« previous next »
Pages: [1] 2   Go Down

Author Topic: bekz09's thread Re: strange new virus  (Read 4601 times)

0 Members and 1 Guest are viewing this topic.

Offline bekz09

  • Newbie
  • *
  • Posts: 15
bekz09's thread Re: strange new virus
« on: August 15, 2009, 02:13:28 PM »
Hi,
Can you please help me.. I have the very same virus on my lap top.. have followed the advice given but still have the same problem..it won't let me into internet..keeps blocking it asking me to purchase protection (it's called Personal Antivirus)

below are the logs:

MBAM Log:
Database version: 2104
Windows 6.0.6000

15/08/2009 15:03:34
mbam-log-2009-08-15 (15-03-34).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 229196
Time elapsed: 2 hour(s), 7 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijack this log:ogfile of random's system information tool 1.06 (written by random/random)
Run by rebecca at 2009-08-15 13:34:05
Microsoft® Windows Vista™ Home Premium 
System drive C: has 42 GB (44%) free of 95 GB
Total RAM: 1919 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:19, on 15/08/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PcSync2.exe
C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Desktop\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A01OMMVQ\RSIT[1].exe
C:\Program Files\trend micro\rebecca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: &Helper - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'shauna')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - S-1-5-21-3816998836-1839666675-2622873197-1002 Startup: IMVU.lnk = C:\Users\shauna\AppData\Roaming\IMVUClient\IMVUClient.exe (User 'shauna')
O4 - S-1-5-21-3816998836-1839666675-2622873197-1002 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'shauna')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca18c0cee2291c) (gupdate1ca18c0cee2291c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 13635 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PersonalAV.job
C:\Windows\tasks\User_Feed_Synchronization-{05A11322-ED06-477C-B60A-8D9A56F9239E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
Softonic English Toolbar - C:\Program Files\Softonic_English\tbSoft.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}]
&Helper - C:\Windows\System32\msxmlm.dll [2009-08-14 378880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-27 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-25 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]
{930f1200-f5f1-4870-bac6-e233ec8e7023} - Softonic English Toolbar - C:\Program Files\Softonic_English\tbSoft.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-22 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-23 815104]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2006-12-13 106496]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2007-12-22 37232]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2007-12-22 33136]
"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-25 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-19 1232896]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-27 39408]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-06-24 2356088]
"Nokia.PCSync"=C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"PC Suite Tray"=C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-08-14 18:37:57 ----A---- C:\Windows\system32\ndisapi.dll
2009-08-14 17:37:31 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-14 17:37:31 ----A---- C:\Windows\system32\kerberos.dll
2009-08-14 17:37:30 ----A---- C:\Windows\system32\wdigest.dll
2009-08-14 17:37:29 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-14 17:37:28 ----A---- C:\Windows\system32\schannel.dll
2009-08-14 17:37:27 ----A---- C:\Windows\system32\secur32.dll
2009-08-14 17:37:27 ----A---- C:\Windows\system32\lsass.exe
2009-08-14 17:37:13 ----A---- C:\Windows\system32\msxmlm.dll
2009-08-14 17:34:34 ----D---- C:\Program Files\Common Files\Uninstall
2009-08-14 09:59:23 ----A---- C:\Windows\system32\atl.dll
2009-08-14 09:59:16 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-14 09:59:10 ----A---- C:\Windows\system32\tsgqec.dll
2009-08-14 09:59:10 ----A---- C:\Windows\system32\mstscax.dll
2009-08-14 09:59:10 ----A---- C:\Windows\system32\aaclient.dll
2009-08-14 09:59:07 ----A---- C:\Windows\system32\avifil32.dll
2009-08-14 09:59:06 ----A---- C:\Windows\system32\msvidc32.dll
2009-08-14 09:59:06 ----A---- C:\Windows\system32\msvfw32.dll
2009-08-14 09:59:06 ----A---- C:\Windows\system32\msrle32.dll
2009-08-14 09:59:06 ----A---- C:\Windows\system32\mciavi32.dll
2009-08-14 09:59:06 ----A---- C:\Windows\system32\avicap32.dll
2009-08-14 09:58:56 ----A---- C:\Windows\system32\wmp.dll
2009-08-14 09:58:53 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-14 09:58:51 ----A---- C:\Windows\system32\spwmp.dll
2009-08-14 09:58:50 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-14 09:58:49 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-29 00:19:08 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 00:19:05 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 00:19:04 ----A---- C:\Windows\system32\mstime.dll
2009-07-29 00:19:02 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 00:19:02 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-29 00:19:00 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 00:19:00 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 00:18:59 ----A---- C:\Windows\system32\occache.dll
2009-07-29 00:18:59 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 00:18:59 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 00:18:59 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-29 00:18:58 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-29 00:18:58 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-29 00:18:58 ----A---- C:\Windows\system32\icardie.dll
2009-07-29 00:18:57 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 00:18:57 ----A---- C:\Windows\system32\ieencode.dll
2009-07-29 00:18:57 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-29 00:18:56 ----A---- C:\Windows\system32\advpack.dll
2009-07-29 00:18:56 ----A---- C:\Windows\system32\admparse.dll
2009-07-29 00:18:55 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 00:18:55 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 00:18:55 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 00:18:55 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-29 00:18:54 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-29 00:18:54 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 00:18:54 ----A---- C:\Windows\system32\ieakui.dll
2009-07-29 00:18:53 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-22 17:31:52 ----A---- C:\Windows\system32\t2embed.dll
2009-07-22 17:31:51 ----A---- C:\Windows\system32\fontsub.dll
2009-07-22 17:31:50 ----A---- C:\Windows\system32\atmfd.dll
2009-07-22 17:31:49 ----A---- C:\Windows\system32\lpk.dll
2009-07-22 17:31:49 ----A---- C:\Windows\system32\dciman32.dll
2009-07-22 17:31:49 ----A---- C:\Windows\system32\atmlib.dll

======List of files/folders modified in the last 1 months======

2009-08-15 13:34:07 ----D---- C:\Program Files\trend micro
2009-08-15 13:33:54 ----D---- C:\Windows\Temp
2009-08-15 13:31:57 ----D---- C:\Windows\Prefetch
2009-08-15 12:03:27 ----SD---- C:\ProgramData\Microsoft
2009-08-15 12:03:24 ----SD---- C:\Users\rebecca\AppData\Roaming\Microsoft
2009-08-15 11:51:13 ----A---- C:\Windows\system32\acovcnt.exe
2009-08-15 11:04:50 ----D---- C:\Windows\winsxs
2009-08-15 11:01:01 ----D---- C:\Windows\System32
2009-08-15 11:00:59 ----D---- C:\Windows\system32\drivers
2009-08-15 10:55:41 ----SHD---- C:\Windows\Installer
2009-08-15 10:54:26 ----RSD---- C:\Windows\assembly
2009-08-15 10:49:42 ----D---- C:\Program Files\Windows Media Player
2009-08-15 10:49:02 ----D---- C:\Windows\system32\catroot
2009-08-15 10:48:49 ----D---- C:\Program Files\Windows Mail
2009-08-15 10:48:20 ----SHD---- C:\System Volume Information
2009-08-14 23:15:12 ----RD---- C:\Program Files
2009-08-14 21:50:46 ----D---- C:\Program Files\Google
2009-08-14 21:45:08 ----HD---- C:\ProgramData
2009-08-14 21:45:06 ----D---- C:\Windows\Tasks
2009-08-14 17:36:04 ----D---- C:\Windows\system32\catroot2
2009-08-14 17:34:34 ----D---- C:\Windows\system32\Tasks
2009-08-14 17:34:34 ----D---- C:\Program Files\Common Files
2009-07-31 19:37:29 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 03:10:46 ----D---- C:\Windows\system32\migration
2009-07-29 03:10:46 ----D---- C:\Program Files\Internet Explorer
2009-07-29 03:10:45 ----D---- C:\Windows\AppPatch
2009-07-19 02:03:48 ----D---- C:\Users\rebecca\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 28672]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-31 743424]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-19 14208]
R3 DNISp50;DNISp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2006-11-02 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 35328]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-06-06 1260672]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-23 181304]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WG111Tv.sys [2007-06-01 870400]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNIMp50.sys [2006-11-16 21504]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-04-27 78104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-04-18 24576]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 gupdate1ca18c0cee2291c;Google Update Service (gupdate1ca18c0cee2291c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-15 655624]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-09 190448]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-14 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Logged

Offline bekz09

  • Newbie
  • *
  • Posts: 15
bekz09's thread Re: strange new virus
« Reply #1 on: August 15, 2009, 02:33:17 PM »
this is what i keep getting after following the steps advised:

Web address changes to about:blank
Then the header changes to BLOCKED

and i get the following message:I hve to keep clicking "continue unprotected" and still keep getting this message!!  (HELP!?)

Warning! Visiting this site may harm your computer!
This web site probably contains malicious software program, which can cause damage to your computer or perform actions without your permission. Your computer may be infected after visiting such web site.

We recommend you to install (or activate) antivirus security software.

I do realize that visiting this site can cause harm to my computer.


Thanks in advance for any help in fixing this...

   
Logged

Offline winchester73

  • Administrator
  • Hero Member
  • *****
  • Posts: 5125
  • Half a bubble off plumb
bekz09's thread Re: strange new virus
« Reply #2 on: August 15, 2009, 06:39:18 PM »
Quote
MBAM Log:
Database version: 2104

First, please update your MBAM, and scan again.  I don't know if you have v1.40 or not (if not, the program will download over the version you have), but your database version is quite old (the curent one is 2630).  My guess is that you not updated MBAM since May, and likely have version 1.36.

Let's see what the updated MBAM scan shows. 
Logged
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member


Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: bekz09's thread Re: strange new virus
« Reply #3 on: August 15, 2009, 09:34:22 PM »
Quote from: winchester73 on August 15, 2009, 06:39:18 PM
Quote
MBAM Log:
Database version: 2104

First, please update your MBAM, and scan again.  I don't know if you have v1.40 or not (if not, the program will download over the version you have), but your database version is quite old (the curent one is 2630).  My guess is that you not updated MBAM since May, and likely have version 1.36.

Let's see what the updated MBAM scan shows. 

Hi winchester73,
thanks for that.. i have updated the MBAM and scanned as you suggested.. the version i got dated Aug 2009 is 2155..

so ran it and it did pick up 5 infections relationg to (rogue personal antivirus) - however it couldn't delete it and said i had to reboot and system would delete on reboot.. however... i still cannot get into my internet.. to send u on the log..am typing this from another computer...
thanks for your help
Logged

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1376
Re: bekz09's thread Re: strange new virus
« Reply #4 on: August 15, 2009, 10:52:12 PM »
Other thread Becks are you going to follow the instructions given or we going to be wastin our time ..

http://www.landzdown.com/index.php?topic=33203.msg105686#msg105686

Quote from: bekz09 on May 16, 2009, 01:56:56 PM
thanks Paddy,
I have removed Limewire altogether from the laptop.  will i remove and reinstall Adobe & Java also?


Now your new Logfile >> 

Quote

Hijack this log:ogfile of random's system information tool 1.06 (written by random/random)
Run by rebecca at 2009-08-15 13:34:05
Microsoft® Windows Vista™ Home Premium 
System drive C: has 42 GB (44%) free of 95 GB
Total RAM: 1919 MB (39% free)



C:\Users\shauna\AppData\Roaming\IMVUClient\IMVUClient.exe (User 'shauna')
O4 - S-1-5-21-3816998836-1839666675-2622873197-1002 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'shauna')



Paddy.. :thud:

Logged
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: bekz09's thread Re: strange new virus
« Reply #5 on: August 15, 2009, 11:09:11 PM »
Paddy,
I'm sorry if u feel i am wasting your time.??. it certainly isn't my intention.. i did everything suggested.. i did delete lime wire last time... And it's not on my pc? - there is isn't even an icon or it's not on my computer files?

Also,  i'm certainly not trying to waste anyone's time.. i really don't know anything about computers but i am grateful for help and did follow instructions
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11540
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: bekz09's thread Re: strange new virus
« Reply #6 on: August 16, 2009, 12:05:28 AM »
bekz09,

Please post the last MBAM log and a fresh HijackThis log.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: bekz09's thread Re: strange new virus
« Reply #7 on: August 16, 2009, 12:23:41 AM »
Hi Corrine,
will do.. am running the both again now to try and get onto the internet to post logs -  but can't open net from my laptop it's still blocked. (using another pc to type this)
Thanks
Logged

Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: bekz09's thread Re: strange new virus
« Reply #8 on: August 16, 2009, 01:49:01 AM »
Hi,
think it's worked this time... least its letting me onto the net for now anyway..and thanks again for assistance, very much appreciated! - but paddy is right there is a folder for Limewire still in there but say's installation failed - there is nothing in it, but  it won't let me un-install that.. gives reason that may not compatible with my verson of windows? Its not showing on my Control panel:Programs Features (uninstall or change a program) I went to the limewire homepage and there is nothing on uninstalling.

thanks again for assistance, very much appreciated!

here are the logs -
MBAM LOG
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6000

16/08/2009 02:09:50
mbam-log-2009-08-16 (02-09-50).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 255347
Time elapsed: 1 hour(s), 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\msxmlm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Hijack this log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by rebecca at 2009-05-15 21:59:11
Microsoft® Windows Vista™ Home Premium 
System drive C: has 53 GB (56%) free of 95 GB
Total RAM: 1919 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:32, on 15/05/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Users\shauna\AppData\Roaming\IMVUClient\IMVUClient.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\shauna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q6RMV4V\RSIT[1].exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\rebecca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'shauna')
O4 - HKUS\S-1-5-21-3816998836-1839666675-2622873197-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'shauna')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - S-1-5-21-3816998836-1839666675-2622873197-1002 Startup: IMVU.lnk = C:\Users\shauna\AppData\Roaming\IMVUClient\IMVUClient.exe (User 'shauna')
O4 - S-1-5-21-3816998836-1839666675-2622873197-1002 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'shauna')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 15706 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-19 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-22 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-23 815104]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2006-12-13 106496]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2007-12-22 37232]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2007-12-22 33136]
"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]
"Malwarebytes Anti-Malware (reboot)"=C:\Desktop\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 1277584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-19 1232896]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-27 39408]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]
"Nokia.PCSync"=C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"PC Suite Tray"=C:\Users\rebecca\Pictures\2008-04-25\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-28 1830128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe

C:\Users\rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-05-15 21:59:13 ----D---- C:\Program Files\trend micro
2009-05-15 21:59:11 ----D---- C:\rsit
2009-05-10 16:27:34 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-05-10 16:27:07 ----D---- C:\Users\rebecca\AppData\Roaming\SUPERAntiSpyware.com
2009-05-10 16:27:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-10 16:25:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-10 14:03:13 ----D---- C:\Avenger
2009-05-10 14:03:11 ----A---- C:\avenger.txt
2009-05-10 11:39:42 ----D---- C:\Users\rebecca\AppData\Roaming\Malwarebytes
2009-05-10 11:39:34 ----D---- C:\ProgramData\Malwarebytes
2009-05-10 11:39:34 ----D---- C:\Desktop
2009-05-10 00:03:41 ----D---- C:\Program Files\Common Files\PC Tools
2009-05-10 00:03:30 ----D---- C:\Users\rebecca\AppData\Roaming\PC Tools
2009-05-10 00:03:30 ----D---- C:\ProgramData\PC Tools
2009-05-10 00:03:30 ----D---- C:\Program Files\Spyware Doctor
2009-05-10 00:03:27 ----A---- C:\Windows\system32\msxml.dll
2009-05-10 00:03:26 ----A---- C:\Windows\system32\STKIT432.DLL
2009-05-10 00:03:23 ----D---- C:\Program Files\Registry Mechanic
2009-05-05 19:23:16 ----D---- C:\Program Files\Common Files\SWF Studio
2009-05-05 19:23:13 ----SHD---- C:\Users\rebecca\AppData\Roaming\.#
2009-05-05 19:23:06 ----AD---- C:\ProgramData\TEMP
2009-05-05 19:22:25 ----D---- C:\Program Files\iWin.com
2009-05-05 19:02:17 ----D---- C:\ProgramData\iWin Games
2009-05-05 19:01:40 ----D---- C:\Program Files\iWin Games
2009-04-22 21:49:53 ----D---- C:\Program Files\Common Files\Windows Live
2009-04-15 13:53:23 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 13:53:19 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 13:53:19 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 13:53:03 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 13:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 13:53:00 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 13:53:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 13:52:59 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 13:52:59 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 13:52:59 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 13:52:59 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 13:52:59 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 13:52:51 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 13:52:50 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 13:52:50 ----A---- C:\Windows\system32\lsass.exe
2009-04-15 13:52:50 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 13:52:50 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 13:52:49 ----A---- C:\Windows\system32\amxread.dll
2009-04-15 13:52:37 ----A---- C:\Windows\system32\mshtml.dll
2009-04-15 13:52:34 ----A---- C:\Windows\system32\ieframe.dll
2009-04-15 13:52:32 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-15 13:52:31 ----A---- C:\Windows\system32\urlmon.dll
2009-04-15 13:52:31 ----A---- C:\Windows\system32\iertutil.dll
2009-04-15 13:52:31 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-15 13:52:30 ----A---- C:\Windows\system32\occache.dll
2009-04-15 13:52:30 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-15 13:52:29 ----A---- C:\Windows\system32\wininet.dll
2009-04-15 13:52:29 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-15 13:52:29 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-15 13:52:28 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-15 13:52:28 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-15 13:52:28 ----A---- C:\Windows\system32\ieencode.dll
2009-04-15 13:52:28 ----A---- C:\Windows\system32\admparse.dll
2009-04-15 13:52:27 ----A---- C:\Windows\system32\mstime.dll
2009-04-15 13:52:27 ----A---- C:\Windows\system32\ieui.dll
2009-04-15 13:52:27 ----A---- C:\Windows\system32\iesetup.dll
2009-04-15 13:52:27 ----A---- C:\Windows\system32\advpack.dll
2009-04-15 13:52:26 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-15 13:52:26 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-15 13:52:26 ----A---- C:\Windows\system32\iernonce.dll
2009-04-15 13:52:26 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-15 13:52:26 ----A---- C:\Windows\system32\icardie.dll
2009-04-15 13:52:25 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-15 13:52:25 ----A---- C:\Windows\system32\ieakui.dll
2009-04-15 13:52:24 ----A---- C:\Windows\system32\ieapfltr.dll
2009-03-13 17:14:49 ----HD---- C:\ProgramData\CanonBJ
2009-03-13 17:13:44 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2009-03-13 17:12:13 ----A---- C:\Windows\system32\CNMLM97.DLL
2009-03-13 17:11:50 ----HD---- C:\Program Files\CanonBJ
2009-03-13 17:10:39 ----D---- C:\Program Files\Canon
2009-03-13 17:08:20 ----D---- C:\Users\rebecca\AppData\Roaming\PC Suite
2009-03-13 17:08:20 ----D---- C:\Users\rebecca\AppData\Roaming\Nokia
2009-03-13 17:08:19 ----D---- C:\ProgramData\PC Suite
2009-03-11 08:15:59 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 08:15:57 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 08:15:56 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 08:15:56 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 08:12:26 ----A---- C:\Windows\system32\schannel.dll
2009-02-26 13:32:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-17 11:15:01 ----A---- C:\Windows\system32\EncDec.dll
2009-02-17 11:14:57 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-17 11:14:57 ----A---- C:\Windows\system32\mcmde.dll

======List of files/folders modified in the last 3 months======

2009-05-15 21:59:20 ----D---- C:\Windows\Temp
2009-05-15 21:59:14 ----D---- C:\Windows\Prefetch
2009-05-15 21:59:13 ----RD---- C:\Program Files
2009-05-15 21:40:40 ----D---- C:\Windows\system32\drivers
2009-05-15 15:38:57 ----D---- C:\Windows\System32
2009-05-15 15:38:57 ----D---- C:\Windows\inf
2009-05-15 15:38:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-15 15:01:12 ----A---- C:\Windows\system32\acovcnt.exe
2009-05-15 07:58:55 ----D---- C:\Program Files\LogMeIn
2009-05-14 21:05:42 ----D---- C:\Windows\winsxs
2009-05-14 19:52:59 ----SHD---- C:\System Volume Information
2009-05-14 19:27:36 ----SHD---- C:\Windows\Installer
2009-05-14 19:25:38 ----D---- C:\Windows\system32\catroot
2009-05-14 19:25:20 ----D---- C:\Program Files\Windows Mail
2009-05-10 16:27:34 ----HD---- C:\ProgramData
2009-05-10 16:25:58 ----D---- C:\Program Files\Common Files
2009-05-10 11:12:13 ----D---- C:\Windows\system32\catroot2
2009-05-09 21:46:47 ----A---- C:\Windows\NeroDigital.ini
2009-04-29 01:15:04 ----D---- C:\Users\rebecca\AppData\Roaming\LimeWire
2009-04-29 01:10:28 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-29 01:10:01 ----D---- C:\Program Files\Windows Live
2009-04-23 14:10:22 ----SD---- C:\Windows\Downloaded Program Files
2009-04-22 21:49:51 ----SD---- C:\ProgramData\Microsoft
2009-04-16 13:09:47 ----D---- C:\Windows\system32\wbem
2009-04-16 13:09:46 ----D---- C:\Windows\system32\manifeststore
2009-04-16 13:09:46 ----D---- C:\Windows\AppPatch
2009-04-16 13:09:45 ----D---- C:\Windows\system32\migration
2009-04-16 13:09:45 ----D---- C:\Program Files\Internet Explorer
2009-04-16 13:00:16 ----A---- C:\Windows\win.ini
2009-03-14 01:12:09 ----D---- C:\Windows
2009-03-14 01:05:22 ----D---- C:\Windows\Minidump
2009-03-13 04:08:15 ----D---- C:\Program Files\Windows Media Player
2009-03-06 08:56:59 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-18 03:02:31 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-03-29 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 50768]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 28672]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-31 743424]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-19 14208]
R3 DNISp50;DNISp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2006-11-02 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 35328]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-06-06 1260672]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-23 181304]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WG111Tv.sys [2007-06-01 870400]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNIMp50.sys [2006-11-16 21504]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-04-27 78104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2007-11-15 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-04-18 24576]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-14 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
Logged

Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: bekz09's thread Re: strange new virus
« Reply #9 on: August 16, 2009, 02:21:06 AM »
i've just ran the same scan on our main pc but when i try to run the RSIT i getting message saying its not a valid Win32 application?

Logged

Offline Eric the Red

  • ISO/IEC 27001:2005
  • Administrator
  • Hero Member
  • *****
  • Posts: 1611
  • Would somebody please pass me a beer!
Re: bekz09's thread Re: strange new virus
« Reply #10 on: August 16, 2009, 10:27:40 AM »
bekz09,

Let's not confuse the issue by bringing the "main PC" into the equation at this time. Let's just stick with the compromised machine and get that sorted, if necessary we can look at the second machine later.

Whilst we are waiting for Corrine to catch up with the sun we need to sort your Java out. The computer has a very old, vulnerable version of SunJava installed. 

Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.

Then, if you wish, download and install Java SE Runtime Environment (JRE) 6 Update 16

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

Let us know if you are having any problems.
Logged
"The time to start running is around about the "e" in "Hey, you!" "
Proud member Since 2004 

The information I provide is provided "AS IS" without warranty, and confers no rights.

Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: bekz09's thread Re: strange new virus
« Reply #11 on: August 16, 2009, 12:00:46 PM »
Hi Eric,
had a few problems trying to dowload and install this, as i didn't know which language to click on but, I have installed it now but should there be an icon showing at the bottom of screen if its working because there isn't an icon showing?

here is the log:
Information:Sun Aug 16 12:23:38 BST 2009:Started processing file jre-6u16-windows-i586.exe from server cds.sun.com
Information:Sun Aug 16 12:23:38 BST 2009:Retrieving verification properties for file jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:23:38 BST 2009:Finished processing file jre-6u16-windows-i586.exe from server cds.sun.com
Information:Sun Aug 16 12:24:01 BST 2009:Started processing file jre-6u16-windows-i586.exe from server cds.sun.com
Information:Sun Aug 16 12:24:02 BST 2009:Starting to download file jre-6u16-windows-i586.exe from server cds.sun.com
Information:Sun Aug 16 12:24:02 BST 2009:Allocating 1048576 bytes of memory for data segment buffer
Information:Sun Aug 16 12:24:02 BST 2009:Initializing destination file C:\Users\shauna\Downloads\jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:24:02 BST 2009:Connecting via http with request method GET and range 0 to server cds.sun.com
Information:Sun Aug 16 12:24:03 BST 2009:Disconnecting via http from server cds-esd.sun.com
Information:Sun Aug 16 12:24:03 BST 2009:Redirecting download of file jre-6u16-windows-i586.exe to server cds-esd.sun.com
Information:Sun Aug 16 12:24:03 BST 2009:Server cds-esd.sun.com reported response code 206 for file jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:24:03 BST 2009:Server cds-esd.sun.com reported response message (Partial Content) for file jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:24:03 BST 2009:Downloading data from server cds-esd.sun.com to file jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:24:03 BST 2009:Creating destination file C:\Users\shauna\Downloads\jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:24:58 BST 2009:Disconnecting via http from server cds-esd.sun.com
Information:Sun Aug 16 12:24:58 BST 2009:Download from server cds-esd.sun.com completed and saved in file C:\Users\shauna\Downloads\jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:37:38 BST 2009:Started processing file jre-6u16-windows-i586.exe from server cds.sun.com
Information:Sun Aug 16 12:37:38 BST 2009:Retrieving verification properties for file jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:37:39 BST 2009:Finished processing file jre-6u16-windows-i586.exe from server cds.sun.com
Information:Sun Aug 16 12:37:46 BST 2009:Started processing file jre-6u16-windows-i586.exe from server cds.sun.com
Information:Sun Aug 16 12:37:47 BST 2009:Starting to download file jre-6u16-windows-i586.exe from server cds.sun.com
Information:Sun Aug 16 12:37:47 BST 2009:Allocating 1048576 bytes of memory for data segment buffer
Information:Sun Aug 16 12:37:47 BST 2009:Initializing destination file C:\Users\shauna\Downloads\jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:37:47 BST 2009:Renaming destination file from jre-6u16-windows-i586.exe to jre-6u16-windows-i586.exe.bak
Information:Sun Aug 16 12:37:47 BST 2009:Connecting via http with request method GET and range 0 to server cds.sun.com
Information:Sun Aug 16 12:37:48 BST 2009:Disconnecting via http from server cds-esd.sun.com
Information:Sun Aug 16 12:37:48 BST 2009:Redirecting download of file jre-6u16-windows-i586.exe to server cds-esd.sun.com
Information:Sun Aug 16 12:37:48 BST 2009:Server cds-esd.sun.com reported response code 206 for file jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:37:48 BST 2009:Server cds-esd.sun.com reported response message (Partial Content) for file jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:37:48 BST 2009:Downloading data from server cds-esd.sun.com to file jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:38:44 BST 2009:Disconnecting via http from server cds-esd.sun.com
Information:Sun Aug 16 12:38:44 BST 2009:Download from server cds-esd.sun.com completed and saved in file C:\Users\shauna\Downloads\jre-6u16-windows-i586.exe
Information:Sun Aug 16 12:47:07 BST 2009:Started processing file jre-6u16-windows-x64.exe from server cds.sun.com
Information:Sun Aug 16 12:47:07 BST 2009:Retrieving verification properties for file jre-6u16-windows-x64.exe
Information:Sun Aug 16 12:47:08 BST 2009:Finished processing file jre-6u16-windows-x64.exe from server cds.sun.com
Information:Sun Aug 16 12:47:14 BST 2009:Started processing file jre-6u16-windows-x64.exe from server cds.sun.com
Information:Sun Aug 16 12:47:14 BST 2009:Starting to download file jre-6u16-windows-x64.exe from server cds.sun.com
Information:Sun Aug 16 12:47:14 BST 2009:Allocating 1048576 bytes of memory for data segment buffer
Information:Sun Aug 16 12:47:14 BST 2009:Initializing destination file C:\Users\shauna\Downloads\jre-6u16-windows-x64.exe
Information:Sun Aug 16 12:47:14 BST 2009:Connecting via http with request method GET and range 0 to server cds.sun.com
Information:Sun Aug 16 12:47:15 BST 2009:Disconnecting via http from server cds-esd.sun.com
Information:Sun Aug 16 12:47:15 BST 2009:Redirecting download of file jre-6u16-windows-x64.exe to server cds-esd.sun.com
Information:Sun Aug 16 12:47:16 BST 2009:Server cds-esd.sun.com reported response code 206 for file jre-6u16-windows-x64.exe
Information:Sun Aug 16 12:47:16 BST 2009:Server cds-esd.sun.com reported response message (Partial Content) for file jre-6u16-windows-x64.exe
Information:Sun Aug 16 12:47:16 BST 2009:Downloading data from server cds-esd.sun.com to file jre-6u16-windows-x64.exe
Information:Sun Aug 16 12:47:16 BST 2009:Creating destination file C:\Users\shauna\Downloads\jre-6u16-windows-x64.exe
Information:Sun Aug 16 12:48:20 BST 2009:Disconnecting via http from server cds-esd.sun.com
Information:Sun Aug 16 12:48:20 BST 2009:Download from server cds-esd.sun.com completed and saved in file C:\Users\shauna\Downloads\jre-6u16-windows-x64.exe
Logged

Offline Eric the Red

  • ISO/IEC 27001:2005
  • Administrator
  • Hero Member
  • *****
  • Posts: 1611
  • Would somebody please pass me a beer!
Re: bekz09's thread Re: strange new virus
« Reply #12 on: August 16, 2009, 01:56:43 PM »
bekz09,

The Sun Java Update that you downloaded was for a 64 bit machine and I believe that you have a 32bit computer. Please go back and download again, this time selecting "Windows" (not "Windows x64") as the version from the drop down list on the download page.
Logged
"The time to start running is around about the "e" in "Hey, you!" "
Proud member Since 2004 

The information I provide is provided "AS IS" without warranty, and confers no rights.

Offline winchester73

  • Administrator
  • Hero Member
  • *****
  • Posts: 5125
  • Half a bubble off plumb
Re: bekz09's thread Re: strange new virus
« Reply #13 on: August 16, 2009, 02:59:44 PM »
Quote
but should there be an icon showing at the bottom of screen if its working because there isn't an icon showing?

You'll only see the Java logo at the bottom right of your screen when you are visiting a site that is using Java.

Quote
MBAM LOG
Malwarebytes' Anti-Malware 1.40
Database version: 2551

2635 is the current database ... please update MBAM and run it again.  Select everything it finds for removal.  Reboot your machine if necessary.

Quote
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Delete on reboot.

Let's see the fresh MBAM log also please.

Did SUPERAntiSpyware object to any of this when it tried to install, or detect anything?

We might have a bit of manual cleanup to do to make sure that PersonalAV is totally eliminated.
Logged
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member


Offline bekz09

  • Newbie
  • *
  • Posts: 15
Re: bekz09's thread Re: strange new virus
« Reply #14 on: August 16, 2009, 05:04:19 PM »
Quote from: winchester73 on August 16, 2009, 02:59:44 PM
Quote
but should there be an icon showing at the bottom of screen if its working because there isn't an icon showing?

You'll only see the Java logo at the bottom right of your screen when you are visiting a site that is using Java.

oh ok.. so i'll assume it's working ok?

Quote
MBAM LOG
Malwarebytes' Anti-Malware 1.40
Database version: 2551

2635 is the current database ... please update MBAM and run it again.  Select everything it finds for removal.  Reboot your machine if necessary.

Quote
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Delete on reboot.

Let's see the fresh MBAM log also please.

Did SUPERAntiSpyware object to any of this when it tried to install, or detect anything?

We might have a bit of manual cleanup to do to make sure that PersonalAV is totally eliminated.

no, not at the time.. but reinstalled it altogether.. and got the newer version;

here is the log:
Malwarebytes' Anti-Malware 1.40
Database version: 2635
Windows 6.0.6000

16/08/2009 18:00:51
mbam-log-2009-08-16 (18-00-51).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 254790
Time elapsed: 1 hour(s), 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


thanks everyone for your help!
Logged
Pages: [1] 2   Go Up
« previous next »