Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page Virus Issues
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
LinkBack Thread Tools
Old 10-14-2009, 02:22 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP


Virus Issues
Oops, didn't save the gmer file as a txt... Going to do that now...

Files included per posting instructions.

I have an HP Pavilion ZE4900 Laptop. It wouldn’t boot when I first got it and after a lot of effort I got XP Home Edition repaired and eventually updated to SP2. SP3 will not install as it stops part way through with an error message that it can’t copy either the file xptht26p.htm or sconnect.htm.

I finally got anti-virus software running on it and it was loaded with worms, Trojans, and backdoors. It seems to clean up with the virus cleaners until I connect to the internet and then the viruses start showing up again. Some of the virus files that start to show up are sv2.exe, sv3.exe (etc), svchust.exe, BtwSrv.dll (and exe), isasdk.sys, and spoolsrv.exe. Suspecting a Rootkit, I tried to run Rootkit Buster from TrendMicro but it won’t run saying that it failed the integrity check and needs to be downloaded again. I can run the same file on my desktop without the error.

DDS File:


DDS (Ver_09-10-13.01) - NTFSx86 MINIMAL
Run by Administrator at 11:55:58.08 on Wed 10/14/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.990.809 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\Explorer.EXE
E:\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.shortcut365.com/
uInternet Connection Wizard,ShellNext = https://signup.live.com/signup.aspx?...ollrs=12&lic=1
uInternet Settings,ProxyOverride = *.local
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226714866264
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\wikufalu.dll,hezubuti.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = tikiyabu.dll scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\bnjpsy8f.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-11-22 113896]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-11-30 16194]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\drivers\wpn511.sys [2008-12-10 488992]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys --> c:\windows\system32\drivers\pcx500.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

=============== Created Last 30 ================

2009-10-13 17:42 308,180 a------- c:\windows\sv2.exe
2009-10-13 17:11 2 a--shrot c:\windows\winstart.bat
2009-10-13 17:10 <DIR> --d----- c:\program files\UnHackMe
2009-10-13 17:08 <DIR> --d----- C:\Drivers
2009-10-13 17:06 <DIR> --d----- C:\Virus Fighting Tools
2009-10-13 15:58 218,112 a------- c:\windows\system32\dllcache\c_g18030.dll
2009-10-13 15:46 19,569 a------- c:\windows\003737_.tmp
2009-10-13 13:50 156 a------- c:\windows\system32\SystemUpdate.ini
2009-10-13 13:39 51,224 ac------ c:\windows\system32\dllcache\wuauclt.exe
2009-10-12 23:02 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-12 23:02 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 23:02 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-12 23:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-12 22:05 1,032 a------- c:\windows\system32\7179834.exe
2009-10-12 22:05 0 a------- c:\windows\SC.INS
2009-10-06 19:15 19,569 a------- c:\windows\006258_.tmp
2009-10-06 19:07 382,464 -------- c:\windows\system32\_004089_.tmp.dll
2009-10-06 19:02 329,216 a------- C:\xss.exe
2009-10-06 17:24 <DIR> --d----- c:\windows\system32\wbem\Repository.001
2009-10-06 17:23 380,416 a------- c:\windows\system32\irprops.cpl
2009-10-06 16:33 19,528 a------- c:\windows\002587_.tmp
2009-10-06 12:17 <DIR> --d----- c:\program files\CCleaner
2009-10-06 12:14 3,309,072 a------- C:\ccsetup224.exe
2009-10-06 11:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-10-06 09:27 1,897,408 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-10-06 09:26 472,064 a------- c:\windows\system32\wbem\fastprox.dll
2009-10-06 09:25 581,120 a------- c:\windows\system32\rpcrt4.dll
2009-10-06 00:11 472,064 a------- c:\windows\system32\wbem\SET6F5.tmp
2009-10-06 00:11 247,808 a------- c:\windows\system32\wbem\SET6F7.tmp
2009-10-06 00:11 123,904 a------- c:\windows\system32\wbem\SET6F1.tmp
2009-10-06 00:11 16,384 a------- c:\windows\system32\wbem\SET6F2.tmp
2009-10-06 00:11 178,176 a------- c:\windows\system32\wbem\SET6ED.tmp
2009-10-06 00:11 47,104 a------- c:\windows\system32\wbem\SET6F0.tmp
2009-10-06 00:11 214,528 a------- c:\windows\system32\wbem\SET6E5.tmp
2009-10-06 00:11 531,456 a------- c:\windows\system32\wbem\SET6E3.tmp
2009-10-06 00:11 273,920 a------- c:\windows\system32\wbem\SET6E1.tmp
2009-10-06 00:11 43,520 a------- c:\windows\system32\wbem\SET6DE.tmp
2009-10-06 00:10 437,248 a------- c:\windows\system32\wbem\SET6CD.tmp
2009-10-06 00:10 144,896 a------- c:\windows\system32\wbem\SET6CE.tmp
2009-10-06 00:10 218,112 a------- c:\windows\system32\wbem\SET6CC.tmp
2009-10-06 00:10 144,896 a------- c:\windows\system32\wbem\SET6CA.tmp
2009-10-06 00:10 95,232 a------- c:\windows\system32\wbem\SET6C9.tmp
2009-10-05 23:44 6,656 a------- c:\windows\system32\wuauserv.dll
2009-10-05 23:42 25,088 a------- c:\windows\system32\shfolder.dll
2009-10-05 23:30 213,528 ac------ c:\windows\system32\dllcache\wuaucpl.cpl
2009-10-05 23:30 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-10-05 23:26 159,744 a------- c:\windows\system32\igfxres.dll
2009-10-05 23:25 13,668 a------- c:\windows\system32\wpa.bak
2009-10-05 23:20 130,048 a------- c:\windows\system32\ksproxy.ax
2009-10-05 23:20 4,096 a------- c:\windows\system32\ksuser.dll
2009-10-05 23:19 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-10-05 23:19 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-10-05 23:19 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-10-05 23:19 21,896 ac------ c:\windows\system32\dllcache\tdipx.sys
2009-10-05 23:19 19,464 ac------ c:\windows\system32\dllcache\tdspx.sys
2009-10-05 23:19 13,192 ac------ c:\windows\system32\dllcache\tdasync.sys
2009-10-05 23:17 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-10-05 23:17 92,032 ac------ c:\windows\system32\dllcache\mga.dll
2009-10-05 23:17 65,536 ac------ c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-10-05 23:17 18,432 ac------ c:\windows\system32\dllcache\jupiw.dll
2009-10-05 23:17 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll
2009-10-05 23:17 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-10-05 23:17 111,104 ac------ c:\windows\system32\dllcache\fxscfgwz.dll
2009-10-05 23:17 43,520 ac------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-10-05 23:17 57,856 ac------ c:\windows\system32\dllcache\esuimgd.dll
2009-10-05 23:17 45,056 ac------ c:\windows\system32\dllcache\esunid.dll
2009-10-05 23:17 31,744 ac------ c:\windows\system32\dllcache\esucmd.dll
2009-10-05 23:17 25,856 ac------ c:\windows\system32\dllcache\et4000.sys
2009-10-05 23:16 54,528 ac------ c:\windows\system32\dllcache\cap7146.sys
2009-10-05 23:16 312,832 ac------ c:\windows\system32\dllcache\EXCH_aqueue.dll
2009-10-05 23:16 45,056 ac------ c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-10-05 23:16 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-10-05 23:16 2,134,528 ac------ c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-10-05 23:16 175,104 ac------ c:\windows\system32\dllcache\EXCH_smtpadm.dll
2009-10-05 23:14 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-10-05 23:13 35,840 a------- c:\windows\system32\upnpcont.exe
2009-10-05 23:13 61,440 ac------ c:\windows\system32\dllcache\icwres.dll
2009-10-05 23:13 40,960 ac------ c:\windows\system32\dllcache\trialoc.dll
2009-10-05 23:13 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-10-05 23:13 221,696 -------- c:\windows\system32\_004835_.tmp.dll
2009-10-05 23:13 31,232 a------- c:\windows\system32\mstinit.exe
2009-10-05 22:58 34 a------- c:\windows\system\oeminfo.ini
2009-10-05 22:57 482,304 a------- c:\windows\system32\pintlgnt.ime
2009-10-05 22:45 107,776 a------- c:\windows\system32\drivers\ac97ich4.sys
2009-10-05 22:45 <DIR> --d----- c:\windows\setup.pss
2009-10-05 21:08 51,724 a------- C:\xptht26p.htm
2009-10-05 20:42 472,064 a------- c:\windows\system32\wbem\SET64E.tmp
2009-10-05 20:42 247,808 a------- c:\windows\system32\wbem\SET650.tmp
2009-10-05 20:42 178,176 a------- c:\windows\system32\wbem\SET646.tmp
2009-10-05 20:42 123,904 a------- c:\windows\system32\wbem\SET64A.tmp
2009-10-05 20:42 47,104 a------- c:\windows\system32\wbem\SET649.tmp
2009-10-05 20:42 16,384 a------- c:\windows\system32\wbem\SET64B.tmp
2009-10-05 20:42 214,528 a------- c:\windows\system32\wbem\SET63E.tmp
2009-10-05 20:42 531,456 a------- c:\windows\system32\wbem\SET63C.tmp
2009-10-05 20:42 273,920 a------- c:\windows\system32\wbem\SET63A.tmp
2009-10-05 20:42 43,520 a------- c:\windows\system32\wbem\SET637.tmp
2009-10-05 20:41 437,248 a------- c:\windows\system32\wbem\SET626.tmp
2009-10-05 20:41 144,896 a------- c:\windows\system32\wbem\SET627.tmp
2009-10-05 20:41 218,112 a------- c:\windows\system32\wbem\SET625.tmp
2009-10-05 20:41 144,896 a------- c:\windows\system32\wbem\SET623.tmp
2009-10-05 20:41 95,232 a------- c:\windows\system32\wbem\SET622.tmp
2009-10-05 20:08 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-10-05 20:05 165 a------- C:\update.cmd
2009-10-05 17:29 <DIR> --d----- C:\Service Packs
2009-10-05 14:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-05 14:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-05 12:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 12:01 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 11:57 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-05 10:57 221,696 -------- c:\windows\system32\_004788_.tmp.dll
2009-10-05 08:27 <DIR> --d----- c:\program files\common files\DivX Shared
2009-10-05 08:23 49,152 a------- c:\windows\ciaunwdm.exe
2009-10-05 07:43 <DIR> --d----- c:\documents and settings\Administrator
2009-10-04 23:17 25,065 a------- c:\windows\system32\wmpscheme.xml
2009-10-04 23:17 299,552 a------- c:\windows\WMSysPrx.prx
2009-10-04 21:16 45,568 a------- c:\windows\system32\safrslv.dll
2009-10-04 21:16 43,520 a------- c:\windows\system32\safrcdlg.dll
2009-10-04 21:16 29,696 a------- c:\windows\system32\safrdm.dll
2009-10-04 21:16 43,520 a------- c:\windows\system32\racpldlg.dll
2009-10-04 21:16 32,768 a------- c:\windows\system32\isrdbg32.dll
2009-10-04 21:13 68,608 a------- c:\windows\system32\access.cpl
2009-10-04 21:13 345,088 a------- c:\windows\system32\hypertrm.dll
2009-10-04 21:13 161,280 a------- c:\windows\system32\msdtcuiu.dll
2009-10-04 21:13 82,432 a------- c:\windows\system32\comrepl.dll
2009-10-04 21:13 25,600 a------- c:\windows\system32\comaddin.dll
2009-10-04 21:13 25,088 a------- c:\windows\system32\mtxlegih.dll
2009-10-04 21:13 20,480 a------- c:\windows\system32\mtxdm.dll
2009-10-04 21:13 4,096 a------- c:\windows\system32\mtxex.dll
2009-10-04 21:13 110,080 a------- c:\windows\system32\clbcatex.dll
2009-10-04 21:13 85,504 a------- c:\windows\system32\catsrvps.dll
2009-10-04 21:13 54,272 a------- c:\windows\system32\stclient.dll
2009-10-04 21:13 540,160 a------- c:\windows\system32\comuid.dll
2009-10-04 21:13 147,456 a------- c:\windows\system32\comsnap.dll
2009-10-04 21:00 146,432 a------- c:\windows\system\winspool.drv
2009-10-04 21:00 74,752 a------- c:\windows\system32\storprop.dll
2009-10-04 21:00 390,168 ac------ c:\windows\system32\dllcache\WFC.CAT
2009-10-04 21:00 21,281 ac------ c:\windows\system32\dllcache\XMLDSOC.CAT

==================== Find3M ====================

2009-10-12 22:21 4 ----h--- c:\windows\fonts\mlog
2009-10-12 22:05 359,040 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-12 22:05 359,040 a------- c:\windows\system32\drivers\tcpip.sys
2009-10-12 22:05 359,040 a------- c:\windows\system32\dllcache\tcpip.sys
2009-10-05 23:13 23,356 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 11:56:15.60 ===============
Last edited by LFDavidson; 10-14-2009 at 02:27 PM. Reason: Had to remove attachment to replace gmer file
LFDavidson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-14-2009, 03:38 PM   #2 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP


Re: Virus Issues -- Corrected Files
Here are the new files. Sorry about the problems.


DDS (Ver_09-10-13.01) - NTFSx86 MINIMAL
Run by Administrator at 13:34:57.32 on Wed 10/14/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.990.818 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
E:\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.shortcut365.com/
uInternet Connection Wizard,ShellNext = https://signup.live.com/signup.aspx?...ollrs=12&lic=1
uInternet Settings,ProxyOverride = *.local
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226714866264
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\wikufalu.dll,hezubuti.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = tikiyabu.dll scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\bnjpsy8f.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-11-22 113896]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-11-12 26488]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-11-30 16194]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\drivers\wpn511.sys [2008-12-10 488992]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys --> c:\windows\system32\drivers\pcx500.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

=============== Created Last 30 ================

2009-10-13 17:42 308,180 a------- c:\windows\sv2.exe
2009-10-13 17:11 2 a--shrot c:\windows\winstart.bat
2009-10-13 17:10 <DIR> --d----- c:\program files\UnHackMe
2009-10-13 17:08 <DIR> --d----- C:\Drivers
2009-10-13 17:06 <DIR> --d----- C:\Virus Fighting Tools
2009-10-13 15:58 218,112 a------- c:\windows\system32\dllcache\c_g18030.dll
2009-10-13 15:46 19,569 a------- c:\windows\003737_.tmp
2009-10-13 15:14 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-10-13 15:14 234,496 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-10-13 13:50 156 a------- c:\windows\system32\SystemUpdate.ini
2009-10-13 13:39 51,224 ac------ c:\windows\system32\dllcache\wuauclt.exe
2009-10-12 23:02 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-12 23:02 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 23:02 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-12 23:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-12 22:05 1,032 a------- c:\windows\system32\7179834.exe
2009-10-12 22:05 0 a------- c:\windows\SC.INS
2009-10-06 19:15 19,569 a------- c:\windows\006258_.tmp
2009-10-06 19:07 382,464 -------- c:\windows\system32\_004089_.tmp.dll
2009-10-06 19:02 329,216 a------- C:\xss.exe
2009-10-06 17:24 <DIR> --d----- c:\windows\system32\wbem\Repository.001
2009-10-06 17:23 380,416 a------- c:\windows\system32\irprops.cpl
2009-10-06 16:33 19,528 a------- c:\windows\002587_.tmp
2009-10-06 12:17 <DIR> --d----- c:\program files\CCleaner
2009-10-06 12:14 3,309,072 a------- C:\ccsetup224.exe
2009-10-06 11:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-10-06 09:27 1,897,408 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-10-06 09:26 473,088 a------- c:\windows\system32\wbem\fastprox.dll
2009-10-06 09:25 581,120 a------- c:\windows\system32\rpcrt4.dll
2009-10-06 00:11 472,064 a------- c:\windows\system32\wbem\SET6F5.tmp
2009-10-06 00:11 247,808 a------- c:\windows\system32\wbem\SET6F7.tmp
2009-10-06 00:11 123,904 a------- c:\windows\system32\wbem\SET6F1.tmp
2009-10-06 00:11 16,384 a------- c:\windows\system32\wbem\SET6F2.tmp
2009-10-06 00:11 178,176 a------- c:\windows\system32\wbem\SET6ED.tmp
2009-10-06 00:11 47,104 a------- c:\windows\system32\wbem\SET6F0.tmp
2009-10-06 00:11 214,528 a------- c:\windows\system32\wbem\SET6E5.tmp
2009-10-06 00:11 531,456 a------- c:\windows\system32\wbem\SET6E3.tmp
2009-10-06 00:11 273,920 a------- c:\windows\system32\wbem\SET6E1.tmp
2009-10-06 00:11 43,520 a------- c:\windows\system32\wbem\SET6DE.tmp
2009-10-06 00:10 437,248 a------- c:\windows\system32\wbem\SET6CD.tmp
2009-10-06 00:10 144,896 a------- c:\windows\system32\wbem\SET6CE.tmp
2009-10-06 00:10 218,112 a------- c:\windows\system32\wbem\SET6CC.tmp
2009-10-06 00:10 144,896 a------- c:\windows\system32\wbem\SET6CA.tmp
2009-10-06 00:10 95,232 a------- c:\windows\system32\wbem\SET6C9.tmp
2009-10-05 23:44 6,656 a------- c:\windows\system32\wuauserv.dll
2009-10-05 23:42 25,088 a------- c:\windows\system32\shfolder.dll
2009-10-05 23:30 213,528 ac------ c:\windows\system32\dllcache\wuaucpl.cpl
2009-10-05 23:30 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-10-05 23:26 159,744 a------- c:\windows\system32\igfxres.dll
2009-10-05 23:25 13,668 a------- c:\windows\system32\wpa.bak
2009-10-05 23:20 130,048 a------- c:\windows\system32\ksproxy.ax
2009-10-05 23:20 4,096 a------- c:\windows\system32\ksuser.dll
2009-10-05 23:19 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-10-05 23:19 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-10-05 23:19 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-10-05 23:19 21,896 ac------ c:\windows\system32\dllcache\tdipx.sys
2009-10-05 23:19 19,464 ac------ c:\windows\system32\dllcache\tdspx.sys
2009-10-05 23:19 13,192 ac------ c:\windows\system32\dllcache\tdasync.sys
2009-10-05 23:17 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-10-05 23:17 92,032 ac------ c:\windows\system32\dllcache\mga.dll
2009-10-05 23:17 65,536 ac------ c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-10-05 23:17 18,432 ac------ c:\windows\system32\dllcache\jupiw.dll
2009-10-05 23:17 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll
2009-10-05 23:17 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-10-05 23:17 111,104 ac------ c:\windows\system32\dllcache\fxscfgwz.dll
2009-10-05 23:17 43,520 ac------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-10-05 23:17 57,856 ac------ c:\windows\system32\dllcache\esuimgd.dll
2009-10-05 23:17 45,056 ac------ c:\windows\system32\dllcache\esunid.dll
2009-10-05 23:17 31,744 ac------ c:\windows\system32\dllcache\esucmd.dll
2009-10-05 23:17 25,856 ac------ c:\windows\system32\dllcache\et4000.sys
2009-10-05 23:16 54,528 ac------ c:\windows\system32\dllcache\cap7146.sys
2009-10-05 23:16 312,832 ac------ c:\windows\system32\dllcache\EXCH_aqueue.dll
2009-10-05 23:16 45,056 ac------ c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-10-05 23:16 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-10-05 23:16 2,134,528 ac------ c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-10-05 23:16 175,104 ac------ c:\windows\system32\dllcache\EXCH_smtpadm.dll
2009-10-05 23:14 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-10-05 23:13 35,840 a------- c:\windows\system32\upnpcont.exe
2009-10-05 23:13 61,440 ac------ c:\windows\system32\dllcache\icwres.dll
2009-10-05 23:13 40,960 ac------ c:\windows\system32\dllcache\trialoc.dll
2009-10-05 23:13 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-10-05 23:13 221,696 -------- c:\windows\system32\_004835_.tmp.dll
2009-10-05 23:13 31,232 a------- c:\windows\system32\mstinit.exe
2009-10-05 22:58 34 a------- c:\windows\system\oeminfo.ini
2009-10-05 22:57 482,304 a------- c:\windows\system32\pintlgnt.ime
2009-10-05 22:45 107,776 a------- c:\windows\system32\drivers\ac97ich4.sys
2009-10-05 22:45 <DIR> --d----- c:\windows\setup.pss
2009-10-05 21:08 51,724 a------- C:\xptht26p.htm
2009-10-05 20:42 472,064 a------- c:\windows\system32\wbem\SET64E.tmp
2009-10-05 20:42 247,808 a------- c:\windows\system32\wbem\SET650.tmp
2009-10-05 20:42 178,176 a------- c:\windows\system32\wbem\SET646.tmp
2009-10-05 20:42 123,904 a------- c:\windows\system32\wbem\SET64A.tmp
2009-10-05 20:42 47,104 a------- c:\windows\system32\wbem\SET649.tmp
2009-10-05 20:42 16,384 a------- c:\windows\system32\wbem\SET64B.tmp
2009-10-05 20:42 214,528 a------- c:\windows\system32\wbem\SET63E.tmp
2009-10-05 20:42 531,456 a------- c:\windows\system32\wbem\SET63C.tmp
2009-10-05 20:42 273,920 a------- c:\windows\system32\wbem\SET63A.tmp
2009-10-05 20:42 43,520 a------- c:\windows\system32\wbem\SET637.tmp
2009-10-05 20:41 437,248 a------- c:\windows\system32\wbem\SET626.tmp
2009-10-05 20:41 144,896 a------- c:\windows\system32\wbem\SET627.tmp
2009-10-05 20:41 218,112 a------- c:\windows\system32\wbem\SET625.tmp
2009-10-05 20:41 144,896 a------- c:\windows\system32\wbem\SET623.tmp
2009-10-05 20:41 95,232 a------- c:\windows\system32\wbem\SET622.tmp
2009-10-05 20:08 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-10-05 20:05 165 a------- C:\update.cmd
2009-10-05 17:29 <DIR> --d----- C:\Service Packs
2009-10-05 14:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-05 14:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-05 12:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 12:01 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 11:57 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-05 10:57 221,696 -------- c:\windows\system32\_004788_.tmp.dll
2009-10-05 08:27 <DIR> --d----- c:\program files\common files\DivX Shared
2009-10-05 08:23 49,152 a------- c:\windows\ciaunwdm.exe
2009-10-05 07:43 <DIR> --d----- c:\documents and settings\Administrator
2009-10-04 23:17 25,065 a------- c:\windows\system32\wmpscheme.xml
2009-10-04 23:17 299,552 a------- c:\windows\WMSysPrx.prx
2009-10-04 21:16 45,568 a------- c:\windows\system32\safrslv.dll
2009-10-04 21:16 43,520 a------- c:\windows\system32\safrcdlg.dll
2009-10-04 21:16 29,696 a------- c:\windows\system32\safrdm.dll
2009-10-04 21:16 43,520 a------- c:\windows\system32\racpldlg.dll
2009-10-04 21:16 32,768 a------- c:\windows\system32\isrdbg32.dll
2009-10-04 21:13 68,608 a------- c:\windows\system32\access.cpl
2009-10-04 21:13 345,088 a------- c:\windows\system32\hypertrm.dll
2009-10-04 21:13 161,280 a------- c:\windows\system32\msdtcuiu.dll
2009-10-04 21:13 82,432 a------- c:\windows\system32\comrepl.dll
2009-10-04 21:13 25,600 a------- c:\windows\system32\comaddin.dll
2009-10-04 21:13 25,088 a------- c:\windows\system32\mtxlegih.dll
2009-10-04 21:13 20,480 a------- c:\windows\system32\mtxdm.dll
2009-10-04 21:13 4,096 a------- c:\windows\system32\mtxex.dll
2009-10-04 21:13 110,080 a------- c:\windows\system32\clbcatex.dll
2009-10-04 21:13 85,504 a------- c:\windows\system32\catsrvps.dll
2009-10-04 21:13 54,272 a------- c:\windows\system32\stclient.dll
2009-10-04 21:13 540,160 a------- c:\windows\system32\comuid.dll
2009-10-04 21:13 147,456 a------- c:\windows\system32\comsnap.dll
2009-10-04 21:00 146,432 a------- c:\windows\system\winspool.drv
2009-10-04 21:00 74,752 a------- c:\windows\system32\storprop.dll
2009-10-04 21:00 390,168 ac------ c:\windows\system32\dllcache\WFC.CAT
2009-10-04 21:00 21,281 ac------ c:\windows\system32\dllcache\XMLDSOC.CAT

==================== Find3M ====================

2009-10-12 22:21 4 ----h--- c:\windows\fonts\mlog
2009-10-12 22:05 359,040 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-12 22:05 359,040 a------- c:\windows\system32\drivers\tcpip.sys
2009-10-12 22:05 359,040 a------- c:\windows\system32\dllcache\tcpip.sys
2009-10-05 23:13 23,356 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 13:35:19.05 ===============
Attached Files
File Type: zip Attach and Ark.zip (4.3 KB, 2 views)
LFDavidson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-20-2009, 09:53 AM   #3 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP


Re: Virus Issues
Bump... Can anybody help with this?? Thanks....
LFDavidson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-22-2009, 09:59 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,993
OS: WinXP and Vista


Re: Virus Issues
Hello LFDavidson, and than you for your patience.

You are correct that this system is laden with some nasties. I'd like to see a more current state of the system before we begin. Please run a new scan with dds.scr. I only need to see the log.txt it produces.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-23-2009, 07:42 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 7
OS: XP


Re: Virus Issues
Since I last posted, I ran DrWeb Cureit which fixed a lot of problems. I was then able to update to WinXP SP3. After that I ran another round of Super Antispyware, Malwarebytes and Cureit.. Malwarebytes found a couple of things and so did Cureit which they both cleaned.. I tried to run Windows Update again and it failed on about 6 or 7 security updates...

The virus cleaned was Virut.. Now the all report clean but I did notice a suspicious file on C: called xss.exe... I deleted that and ran DDS.scr.. Here is the file:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Gary at 18:26:05.19 on Fri 10/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.577 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Virus Fighting Tools\ds_2299.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226714866264
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\wikufalu.dll,hezubuti.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = tikiyabu.dll scecli

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-11-22 113896]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-11-30 16194]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\drivers\wpn511.sys [2008-12-10 488992]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys --> c:\windows\system32\drivers\pcx500.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

=============== Created Last 30 ================

2009-10-22 23:20 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-10-22 23:20 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-10-22 23:20 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-10-22 23:20 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-10-22 23:20 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-10-22 23:20 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-10-22 23:20 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-10-22 23:20 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-22 23:20 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-10-22 19:35 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-10-22 19:35 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-10-22 19:35 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-10-22 19:34 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-10-22 19:21 <DIR> --d----- c:\windows\system32\XPSViewer
2009-10-22 19:20 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-10-22 19:20 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-22 19:20 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-22 19:20 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-22 19:20 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-10-22 19:20 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-10-22 19:20 117,760 -------- c:\windows\system32\prntvpt.dll
2009-10-22 19:20 <DIR> --d----- C:\0c2cafcbd44da5fe80f801dad7
2009-10-22 18:34 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-10-22 18:34 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-10-22 18:32 19,569 a------- c:\windows\003724_.tmp
2009-10-22 18:04 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-10-22 18:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-10-22 18:01 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-10-22 18:01 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-10-22 18:01 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-10-22 18:00 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-10-22 15:09 <DIR> --d----- c:\documents and settings\gary\DoctorWeb
2009-10-13 17:42 130,560 a------- c:\windows\sv2.exe
2009-10-13 17:11 2 a--shrot c:\windows\winstart.bat
2009-10-13 17:10 <DIR> --d----- c:\program files\UnHackMe
2009-10-13 17:08 <DIR> --d----- C:\Drivers
2009-10-13 17:06 <DIR> --d----- C:\Virus Fighting Tools
2009-10-13 15:46 19,569 a------- c:\windows\003737_.tmp
2009-10-13 15:14 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-10-13 15:14 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-10-13 13:50 156 a------- c:\windows\system32\SystemUpdate.ini
2009-10-13 13:39 51,224 ac------ c:\windows\system32\dllcache\wuauclt.exe
2009-10-13 13:35 <DIR> --d----- c:\docume~1\gary\applic~1\SUPERAntiSpyware.com
2009-10-12 23:57 <DIR> --d----- c:\docume~1\gary\applic~1\Malwarebytes
2009-10-12 23:02 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 23:02 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-12 23:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-12 22:05 1,032 a------- c:\windows\system32\7179834.exe
2009-10-12 22:05 0 a------- c:\windows\SC.INS
2009-10-06 19:15 19,569 a------- c:\windows\006258_.tmp
2009-10-06 19:07 382,464 -------- c:\windows\system32\_004089_.tmp.dll
2009-10-06 18:44 <DIR> --d----- c:\documents and settings\Gary
2009-10-06 17:24 <DIR> --d----- c:\windows\system32\wbem\Repository.001
2009-10-06 17:23 380,416 a------- c:\windows\system32\irprops.cpl
2009-10-06 16:33 19,528 a------- c:\windows\002587_.tmp
2009-10-06 12:17 <DIR> --d----- c:\program files\CCleaner
2009-10-06 12:14 3,309,072 a------- C:\ccsetup224.exe
2009-10-06 09:27 1,897,408 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-10-06 09:26 473,600 a------- c:\windows\system32\wbem\fastprox.dll
2009-10-06 09:25 584,704 a------- c:\windows\system32\rpcrt4.dll
2009-10-06 00:11 472,064 a------- c:\windows\system32\wbem\SET6F5.tmp
2009-10-06 00:11 247,808 a------- c:\windows\system32\wbem\SET6F7.tmp
2009-10-06 00:11 123,904 a------- c:\windows\system32\wbem\SET6F1.tmp
2009-10-06 00:11 16,384 a------- c:\windows\system32\wbem\SET6F2.tmp
2009-10-06 00:11 178,176 a------- c:\windows\system32\wbem\SET6ED.tmp
2009-10-06 00:11 47,104 a------- c:\windows\system32\wbem\SET6F0.tmp
2009-10-06 00:11 214,528 a------- c:\windows\system32\wbem\SET6E5.tmp
2009-10-06 00:11 531,456 a------- c:\windows\system32\wbem\SET6E3.tmp
2009-10-06 00:11 273,920 a------- c:\windows\system32\wbem\SET6E1.tmp
2009-10-06 00:11 43,520 a------- c:\windows\system32\wbem\SET6DE.tmp
2009-10-06 00:10 437,248 a------- c:\windows\system32\wbem\SET6CD.tmp
2009-10-06 00:10 144,896 a------- c:\windows\system32\wbem\SET6CE.tmp
2009-10-06 00:10 218,112 a------- c:\windows\system32\wbem\SET6CC.tmp
2009-10-06 00:10 144,896 a------- c:\windows\system32\wbem\SET6CA.tmp
2009-10-06 00:10 95,232 a------- c:\windows\system32\wbem\SET6C9.tmp
2009-10-05 23:44 6,656 a------- c:\windows\system32\wuauserv.dll
2009-10-05 23:42 25,088 a------- c:\windows\system32\shfolder.dll
2009-10-05 23:30 213,528 ac------ c:\windows\system32\dllcache\wuaucpl.cpl
2009-10-05 23:30 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-10-05 23:26 159,744 a------- c:\windows\system32\igfxres.dll
2009-10-05 23:25 13,668 a------- c:\windows\system32\wpa.bak
2009-10-05 23:20 129,536 a------- c:\windows\system32\ksproxy.ax
2009-10-05 23:20 4,096 a------- c:\windows\system32\ksuser.dll
2009-10-05 23:19 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-10-05 23:19 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-10-05 23:19 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-10-05 23:19 21,896 ac------ c:\windows\system32\dllcache\tdipx.sys
2009-10-05 23:19 19,464 ac------ c:\windows\system32\dllcache\tdspx.sys
2009-10-05 23:19 13,192 ac------ c:\windows\system32\dllcache\tdasync.sys
2009-10-05 23:17 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-10-05 23:17 92,032 ac------ c:\windows\system32\dllcache\mga.dll
2009-10-05 23:17 65,536 ac------ c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-10-05 23:17 18,432 ac------ c:\windows\system32\dllcache\jupiw.dll
2009-10-05 23:17 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll
2009-10-05 23:17 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-10-05 23:17 111,104 ac------ c:\windows\system32\dllcache\fxscfgwz.dll
2009-10-05 23:17 43,520 ac------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-10-05 23:17 57,856 ac------ c:\windows\system32\dllcache\esuimgd.dll
2009-10-05 23:17 45,056 ac------ c:\windows\system32\dllcache\esunid.dll
2009-10-05 23:17 31,744 ac------ c:\windows\system32\dllcache\esucmd.dll
2009-10-05 23:17 25,856 ac------ c:\windows\system32\dllcache\et4000.sys
2009-10-05 23:16 54,528 ac------ c:\windows\system32\dllcache\cap7146.sys
2009-10-05 23:16 312,832 ac------ c:\windows\system32\dllcache\EXCH_aqueue.dll
2009-10-05 23:16 45,056 ac------ c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-10-05 23:16 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-10-05 23:16 2,134,528 ac------ c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-10-05 23:16 175,104 ac------ c:\windows\system32\dllcache\EXCH_smtpadm.dll
2009-10-05 23:14 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-10-05 23:14 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-10-05 23:13 17,408 a------- c:\windows\system32\upnpcont.exe
2009-10-05 23:13 61,440 ac------ c:\windows\system32\dllcache\icwres.dll
2009-10-05 23:13 40,960 ac------ c:\windows\system32\dllcache\trialoc.dll
2009-10-05 23:13 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-10-05 23:13 221,696 -------- c:\windows\system32\_004835_.tmp.dll
2009-10-05 23:13 12,800 a------- c:\windows\system32\mstinit.exe
2009-10-05 22:58 34 a------- c:\windows\system\oeminfo.ini
2009-10-05 22:57 482,304 ac------ c:\windows\system32\dllcache\pintlgnt.ime
2009-10-05 22:45 107,776 a------- c:\windows\system32\drivers\ac97ich4.sys
2009-10-05 22:45 <DIR> --d----- c:\windows\setup.pss
2009-10-05 21:08 51,724 a------- C:\xptht26p.htm
2009-10-05 20:42 472,064 a------- c:\windows\system32\wbem\SET64E.tmp
2009-10-05 20:42 247,808 a------- c:\windows\system32\wbem\SET650.tmp
2009-10-05 20:42 178,176 a------- c:\windows\system32\wbem\SET646.tmp
2009-10-05 20:42 123,904 a------- c:\windows\system32\wbem\SET64A.tmp
2009-10-05 20:42 47,104 a------- c:\windows\system32\wbem\SET649.tmp
2009-10-05 20:42 16,384 a------- c:\windows\system32\wbem\SET64B.tmp
2009-10-05 20:42 214,528 a------- c:\windows\system32\wbem\SET63E.tmp
2009-10-05 20:42 531,456 a------- c:\windows\system32\wbem\SET63C.tmp
2009-10-05 20:42 273,920 a------- c:\windows\system32\wbem\SET63A.tmp
2009-10-05 20:42 43,520 a------- c:\windows\system32\wbem\SET637.tmp
2009-10-05 20:41 437,248 a------- c:\windows\system32\wbem\SET626.tmp
2009-10-05 20:41 144,896 a------- c:\windows\system32\wbem\SET627.tmp
2009-10-05 20:41 218,112 a------- c:\windows\system32\wbem\SET625.tmp
2009-10-05 20:41 144,896 a------- c:\windows\system32\wbem\SET623.tmp
2009-10-05 20:41 95,232 a------- c:\windows\system32\wbem\SET622.tmp
2009-10-05 20:05 165 a------- C:\update.cmd
2009-10-05 14:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-05 14:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-05 12:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 12:01 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 11:57 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-05 10:57 221,696 -------- c:\windows\system32\_004788_.tmp.dll
2009-10-05 08:27 <DIR> --d----- c:\program files\common files\DivX Shared
2009-10-05 08:23 28,672 a------- c:\windows\ciaunwdm.exe
2009-10-04 23:17 25,065 a------- c:\windows\system32\wmpscheme.xml
2009-10-04 23:17 299,552 a------- c:\windows\WMSysPrx.prx
2009-10-04 21:16 45,568 a------- c:\windows\system32\safrslv.dll
2009-10-04 21:16 43,520 a------- c:\windows\system32\safrcdlg.dll
2009-10-04 21:16 29,696 a------- c:\windows\system32\safrdm.dll
2009-10-04 21:16 43,520 a------- c:\windows\system32\racpldlg.dll
2009-10-04 21:16 32,768 a------- c:\windows\system32\isrdbg32.dll
2009-10-04 21:13 68,608 a------- c:\windows\system32\access.cpl
2009-10-04 21:13 347,136 a------- c:\windows\system32\hypertrm.dll
2009-10-04 21:13 161,792 a------- c:\windows\system32\msdtcuiu.dll
2009-10-04 21:13 97,792 a------- c:\windows\system32\comrepl.dll
2009-10-04 21:13 34,304 a------- c:\windows\system32\mtxlegih.dll
2009-10-04 21:13 30,720 a------- c:\windows\system32\mtxdm.dll
2009-10-04 21:13 28,160 a------- c:\windows\system32\comaddin.dll
2009-10-04 21:13 4,096 a------- c:\windows\system32\mtxex.dll
2009-10-04 21:13 110,592 a------- c:\windows\system32\clbcatex.dll
2009-10-04 21:13 85,504 a------- c:\windows\system32\catsrvps.dll
2009-10-04 21:13 59,392 a------- c:\windows\system32\stclient.dll
2009-10-04 21:13 539,648 a------- c:\windows\system32\comuid.dll
2009-10-04 21:13 167,424 a------- c:\windows\system32\comsnap.dll
2009-10-04 21:00 146,432 a------- c:\windows\system\winspool.drv
2009-10-04 21:00 74,752 a------- c:\windows\system32\storprop.dll
2009-10-04 21:00 390,168 ac------ c:\windows\system32\dllcache\WFC.CAT
2009-10-04 21:00 21,281 ac------ c:\windows\system32\dllcache\XMLDSOC.CAT
2009-09-24 22:37 1,168,384 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-09-24 22:37 832,512 -c------ c:\windows\system32\dllcache\wininet.dll
2009-09-24 22:37 3,598,336 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-09-24 22:37 1,509,888 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-09-24 22:37 78,336 -c------ c:\windows\system32\dllcache\ieencode.dll

==================== Find3M ====================

2009-10-22 17:07 17,408 a------- c:\windows\system32\wbem\unsecapp.exe
2009-10-22 17:03 108,544 a------- c:\windows\system32\_006566_.tmp.dll
2009-10-22 17:03 101,888 a------- c:\windows\system32\_004808_.tmp.dll
2009-10-22 17:01 19,968 a------- c:\windows\system32\tcpsvcs.exe
2009-10-22 17:00 9,728 a------- c:\windows\system32\print.exe
2009-10-22 17:00 33,792 a------- c:\windows\system32\ping6.exe
2009-10-22 17:00 15,872 a------- c:\windows\system32\pentnt.exe
2009-10-22 17:00 22,016 a------- c:\windows\system32\pathping.exe
2009-10-22 17:00 40,960 a------- c:\windows\system32\osuninst.exe
2009-10-22 17:00 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-10-22 17:00 20,992 a------- c:\windows\system32\nbtstat.exe
2009-10-22 17:00 7,168 a------- c:\windows\system32\msswchx.exe
2009-10-22 17:00 127,488 a------- c:\windows\system32\mshearts.exe
2009-10-22 17:00 21,504 a------- c:\windows\system32\msg.exe
2009-10-22 17:00 13,312 a------- c:\windows\system32\mrinfo.exe
2009-10-22 17:00 22,528 a------- c:\windows\system32\mpnotify.exe
2009-10-22 17:00 8,704 a------- c:\windows\system32\mountvol.exe
2009-10-22 16:58 56,832 a------- c:\windows\system32\fsutil.exe
2009-10-22 16:57 115,200 a------- c:\windows\system32\calc.exe
2009-10-22 16:57 5,632 a------- c:\windows\system32\bootvrfy.exe
2009-10-22 16:57 5,120 a------- c:\windows\system32\bootok.exe
2009-10-22 16:57 139,264 a------- c:\windows\system32\BCMWLU00.EXE
2009-10-22 16:57 57,344 a------- c:\windows\system32\BCMWLD2K.EXE
2009-10-22 16:57 45,056 a------- c:\windows\system32\besch.exe
2009-10-22 16:57 19,968 a------- c:\windows\system32\arp.exe
2009-10-22 16:57 696,320 a------- c:\windows\system32\AmericanFlag.scr
2009-10-22 16:57 1,634,304 a------- c:\windows\system32\3D Windows XP.scr
2009-10-22 16:54 96,256 a------- c:\windows\system32\scardsvr.exe
2009-10-22 16:53 41,472 a------- c:\windows\system32\msiregmv.exe
2009-10-22 16:52 56,320 a------- c:\windows\system32\ipconfig.exe
2009-10-22 16:51 72,192 a------- c:\windows\system32\blastcln.exe
2009-10-22 16:51 14,848 a------- c:\windows\system32\auditusr.exe
2009-10-22 16:51 12,800 a------- c:\windows\system32\attrib.exe
2009-10-22 16:51 11,776 a------- c:\windows\system32\atmadm.exe
2009-10-22 16:51 25,600 a------- c:\windows\system32\at.exe
2009-10-22 16:51 98,816 a------- c:\windows\system32\ahui.exe
2009-10-22 16:50 4,608 a------- c:\windows\system32\actmovie.exe
2009-10-22 16:50 184,832 a------- c:\windows\system32\accwiz.exe
2009-10-22 16:49 228,352 a------- c:\windows\system32\wbem\wmiprvse.exe
2009-10-22 16:49 111,104 a------- c:\windows\system32\services.exe
2009-10-22 16:49 35,840 a------- c:\windows\system32\sc.exe
2009-10-22 16:23 221,184 a------- c:\windows\UninstallDialog.exe
2009-10-22 16:23 26,112 a------- c:\windows\twunk_32.exe
2009-10-22 16:23 15,872 a------- c:\windows\taskman.exe
2009-10-22 16:23 221,184 a------- c:\windows\InstallDialog.exe
2009-10-22 15:12 32,768 a------- c:\windows\system32\wupdmgr.exe
2009-10-22 15:12 13,824 a------- c:\windows\system32\wbem\winmgmt.exe
2009-10-22 15:11 32,256 a------- c:\windows\system32\ntsd.exe
2009-10-22 15:11 176,128 a------- c:\windows\system32\igfxtray.exe
2009-10-22 15:11 139,264 a------- c:\windows\system32\hkcmd.exe
2009-10-12 22:21 4 ----h--- c:\windows\fonts\mlog
2009-10-12 22:05 359,040 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-05 23:13 23,356 a------- c:\windows\system32\emptyregdb.dat
2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:36 832,512 a------- c:\windows\system32\wininet.dll
2009-08-29 00:36 17,408 a------- c:\windows\system32\corpol.dll
2009-08-29 00:36 78,336 -------- c:\windows\system32\ieencode.dll
2009-08-26 01:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 07:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-28 21:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:37 81,920 a------- c:\windows\system32\fontsub.dll

============= FINISH: 18:26:17.73 ===============
LFDavidson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 10-23-2009, 07:48 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,993
OS: WinXP and Vista


Re: Virus Issues
Let's see how deeply Virut got into your system. Many AV's claim to clean it, but the truth is Virut is a polymorphic file infector which affects the executable files (.exe), screensaver files (.scr), .htm, and .html files, corrupting them beyond repair in most cases. If even one Virut file has been missed, it will work its way through your system in short order. Many security experts agree that a clean reformat is the only way to clean the infection and return the machine to its normal working state.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:25 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85