195.*;10.*;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = [You must be registered and logged in to see this link.]



O1 HOSTS File: ([2010/09/07 23:14:27 | 000,001,757 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 us.search.yahoo.com
O1 - Hosts: 212.95.49.48 uk.search.yahoo.com
O1 - Hosts: 212.95.49.48 search.yahoo.com
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 212.95.49.48 [You must be registered and logged in to see this link.]
O1 - Hosts: 3 more lines...
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: mactec.com ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mactec.com ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: mactec.com ([intranet] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mactec.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\MACTEC Logo.gif
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/01 13:38:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/08 22:58:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\awwood\Desktop\OTL.com
[2010/09/08 22:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/09/08 22:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/09/08 22:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/08 22:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/08 22:16:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/08 22:16:02 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/08 22:16:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/08 22:16:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/08 22:16:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/08 22:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/08 22:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\awwood\Application Data\Sun
[2010/09/08 21:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/09/08 19:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\awwood\Local Settings\Application Data\Help
[2010/09/08 19:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\awwood\Application Data\Help
[2010/08/21 21:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC
[2010/08/21 21:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\awwood\Desktop\FLAC_frontend
[2010/08/21 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Michael K. Weise
[2010/08/21 19:49:06 | 000,315,904 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/08/21 19:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\awwood\WINDOWS
[2006/11/01 18:28:47 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/15 22:27:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/15 22:24:37 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Signature Update.job
[2010/09/15 22:24:36 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[2010/09/15 22:24:36 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/15 22:24:08 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/15 22:22:31 | 000,000,455 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/09/15 22:22:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/15 22:21:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/15 22:21:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/15 22:21:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 22:21:03 | 536,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 00:20:25 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\awwood\NTUSER.DAT
[2010/09/15 00:20:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\awwood\ntuser.ini
[2010/09/15 00:19:54 | 004,298,932 | -H-- | M] () -- C:\Documents and Settings\awwood\Local Settings\Application Data\IconCache.db
[2010/09/14 21:52:47 | 278,840,947 | ---- | M] () -- C:\Documents and Settings\awwood\Desktop\Jerry_Garcia_Band-Jerry_Garcia_Collection,_Vol._2_Let_It_Rock.rar
[2010/09/11 18:28:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/08 22:59:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\awwood\Desktop\OTL.com
[2010/09/08 22:28:03 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/08 22:20:22 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\awwood\Desktop\JavaRa.zip
[2010/09/08 22:15:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/08 22:15:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/08 22:15:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/08 22:15:35 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/08 22:15:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/30 19:45:53 | 146,491,657 | ---- | M] () -- C:\Documents and Settings\awwood\Desktop\YouEnjoyMymix_Summer_2010_003_MixedByHAL_MASA.mp3
[2010/08/29 21:38:37 | 153,480,718 | ---- | M] () -- C:\Documents and Settings\awwood\Desktop\YouEnjoyMymix_Summer_2010_001_MixedByHAL_MASA.mp3
[2010/08/29 21:38:37 | 019,630,623 | ---- | M] () -- C:\Documents and Settings\awwood\Desktop\MIKE YEMS 09.mp3
[2010/08/21 21:22:43 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2010/08/21 19:50:01 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mkw Audio Compression Tool.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/14 21:49:36 | 278,840,947 | ---- | C] () -- C:\Documents and Settings\awwood\Desktop\Jerry_Garcia_Band-Jerry_Garcia_Collection,_Vol._2_Let_It_Rock.rar
[2010/09/08 22:28:03 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/08 22:20:16 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\awwood\Desktop\JavaRa.zip
[2010/09/08 21:04:43 | 536,129,536 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 23:14:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/08/30 19:44:08 | 146,491,657 | ---- | C] () -- C:\Documents and Settings\awwood\Desktop\YouEnjoyMymix_Summer_2010_003_MixedByHAL_MASA.mp3
[2010/08/29 21:37:44 | 019,630,623 | ---- | C] () -- C:\Documents and Settings\awwood\Desktop\MIKE YEMS 09.mp3
[2010/08/29 21:35:57 | 153,480,718 | ---- | C] () -- C:\Documents and Settings\awwood\Desktop\YouEnjoyMymix_Summer_2010_001_MixedByHAL_MASA.mp3
[2010/08/21 21:22:43 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2010/08/21 19:50:01 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mkw Audio Compression Tool.lnk
[2010/08/21 19:49:59 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2010/08/21 19:49:59 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2010/08/15 18:21:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/06/21 01:23:03 | 000,121,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/09 21:53:53 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/06/09 21:53:53 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/06/09 21:53:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/06/09 21:23:20 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/05/13 17:20:40 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/13 17:20:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/13 14:07:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/16 13:55:38 | 000,000,455 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/01 18:28:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2006/11/01 15:50:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/21 12:01:04 | 000,008,527 | ---- | C] () -- C:\WINDOWS\System32\MOMCounters.ini
[2005/07/21 12:01:04 | 000,005,295 | ---- | C] () -- C:\WINDOWS\System32\MomAgntCtrs.ini
[2004/08/04 15:00:00 | 000,531,856 | ---- | C] () -- C:\WINDOWS\System32\mstowenp.dll
[2004/08/04 15:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/04/19 14:11:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BarracudaAddin.dll
[2000/03/14 08:50:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\odma32.dll

========== Files - Unicode (All) ==========
[2004/08/04 15:00:00 | 000,126,976 | ---- | M] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\usеrinit.exe
[2004/08/04 15:00:00 | 000,126,976 | ---- | C] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\usеrinit.exe
< End of report >

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Thu 16 Sep 2010, 4:24 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Tue 21 Sep 2010, 12:26 pm

I ran combofix and my computer seems to be working again. here is the log:


ComboFix 10-09-19.01 - AWWOOD 09/20/2010 6:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.176 [GMT -4:00]
Running from: c:\documents and settings\awwood\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *On-access scanning enabled* (Updated) {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\.wtav
C:\LOG10.tmp
c:\windows\drm.ocx
c:\windows\system32\USRINI~1.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USERINIT
-------\Service_userinit


((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-09 02:21 . 2010-09-09 02:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-09 02:17 . 2010-09-09 02:17 503808 ----a-w- c:\documents and settings\awwood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1d71a94d-n\msvcp71.dll
2010-09-09 02:17 . 2010-09-09 02:17 61440 ----a-w- c:\documents and settings\awwood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5f32cc55-n\decora-sse.dll
2010-09-09 02:17 . 2010-09-09 02:17 499712 ----a-w- c:\documents and settings\awwood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1d71a94d-n\jmc.dll
2010-09-09 02:17 . 2010-09-09 02:17 348160 ----a-w- c:\documents and settings\awwood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1d71a94d-n\msvcr71.dll
2010-09-09 02:17 . 2010-09-09 02:17 12800 ----a-w- c:\documents and settings\awwood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5f32cc55-n\decora-d3d.dll
2010-09-09 02:16 . 2010-09-09 02:16 -------- d-----w- c:\program files\Common Files\Java
2010-09-09 02:16 . 2010-09-09 02:15 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 02:15 . 2010-09-09 02:15 -------- d-----w- c:\program files\Java
2010-09-09 01:58 . 2010-09-09 01:58 -------- d-----w- c:\windows\system32\LogFiles
2010-09-08 23:53 . 2010-09-08 23:53 -------- d-----w- c:\documents and settings\awwood\Local Settings\Application Data\Help
2010-08-22 01:22 . 2010-08-22 01:23 -------- d-----w- c:\program files\FLAC
2010-08-21 23:49 . 2000-01-11 20:46 528384 ------w- c:\windows\system32\BladeEnc.dll
2010-08-21 23:49 . 1997-07-15 14:30 120832 ------w- c:\windows\system32\ShnDll32.dll
2010-08-21 23:49 . 2010-08-21 23:49 -------- d-----w- c:\program files\Michael K. Weise
2010-08-21 23:49 . 1997-08-26 16:06 315904 ----a-w- c:\windows\IsUninst.exe
2010-08-21 23:49 . 2010-08-21 23:49 -------- d-----w- c:\documents and settings\awwood\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:01 . 2009-06-26 18:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-09 02:27 . 2006-11-01 20:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-22 09:15 . 2010-08-15 23:18 -------- d-----w- c:\documents and settings\awwood\Application Data\uTorrent
2010-08-15 23:19 . 2010-08-15 23:19 -------- d-----w- c:\program files\uTorrent
2010-08-15 22:21 . 2010-08-15 22:21 -------- d-----w- c:\documents and settings\awwood\Application Data\Canneverbe Limited
2010-08-15 22:21 . 2010-08-15 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-15 22:21 . 2010-08-15 22:20 -------- d-----w- c:\program files\CDBurnerXP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-21 155648]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2008-07-09 1036848]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Distillr\acrotray.exe [2003-10-24 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-102370\Scripts\Logon\0\0]
"Script"=jinit13pusher.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-102370\Scripts\Logon\1\0]
"Script"=APO_Form_Cache_Cleaner.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-102370\Scripts\Logon\1\1]
"Script"=OutlookPublicFolderFavoriteCacheUnsetterGPOVersion.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-102370\Scripts\Logon\1\2]
"Script"=JunkMaildwValuecreation2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-102370\Scripts\Logon\1\3]
"Script"=KB897715MACTECfix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-102370\Scripts\Logon\1\4]
"Script"=Firewall_Client_Update.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-102370\Scripts\Logon\1\5]
"Script"=KB931836_install_v3.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-138950\Scripts\Logon\0\0]
"Script"=DisableFirewallClient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-138950\Scripts\Logon\1\0]
"Script"=logonhelper.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-138950\Scripts\Logon\2\0]
"Script"=jinit13pusher.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-138950\Scripts\Logon\3\0]
"Script"=APO_Form_Cache_Cleaner.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-138950\Scripts\Logon\3\1]
"Script"=OutlookPublicFolderFavoriteCacheUnsetterGPOVersion.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-138950\Scripts\Logon\3\2]
"Script"=JunkMaildwValuecreation2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-138950\Scripts\Logon\3\3]
"Script"=KB897715MACTECfix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-138950\Scripts\Logon\3\4]
"Script"=KB931836_install_v3.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-142285\Scripts\Logon\0\0]
"Script"=DisableFirewallClient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-142285\Scripts\Logon\1\0]
"Script"=logonhelper.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-142285\Scripts\Logon\2\0]
"Script"=jinit13pusher.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-142285\Scripts\Logon\3\0]
"Script"=APO_Form_Cache_Cleaner.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-142285\Scripts\Logon\3\1]
"Script"=OutlookPublicFolderFavoriteCacheUnsetterGPOVersion.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-142285\Scripts\Logon\3\2]
"Script"=JunkMaildwValuecreation2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-142285\Scripts\Logon\3\3]
"Script"=KB897715MACTECfix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-142285\Scripts\Logon\3\4]
"Script"=KB931836_install_v3.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-154580\Scripts\Logon\0\0]
"Script"=jinit13pusher.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-154580\Scripts\Logon\1\0]
"Script"=APO_Form_Cache_Cleaner.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-154580\Scripts\Logon\1\1]
"Script"=OutlookPublicFolderFavoriteCacheUnsetterGPOVersion.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-154580\Scripts\Logon\1\2]
"Script"=JunkMaildwValuecreation2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-154580\Scripts\Logon\1\3]
"Script"=KB897715MACTECfix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-154580\Scripts\Logon\1\4]
"Script"=Firewall_Client_Update.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-154580\Scripts\Logon\1\5]
"Script"=KB931836_install_v3.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-161995\Scripts\Logon\0\0]
"Script"=logonhelper.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-161995\Scripts\Logon\1\0]
"Script"=jinit13pusher.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-161995\Scripts\Logon\2\0]
"Script"=APO_Form_Cache_Cleaner.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-161995\Scripts\Logon\2\1]
"Script"=OutlookPublicFolderFavoriteCacheUnsetterGPOVersion.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-161995\Scripts\Logon\2\2]
"Script"=JunkMaildwValuecreation2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-161995\Scripts\Logon\2\3]
"Script"=KB897715MACTECfix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-161995\Scripts\Logon\2\4]
"Script"=KB931836_install_v3.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-4222\Scripts\Logon\0\0]
"Script"=DisableFirewallClient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-4222\Scripts\Logon\1\0]
"Script"=logonhelper.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-4222\Scripts\Logon\2\0]
"Script"=jinit13pusher.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-4222\Scripts\Logon\3\0]
"Script"=APO_Form_Cache_Cleaner.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-4222\Scripts\Logon\3\1]
"Script"=OutlookPublicFolderFavoriteCacheUnsetterGPOVersion.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-4222\Scripts\Logon\3\2]
"Script"=JunkMaildwValuecreation2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-4222\Scripts\Logon\3\3]
"Script"=KB897715MACTECfix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-261903793-1801674531-4222\Scripts\Logon\3\4]
"Script"=KB931836_install_v3.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9eeb062ae819d"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [7/9/2008 6:05 PM 18704]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [4/6/2007 5:12 AM 73120]
R2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [7/21/2005 12:14 PM 134656]
S2 8e6 Authenticator;8e6 Authenticator;c:\windows\system32\authenticat.exe ra[144.195.160.209] --> c:\windows\system32\authenticat.exe ra[144.195.160.209] [?]
S2 gupdate1c9eeb062ae819d;Google Update Service (gupdate1c9eeb062ae819d);c:\program files\Google\Update\GoogleUpdate.exe [6/16/2009 2:29 PM 133104]
S4 FwcAgent;Firewall Client Agent;"c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe" --> c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 18:29]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 18:29]

2010-09-20 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2008-07-09 22:05]

2010-09-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2008-07-09 22:05]

2010-09-20 c:\windows\Tasks\MP Scheduled Signature Update.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2008-07-09 22:05]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.mactec.com;*.mactec.biz;*.fortordcleanup.com;*.fodis.net;*.maps-sonomamarintrain.org;*.nexdss.com;*.clientwebservices.biz;*.pes.com;*.lucentfst.com;*.wspan.com;*.cingular-sms.com;*.sprint-sms.com;*.recovery.com;170.130.*;144.195.*;10.*;
uInternet Settings,ProxyServer = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mactec.com\intranet
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-20 07:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF870B11B]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85fafc3
\Driver\ACPI -> ACPI.sys @ 0xf84edcb8
\Driver\atapi -> atapi.sys @ 0xf84497b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8310ba0
PacketIndicateHandler -> NDIS.sys @ 0xf831db21
SendHandler -> NDIS.sys @ 0xf82fb87b
user & kernel MBR OK

**************************************************************************
"ImagePath"="c:\windows\system32\authenticat.exe ra
[144.195.160.209]"

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMHost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-09-20 07:57:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 11:56

Pre-Run: 7,666,266,112 bytes free
Post-Run: 8,257,245,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C6333B12C1FB6E2AFFDC9D75214933B8

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Tue 21 Sep 2010, 8:12 pm

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Thu 23 Sep 2010, 8:30 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000f880c

Kernel Drivers (total 166):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8B8A000 compbatt.sys
0xF8B8E000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8D3E000 pciide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8C7A000 aliide.sys
0xF8C7C000 intelide.sys
0xF8C7E000 toside.sys
0xF8C80000 viaide.sys
0xF8C82000 cmdide.sys
0xF86F8000 pcmcia.sys
0xF8786000 MountMgr.sys
0xF86D9000 ftdisk.sys
0xF8C84000 dmload.sys
0xF86B3000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF8B92000 cpqarray.sys
0xF869B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF8683000 atapi.sys
0xF8B96000 aha154x.sys
0xF8A06000 sparrow.sys
0xF8B9A000 symc810.sys
0xF87A6000 aic78xx.sys
0xF8B9E000 dac960nt.sys
0xF87B6000 ql10wnt.sys
0xF8BA2000 amsint.sys
0xF8A0E000 asc.sys
0xF8BA6000 asc3550.sys
0xF8A16000 mraid35x.sys
0xF8A1E000 i2omp.sys
0xF8BAA000 ini910u.sys
0xF87C6000 ql1240.sys
0xF87D6000 aic78u2.sys
0xF8A26000 symc8xx.sys
0xF8A2E000 sym_hi.sys
0xF8A36000 sym_u3.sys
0xF8A3E000 ABP480N5.SYS
0xF8A46000 asc3350p.sys
0xF8C86000 cd20xrnt.sys
0xF87E6000 ultra.sys
0xF866A000 adpu160m.sys
0xF8A4E000 dpti2o.sys
0xF87F6000 ql1080.sys
0xF8806000 ql1280.sys
0xF8816000 ql12160.sys
0xF8A56000 perc2.sys
0xF8C88000 perc2hib.sys
0xF8A5E000 hpn.sys
0xF8BAE000 cbidf2k.sys
0xF863E000 dac2w2k.sys
0xF8826000 disk.sys
0xF8836000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF861E000 fltMgr.sys
0xF860C000 sr.sys
0xF85F5000 KSecDD.sys
0xF8568000 Ntfs.sys
0xF853B000 NDIS.sys
0xF8846000 sisagp.sys
0xF8856000 viaagp.sys
0xF8520000 Mup.sys
0xF8866000 alim1541.sys
0xF8876000 amdagp.sys
0xF8886000 agp440.sys
0xF8896000 agpCPQ.sys
0xF88C6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8C2E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF832D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF8319000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8AB6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF82F6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8ABE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF82CC000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF82B5000 \SystemRoot\system32\DRIVERS\ozscr.sys
0xF8C3E000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xF809A000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8081000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF8ACE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8AD6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF88E6000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8C4A000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF806D000 \SystemRoot\system32\DRIVERS\parport.sys
0xF88F6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8906000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8916000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF804A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF800B000 \SystemRoot\system32\drivers\stac97.sys
0xF7FE7000 \SystemRoot\system32\drivers\portcls.sys
0xF8926000 \SystemRoot\system32\drivers\drmk.sys
0xF7FB4000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF7EB7000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xF7E0A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8B2E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8DD0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF846F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF84E0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7DCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF845F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF844F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8B4E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7D1A000 \SystemRoot\system32\DRIVERS\psched.sys
0xF843F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8B5E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8B6E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7CE9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF842F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8C9A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7CB5000 \SystemRoot\system32\DRIVERS\update.sys
0xF84AF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF841F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF88B6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8CA0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8CA2000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8CA6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E0C000 \SystemRoot\System32\Drivers\Null.SYS
0xF8CAA000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8A86000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8A8E000 \SystemRoot\System32\drivers\vga.sys
0xF8CAE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8CB2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8A9E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AAE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF84F8000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDBF2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDB4A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDB22000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDB01000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDADF000 \SystemRoot\System32\drivers\afd.sys
0xF8966000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDA14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xED9A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8986000 \SystemRoot\System32\Drivers\Fips.SYS
0xF89A6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF89B6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xED965000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8CBA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7C9D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B06000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xF8EB9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
0xBFA0D000 \SystemRoot\System32\ati2cqag.dll
0xBFA45000 \SystemRoot\System32\ati3duag.dll
0xBFC54000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xED831000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xED905000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xED579000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xED5AD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xED3BA000 \SystemRoot\system32\DRIVERS\srv.sys
0xF8B76000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xECF37000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xECF22000 \SystemRoot\system32\drivers\wdmaud.sys
0xED192000 \SystemRoot\system32\drivers\sysaudio.sys
0xEC93B000 \SystemRoot\System32\Drivers\HTTP.sys
0xEC7D0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
420 C:\WINDOWS\system32\smss.exe
832 csrss.exe
856 C:\WINDOWS\system32\winlogon.exe
900 C:\WINDOWS\system32\services.exe
912 C:\WINDOWS\system32\lsass.exe
1052 C:\WINDOWS\system32\ati2evxx.exe
1080 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1216 C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
1256 C:\WINDOWS\system32\svchost.exe
1400 svchost.exe
1456 svchost.exe
1700 C:\WINDOWS\system32\spoolsv.exe
1744 scardsvr.exe
232 svchost.exe
348 C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
492 C:\Program Files\Java\jre6\bin\jqs.exe
564 C:\Program Files\CDBurnerXP\NMSAccessU.exe
580 C:\WINDOWS\system32\svchost.exe
620 C:\WINDOWS\system32\svchost.exe
648 wdfmgr.exe
824 C:\WINDOWS\system32\CCM\CcmExec.exe
1336 C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
1556 wmiprvse.exe
1636 MOMHost.exe
1952 alg.exe
460 wmiprvse.exe
1872 wmiprvse.exe
2664 C:\WINDOWS\system32\ati2evxx.exe
3000 C:\WINDOWS\explorer.exe
3452 C:\Program Files\Apoint\Apoint.exe
3500 C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
3528 C:\Program Files\Apoint\ApntEx.exe
3572 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3828 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
3868 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3904 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
3948 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
3960 C:\WINDOWS\system32\ctfmon.exe
3984 C:\Program Files\Adobe\Distillr\acrotray.exe
2300 C:\Program Files\Internet Explorer\iexplore.exe
1368 C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe
2084 C:\WINDOWS\system32\wuauclt.exe
3116 C:\Documents and Settings\awwood\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHT2040AH, Rev: 006C

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Thu 23 Sep 2010, 8:32 am

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Thu 23 Sep 2010, 9:43 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0a85249e216d5e478ca2d37400041f36
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-22 10:31:28
# local_time=2010-09-22 06:31:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=47223
# found=9
# cleaned=9
# scan_time=2749
C:\Qoobox\Quarantine\C\WINDOWS\system32\USRINI~1.EXE.vir a variant of Win32/Kryptik.GPE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP134\A0038738.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP134\A0039738.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP134\A0040296.exe a variant of Win32/Kryptik.GPE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP134\A0040336.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP135\A0040442.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP135\A0040478.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP135\A0040514.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\HSF_DPV.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C



I still have not clicked the "finish" button. Should I check the "delete quarantined files" box before finishing?

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Fri 24 Sep 2010, 8:09 am

Nah. Just finish the scan as is.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Fri 24 Sep 2010, 2:51 pm

[You must be registered and logged in to see this link.]

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Sat 25 Sep 2010, 1:03 pm

Please go to Start > Control Panel > Add or Remove Programs (Programs and Features in Vista, Programs in 7) and remove the following (if present):


  • Antivirus 2010



Please go to: VirusTotal




  • Click the Browse button and search for the following file: C:\WINDOWS\system32\mstowenp.dll
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Sun 26 Sep 2010, 4:00 am

Antivirus Version Last Update Result
AhnLab-V3 2010.09.25.00 2010.09.24 -
AntiVir 7.10.12.30 2010.09.24 -
Antiy-AVL 2.0.3.7 2010.09.25 -
Authentium 5.2.0.5 2010.09.25 -
Avast 4.8.1351.0 2010.09.25 -
Avast5 5.0.594.0 2010.09.25 -
AVG 9.0.0.851 2010.09.25 -
BitDefender 7.2 2010.09.25 -
CAT-QuickHeal 11.00 2010.09.24 -
ClamAV 0.96.2.0-git 2010.09.25 -
DrWeb 5.0.2.03300 2010.09.25 -
Emsisoft 5.0.0.37 2010.09.25 -
eSafe 7.0.17.0 2010.09.21 -
eTrust-Vet 36.1.7875 2010.09.25 -
F-Prot 4.6.2.117 2010.09.25 -
F-Secure 9.0.15370.0 2010.09.25 -
Fortinet 4.1.143.0 2010.09.25 -
GData 21 2010.09.25 -
Ikarus T3.1.1.88.0 2010.09.25 -
Jiangmin 13.0.900 2010.09.25 -
K7AntiVirus 9.63.2608 2010.09.25 -
Kaspersky 7.0.0.125 2010.09.25 -
McAfee 5.400.0.1158 2010.09.25 -
McAfee-GW-Edition 2010.1C 2010.09.25 -
Microsoft 1.6201 2010.09.25 -
NOD32 5479 2010.09.25 -
Norman 6.06.06 2010.09.25 -
nProtect 2010-09-25.01 2010.09.25 -
Panda 10.0.2.7 2010.09.25 -
PCTools 7.0.3.5 2010.09.25 -
Prevx 3.0 2010.09.25 -
Rising 22.66.04.00 2010.09.25 -
Sophos 4.58.0 2010.09.25 -
Sunbelt 6928 2010.09.25 -
SUPERAntiSpyware 4.40.0.1006 2010.09.25 -
Symantec 20101.1.1.7 2010.09.25 -
TheHacker 6.7.0.0.032 2010.09.25 -
TrendMicro 9.120.0.1004 2010.09.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.25 -
VBA32 3.12.14.1 2010.09.24 -
ViRobot 2010.9.25.4060 2010.09.25 -
VirusBuster 12.65.25.0 2010.09.24 -
Additional informationShow all
MD5 : 92b0b73bbfaad58e7dca916378cf9670
SHA1 : c24d0b41beea3d0cd25d14b7c00920ce6a9946cc
SHA256: 5219965f694045709cf175e08d0e8854a93a1a36676c250b27c7f6528f250b82
ssdeep: 12288:LR0k4uWw05uzcPnJpNmLmockdfMZC1TtpM+cb:LT4xw054cPnzUmockdUOnS
File size : 531856 bytes
First seen: 2010-09-25 16:44:26
Last seen : 2010-09-25 16:44:26
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Mon 27 Sep 2010, 6:21 am

Please do one more ESET online scan and post a log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Mon 27 Sep 2010, 8:25 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0a85249e216d5e478ca2d37400041f36
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-22 10:31:28
# local_time=2010-09-22 06:31:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=47223
# found=9
# cleaned=9
# scan_time=2749
C:\Qoobox\Quarantine\C\WINDOWS\system32\USRINI~1.EXE.vir a variant of Win32/Kryptik.GPE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP134\A0038738.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP134\A0039738.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP134\A0040296.exe a variant of Win32/Kryptik.GPE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP134\A0040336.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP135\A0040442.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP135\A0040478.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP135\A0040514.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\HSF_DPV.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0a85249e216d5e478ca2d37400041f36
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-26 08:51:14
# local_time=2010-09-26 04:51:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 253551 253551 0 0
# scanned=54665
# found=1
# cleaned=1
# scan_time=2876
C:\System Volume Information\_restore{DB957911-CBD4-4EBE-97D4-CA9BC499573D}\RP136\A0040554.SYS a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Tue 28 Sep 2010, 7:43 am

It is still hiding.

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Fri 01 Oct 2010, 2:14 pm

I did the scan and no viruses were found. I could not select the 'save report list' option in the file menu, it was grayed out.

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Fri 01 Oct 2010, 2:23 pm

How is your computer running?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Fri 01 Oct 2010, 2:46 pm

It seems to be running fine. The antivirus 2010 program is gone and searching works again.

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Fri 01 Oct 2010, 2:51 pm

Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Sun 03 Oct 2010, 9:35 am

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Microsoft Forefront Client Security Client Antimalware\MsMpEng.exe
Microsoft Forefront Client Security Client Antimalware\MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Sun 03 Oct 2010, 9:37 am

I also cleaned the system restore, ran OTC, and ran TFC. Computer seems to be running fine, I haven't had any other problems so far.

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Tue 05 Oct 2010, 12:40 pm

Hello. You have some upgrades you may do which will help to keep your computer secure. Old software is a minor cause of infection. It would be good to help resist infection completely.

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: [You must be registered and logged in to see this link.]

=================================================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  • Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • PC Tools Firewall Plus: free and excellent firewall.


AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by awood517 on Wed 06 Oct 2010, 1:28 pm

Awesome! Thanks so much, I really appreciate it. Great work!

awood517

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-09-09
Operating System : Windows XP

View user profile

Back to top Go down

Re: Antivirus 2010 and cant search

Post by DragonMaster Jay on Wed 06 Oct 2010, 7:31 pm

You're welcome.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus 2010 and cant search

Post by Sponsored content Today at 7:46 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum