Antivirus Pro 2010 Variant

View previous topic View next topic Go down

Antivirus Pro 2010 Variant

Post by JeffZ on Thu 14 Oct 2010, 11:49 am

Wife's laptop got the Antivirus Pro 2010 last week, tried Malwarebytes fix, stopped after 3 seconds, said I didn't have permission the next time I tried to run it. Tried SpyDoctor, same deal, tried manual removal, got rid of the Antivirus Pro 2010 .exe and a few of the Regester entries, but a lot of the keys don't even show up as well as the .dll's. This thing has locked me out of the internet and I have had to remove it from my network as the other systems seem to catch what ever this is. OTL won't run nor DDS,


Please help

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Thu 14 Oct 2010, 12:04 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

===================

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Thu 14 Oct 2010, 12:48 pm

Jay, Ran RKIL here is log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Jeff on 10/13/2010 at 18:33:01.


Services Stopped:


Processes terminated by Rkill or while it was running:


\\.\globalroot\Device\svchost.exe\svchost.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe


Rkill completed on 10/13/2010 at 18:33:08.

Ran Combofix, successful install of Recovery console, then while "Scanning for Infected Files", said Access Denied 7 times and froze waited 30 minutes to see if a log file came up, still waiting.

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Fri 15 Oct 2010, 2:49 pm

Please download DirQuery from here: [You must be registered and logged in to see this link.]

Please place this in the box:

\\.\globalroot\Device\svchost.exe


Post back any log that pops up.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Sat 16 Oct 2010, 3:51 am

Jay,

May not be much help:

Running from: C:\Documents and Settings\Jeff\Desktop\DirQuery.exe

Log file at : C:\Documents and Settings\Jeff\Desktop\DirQuery.txt

The driver that owns the link:

\\.\globalroot\Device\svchost.exe

is located at:

́́́́́́́́́́́́́́́́́́́Ȑ́́́́́́́̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂̂Ȑ̂̂̂̂̂̂̂̂Ġ̂Ԅ܆ईଊഌ༎ᄐጒᔔ᜖ᤘᬚᴜ἞℠⌢┤✦⤨⬪⴬⼮㄰㌲㔴㜶㤸㬺㴼㼾䅀䍂䕄䝆䥈䭊䵌低児卒啔坖奘孚嵜彞䅠䍂䕄䝆䥈䭊䵌低児卒啔坖奘筚Ⳏ粑ⴄ粑⵱粑⵸粑f

and the device link is:

Ề%Ȉ

Jeff

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Sat 16 Oct 2010, 3:52 am

Jay did get this as well from DDS:


DDS (Ver_10-10-05.01) - NTFSx86
Run by Jeff at 10:07:27.09 on Sun 10/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.223 [GMT -7:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\wuauclt.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100915074104.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AbacastDistributedOnDemand:11] c:\documents and settings\jeff\local settings\application data\abacastdistributedondemand\node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
uRun: [CyberDefender Registry Cleaner] c:\program files\cyberdefender\registry cleaner\CDregclean.exe
mRun: [smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: vlsp.dll
Trusted Zone: firstthings.com\gatewaypundit
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: yahoo.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {1BBB8666-9AF7-41D8-BA00-302E36F0C0DE} - [You must be registered and logged in to see this link.]
DPF: {1BBB8668-9AF7-41D8-BA00-302E36F0C0DE} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - [You must be registered and logged in to see this link.]
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - [You must be registered and logged in to see this link.]
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeff\applic~1\mozilla\firefox\profiles\vk941aj4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\jeff\application data\mozilla\firefox\profiles\vk941aj4.default\extensions\npnelaunch@sonicwall.com\plugins\npNELaunch.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-11-23 5632]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-9 386712]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-8 217032]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-30 84072]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2007-9-7 78032]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-10-8 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-9 88176]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-30 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-30 141792]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-7-14 326488]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-5-23 6016]
R3 cxru88e6;Virtual Bus for Microsoft ACPI-Compliant System;c:\windows\system32\drivers\cxru88e6.sys [2003-3-31 15360]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-9 152992]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-30 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-30 88544]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2007-9-7 23180]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2009-2-23 20504]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-30 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-30 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-30 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-30 171168]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-10-8 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-10-8 1142224]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-30 55840]
S3 DFBCFDBA;DFBCFDBA; [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-9 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-30 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-30 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-9 40552]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-6-11 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-6-11 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-3-3 23680]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [2008-7-11 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [2008-7-11 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [2008-7-11 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [2008-7-11 5888]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys --> c:\windows\system32\drivers\pwi_bus.sys [?]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys --> c:\windows\system32\drivers\pwi_mdfl.sys [?]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys --> c:\windows\system32\drivers\pwi_mdm.sys [?]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys --> c:\windows\system32\drivers\pwi_oflt.sys [?]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys --> c:\windows\system32\drivers\pwi_serd.sys [?]
S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [2006-11-30 106624]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [2006-11-30 52992]

=============== Created Last 30 ================

2010-10-08 17:26:23 -------- d-s---w- C:\ComboFix
2010-10-08 17:04:44 0 ----a-w- c:\documents and settings\jeff\defogger_reenable
2010-10-08 00:14:02 -------- d-----w- C:\cmdcons
2010-10-08 00:06:18 -------- d-----w- C:\sh4ldr
2010-10-08 00:06:18 -------- d-----w- c:\program files\Enigma Software Group
2010-10-08 00:05:54 -------- d-----w- c:\windows\CED3DF1E01D145ADBF3364AE5E8843B8.TMP
2010-10-07 22:37:59 98816 ----a-w- c:\windows\sed.exe
2010-10-07 22:37:59 77312 ----a-w- c:\windows\MBR.exe
2010-10-07 22:37:59 256512 ----a-w- c:\windows\PEV.exe
2010-10-07 22:37:59 161792 ----a-w- c:\windows\SWREG.exe
2010-10-07 22:17:27 -------- d-----w- c:\windows\McAfee.com
2010-10-07 01:43:36 53248 ----a-w- c:\windows\system32\6to4v32.dll
2010-10-06 00:32:25 -------- d-----w- c:\program files\iPod
2010-10-06 00:31:52 -------- d-----w- c:\program files\iTunes
2010-10-06 00:15:30 -------- d-----w- c:\program files\Bonjour
2010-09-22 16:56:09 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-09-22 16:56:09 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-24 21:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 21:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 21:57:38 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 21:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 21:57:38 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 21:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 21:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 21:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 21:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 21:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-10-09 18:15:35 14373 -c--a-w- c:\program files\common files\saki.vbs

============= FINISH: 10:09:16.75 ===============

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Sun 17 Oct 2010, 7:23 am

I am checking with the developer of DirQuery to make sure that was not a mis-read.

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Sun 17 Oct 2010, 9:49 am

Jay,
Ran Combofix again, still stalls after installing the recovery console,and I get Access Denied 7 times on the screen.

JZ

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Sun 17 Oct 2010, 10:57 am

What happens if you skip the console install?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Sun 17 Oct 2010, 3:25 pm

Same thing, also during safe mode, with or without networking. Is it time to reformat and reinstall XP?

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Mon 18 Oct 2010, 7:56 pm

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Tue 19 Oct 2010, 3:32 am

Jay,

Will have to wait till 6pm PST to try this will post asap if successful.

JZ

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Tue 19 Oct 2010, 9:26 am

ok


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Tue 19 Oct 2010, 12:03 pm

Jay,

Here is the Scan from Dr Web:

=============================================================================
Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2010-10-18, 17:32:00 [CLYDE][Jeff]
Command line: "C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\898e5_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 3
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\ff8fa183 - 1114 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\b41585b0 - 1 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\b8312109 - 10397 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\13bad1a7 - 11234 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\2ff17061 - 10356 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\0722dad7 - 11383 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\47de7228 - 8957 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\96d812ba - 11015 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\4ac8ed76 - 11168 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\4a471181 - 7798 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\179b01fe - 7873 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\13d0a95c - 6904 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\f65d10e8 - 6503 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\f77da061 - 9823 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\68d958a9 - 7572 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\fbf3bc41 - 6996 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\a81cbce3 - 16360 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\63847685 - 29168 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\a26bd878 - 34202 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\5e9c50d9 - 28292 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\be17b4f4 - 27164 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\5a09fb0b - 25131 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\cde99ed0 - 31464 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\1b65c553 - 18281 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\f93558c7 - 18009 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\22e89e22 - 24685 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\ab41f120 - 13651 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\175d1c89 - 16025 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\4772256f - 15644 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\e27e5398 - 23265 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\669d1658 - 23135 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\87de7f4d - 20510 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\c8c0aba2 - 25475 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\0bea456e - 16298 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\2b7a1cbb - 19357 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\e9a8b896 - 18381 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\6abae404 - 19562 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\79ec1256 - 27102 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\6fe26323 - 21223 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\d84ac67a - 24847 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\f635f30b - 23251 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\6c648b00 - 14982 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\fdf8d894 - 16817 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\b9f98130 - 18725 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\a9d13627 - 18429 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\4876ee61 - 6225 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\31a1895e - 142240 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\e71f2780 - 66726 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\837d0488 - 24512 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\3233eb7a - 82762 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\948bbaed - 508543 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\e45391c6 - 1373 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\f6138ffb - 1959 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\c9c6505a - 2033 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\22323317 - 1812 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E09AEB0C-A5F587B4-35D34DA4-54DA70B4\0b68ce2c - 1738 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Sett=============================================================================
Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2010-10-18, 17:38:07 [CLYDE][Jeff]
Command line: "C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\898e5_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 3
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\ff8fa183 - 1114 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\b41585b0 - 1 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\b8312109 - 10397 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\13bad1a7 - 11234 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\2ff17061 - 10356 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\0722dad7 - 11383 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\47de7228 - 8957 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\96d812ba - 11015 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\4ac8ed76 - 11168 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\4a471181 - 7798 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\179b01fe - 7873 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\13d0a95c - 6904 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\f65d10e8 - 6503 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\f77da061 - 9823 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\68d958a9 - 7572 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\fbf3bc41 - 6996 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\a81cbce3 - 16360 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\63847685 - 29168 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\a26bd878 - 34202 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\5e9c50d9 - 28292 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\be17b4f4 - 27164 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\5a09fb0b - 25131 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\cde99ed0 - 31464 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\1b65c553 - 18281 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\f93558c7 - 18009 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\22e89e22 - 24685 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\ab41f120 - 13651 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\175d1c89 - 16025 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\4772256f - 15644 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\e27e5398 - 23265 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\669d1658 - 23135 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\87de7f4d - 20510 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\c8c0aba2 - 25475 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\0bea456e - 16298 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\2b7a1cbb - 19357 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\e9a8b896 - 18381 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\6abae404 - 19562 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\79ec1256 - 27102 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\6fe26323 - 21223 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\d84ac67a - 24847 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\f635f30b - 23251 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\6c648b00 - 14982 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\fdf8d894 - 16817 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\b9f98130 - 18725 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\a9d13627 - 18429 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\4876ee61 - 6225 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\31a1895e - 142240 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\e71f2780 - 66726 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\837d0488 - 24512 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\3233eb7a - 82762 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\948bbaed - 508543 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\e45391c6 - 1373 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\f6138ffb - 1959 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\c9c6505a - 2033 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\22323317 - 1812 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\0b68ce2c - 1738 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\f1b3c32b - 1885 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\25e28cf0 - 2091 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\2624469c - 1569 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\5a3f9353 - 1834 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\9bf8df96 - 15 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\95309b1c - 1833 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\7d5ea741 - 1614 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\1e179f67 - 2297 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\0900a77c - 2110 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\b032b71c - 2007 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\aba40c3a - 2370 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\ba105c97 - 2241 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\15a378fd - 2596 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\681504f5 - 2024 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\bbf32397 - 1609 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\1b48c984 - 1471 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\bc12ce4f - 1445 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\c91659a7 - 1895 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\8c0e6001 - 2312 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\bc4737bf - 3006 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\525960b8 - 2146 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\3e358e84 - 1714 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\13cd5db7 - 2095 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\209f2cf9 - 2715 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\337b8300 - 2545 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\3ab861b6 - 2801 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\4ab9353b - 6197 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\4c5050f3 - 28348 virus records
Total virus records: 1685237
[Self-checking] C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\898e5_xp.exe
Key file: C:\Documents and Settings\Jeff\Local Settings\Temp\E457DC00-A8A98400-707ED000-B9EB1800\setup.key
License key number: 0012913379
Registered to: An unauthorized User
License key activates on: 2010-09-17
License key expires on: 2011-03-20
=============================================================================
Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2010-10-18, 17:41:19 [CLYDE][Jeff]
Command line: "C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\898e5_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 3
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\ff8fa183 - 1114 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\b41585b0 - 1 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\b8312109 - 10397 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\13bad1a7 - 11234 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\2ff17061 - 10356 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\0722dad7 - 11383 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\47de7228 - 8957 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\96d812ba - 11015 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\4ac8ed76 - 11168 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\4a471181 - 7798 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\179b01fe - 7873 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\13d0a95c - 6904 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\f65d10e8 - 6503 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\f77da061 - 9823 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\68d958a9 - 7572 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\fbf3bc41 - 6996 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\a81cbce3 - 16360 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\63847685 - 29168 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\a26bd878 - 34202 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\5e9c50d9 - 28292 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\be17b4f4 - 27164 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\5a09fb0b - 25131 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\cde99ed0 - 31464 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\1b65c553 - 18281 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\f93558c7 - 18009 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\22e89e22 - 24685 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\ab41f120 - 13651 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\175d1c89 - 16025 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\4772256f - 15644 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\e27e5398 - 23265 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\669d1658 - 23135 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\87de7f4d - 20510 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\c8c0aba2 - 25475 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\0bea456e - 16298 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\2b7a1cbb - 19357 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\e9a8b896 - 18381 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\6abae404 - 19562 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\79ec1256 - 27102 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\6fe26323 - 21223 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\d84ac67a - 24847 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\f635f30b - 23251 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\6c648b00 - 14982 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\fdf8d894 - 16817 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\b9f98130 - 18725 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\a9d13627 - 18429 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\4876ee61 - 6225 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\31a1895e - 142240 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\e71f2780 - 66726 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\837d0488 - 24512 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\3233eb7a - 82762 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\948bbaed - 508543 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\e45391c6 - 1373 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\f6138ffb - 1959 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\c9c6505a - 2033 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\22323317 - 1812 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\0b68ce2c - 1738 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\f1b3c32b - 1885 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\25e28cf0 - 2091 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\2624469c - 1569 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\5a3f9353 - 1834 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\9bf8df96 - 15 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\95309b1c - 1833 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\7d5ea741 - 1614 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\1e179f67 - 2297 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\0900a77c - 2110 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\b032b71c - 2007 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\aba40c3a - 2370 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\ba105c97 - 2241 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\15a378fd - 2596 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\681504f5 - 2024 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\bbf32397 - 1609 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\1b48c984 - 1471 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\bc12ce4f - 1445 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\c91659a7 - 1895 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\8c0e6001 - 2312 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\bc4737bf - 3006 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\525960b8 - 2146 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\3e358e84 - 1714 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\13cd5db7 - 2095 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\209f2cf9 - 2715 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\337b8300 - 2545 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\3ab861b6 - 2801 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\4ab9353b - 6197 virus records
[Virus database] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\4c5050f3 - 28348 virus records
Total virus records: 1685237
[Self-checking] C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\898e5_xp.exe
Key file: C:\Documents and Settings\Jeff\Local Settings\Temp\FD03DABA-70AEE03E-A7C3EF84-4447C9D0\setup.key
License key number: 0012913379
Registered to: An unauthorized User
License key activates on: 2010-09-17
License key expires on: 2011-03-20


Note:

The scan proceeded and went into a reboot, when it came back I looked for the Quarrentine file but found none. Does this mean they were deleted?

JZ

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Tue 19 Oct 2010, 4:12 pm

Probably.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Wed 20 Oct 2010, 11:37 pm

Jay,

Have run this three times, some where around an hour or so it to the scan it terminates and does not report anything, I watched it twice trying to catch the directory or the file but it is too fast. Will try again tonight.

JZ

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Thu 21 Oct 2010, 8:45 am

ok


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Thu 21 Oct 2010, 2:03 pm

Tried again tonight, got to about 50% and shutdown. But this time I saved part of the report::

utoscan: malfunction (events: 1, objects: 1, time: Unknown)
10/19/2010 5:23:37 PM Task started
Autoscan: running (events: 15, objects: 164499, time: 00:19:21)
10/20/2010 5:35:52 PM Task started
10/20/2010 6:23:35 PM Task stopped
10/20/2010 6:29:17 PM Task started
10/20/2010 6:29:57 PM Task stopped
10/20/2010 6:35:07 PM Task started
10/20/2010 6:47:29 PM Task stopped
10/20/2010 6:48:53 PM Task started
10/20/2010 6:53:44 PM Task stopped
10/20/2010 6:54:46 PM Task started
10/20/2010 7:24:00 PM Task stopped
10/20/2010 7:24:58 PM Task started
10/20/2010 7:28:57 PM Detected: Backdoor.Win32.Agent.bakw C:\WINDOWS\System32\6to4v32.dll
10/20/2010 7:28:57 PM Untreated: Backdoor.Win32.Agent.bakw C:\WINDOWS\System32\6to4v32.dll Postponed
10/20/2010 7:30:44 PM Detected: Rootkit.Win32.Agent.bjpu C:\WINDOWS\System32\drivers\cxru88e6.sys
10/20/2010 7:30:44 PM Untreated: Rootkit.Win32.Agent.bjpu C:\WINDOWS\System32\drivers\cxru88e6.sys Postponed
Maybe this will help


JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Fri 22 Oct 2010, 2:27 pm

Would you like to try a rescue disc?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Sat 23 Oct 2010, 9:47 am

Jay,

At this point I am game for anything.

JZ

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Sat 23 Oct 2010, 11:31 am

  • Kaspersky RescueDisk
    If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by JeffZ on Tue 26 Oct 2010, 5:24 am

Jay,

Thnks for your help, I have decided to reformt the drive and start over again. The data has been saved and scaned if I have any more problems I will start a new thread.

Thnks again,

JZ

JeffZ

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2010-10-13
Operating System : XP Pro

View user profile

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by DragonMaster Jay on Tue 26 Oct 2010, 7:36 am

ok


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Antivirus Pro 2010 Variant

Post by Sponsored content Today at 1:10 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum