Solved

Help needed: Generated log file from HijackThis

Posted on 2010-08-12
27
915 Views
Last Modified: 2013-12-06
I've been cleaning a sick computer filled with an assortment of Trojans and spyware. I've used the following tools to get rid of what nasties I could get rid of:
Malwarebytes
Superanitspyware
AVAST
AVAST BART
Bitdefinder rescue CD
AVG rescue CD
I want to make sure that I got everything nasty out of that computer. Can you tell me what I need to remove from the log below? The following is the results from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:21 PM, on 12/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\defense\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = sympatico.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: Shortcut to Sympatico.lnk = ?
O4 - Global Startup: CorelCENTRAL 10.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095024615498
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Unknown owner - C:\Program Files\Speed Disk\nopdb.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 13453 bytes


Thanks!
0
Comment
Question by:cdplayer
  • 15
  • 2
  • 2
  • +5
27 Comments
 
LVL 3

Accepted Solution

by:
insightcomputing earned 84 total points
ID: 33423364
Step 1: Turn off the computer, remove the hard drive and put it in a different computer.

Step 2: Download and install Malware Bytes. Update The definitions.  Run a full scan on hard drive from the infected computer. Clean off the infections it find and put the hard drive back in and boot up the computer.

Step 3: Turn off System restore on the computer, This helps with Viruses that like to replicate within restore points, My Computer> Properties, System Restore. Check the box to turn off system restore.

Step 4: Download and install malware bytes on the computer. Run another full scan. Clean off everything it finds and restart the machine.

Let me know if this helps.
0
 
LVL 15

Assisted Solution

by:greyknight17
greyknight17 earned 167 total points
ID: 33424147
You have way too many security programs there that have similar functions. I suggest keeping it to just one main program each (antivirus, firewall and even antispyware in some cases) as they may conflict with each other. For example, I see you have Comodo Internet Security, does that come with both all 3 protection (antivirus, firewall and antispyware)? If so, either uninstall that or uninstall Avast and Outpost Firewall.

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 83 total points
ID: 33428599
A lot of nasties can now hide from the Hijackthis scan so even if the log is clean, not showing any malicous entries, it doesn't necessarily mean that the system is free from viruses etc.

So scanning with another tool is a good idea, scan with the suggested ComboFix and attach the log here for us to check.
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33428863
I have moved the HD from the computer box, placed it in a external enclosure . I am now running Malwarebytes against that infected HD. Went under My Computer> Properties, System Restore the hard drive that is in the external enclosure does not show up under that list. So my guess is that System is not turned on for that hard drive. Is that correct?
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33430135
Hey rpggamergirl!

About ComboFix - I will have to run that once I put the hard drive back into its computer box, correct?

It appears after looking at the ComboFix examples that I can't specify the hard drive that I wish to scan. It appears after looking at the examples that ComboFix scans the current system drive. Am I correct in this way of thinking?
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33430217
greyknight17

Thank you for your suggestion! I have followed your suggestion up to step three where you suggest you turn off system restore on the computer. When I went to her my computer system restore the hard drive in question not listed therefore I assume that System Restore for that hard drive turn on. So they should not been a problem with Malwarebytes to scan the entire content on the hard drive.

Please let me know if I am not seeing the big picture,
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33430380
greyknight17

I got rid of the Outpost firewall, XP Firewall is turned off. So Comodo - is the firewall (only), and AVAST is handling the antivirus. Malwarebytes and SuperAntiSpyware  are onboard as well.
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33434617
I ran Malwarebytes against the troublesome hard drive. At this point it is in an external case. Malwarebytes found 13 which were deleted. I put back the hard drive back into the computer. Once the computer was up I turned off  System Restore. I made sure that Malwarebytes had the latest definitions before starting up Malwarebytes. Malwarebytes found 1 Malware.


0
 
LVL 15

Assisted Solution

by:greyknight17
greyknight17 earned 167 total points
ID: 33437113
You may leave system restore alone in case we need it. Run ComboFix while the drive is put back to the original computer. You may run it in the other computer but it will take longer as I recall that it will be scanning ALL of your drives that Windows detects. So it's best to put it back to the original computer since it's still working.

Post the combofix log here when ready.
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33439127
Leaving System Restore alone I have ran ComboFix. Below is the log file:

log.txt
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33439135
ComboFix 10-08-14.02 - Owner 14/08/2010  20:19:26.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1983.1534 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\defense\ComboFix\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\EULA.txt
c:\documents and settings\Owner\immunize.reg
c:\documents and settings\Owner\reg-list.reg
c:\documents and settings\Owner\virus-list
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\REI_AxControl.dll
c:\windows\system32\reg-list.reg
c:\windows\system32\virus-list
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2010-07-15 to 2010-08-15  )))))))))))))))))))))))))))))))
.

2010-08-13 22:06 . 2010-04-29 19:39      38224      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 22:06 . 2010-08-13 22:06      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2010-08-13 22:06 . 2010-04-29 19:39      20952      ----a-w-      c:\windows\system32\drivers\mbam.sys
2010-08-13 21:53 . 2010-08-13 21:53      --------      d-----w-      c:\program files\Common Files\McAfee
2010-08-13 21:52 . 2010-08-13 23:40      --------      d-----w-      c:\program files\McAfee
2010-08-13 21:52 . 2010-08-13 21:52      --------      d-----w-      c:\documents and settings\All Users\Application Data\McAfee
2010-08-13 09:23 . 2010-08-13 09:23      --------      d-----w-      c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-08-13 08:51 . 2010-08-13 08:51      --------      d-----w-      c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-13 03:18 . 2010-08-13 03:18      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-11 15:21 . 2010-08-11 15:22      --------      d-----w-      c:\documents and settings\All Users\Application Data\COMODO
2010-08-11 15:19 . 2010-08-11 15:19      --------      d-----w-      c:\program files\COMODO
2010-08-11 15:16 . 2010-08-11 15:17      --------      d-----w-      c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-08-11 14:54 . 2010-08-11 14:54      --------      d-----w-      c:\program files\Belarc
2010-08-11 14:54 . 2008-02-27 17:49      3840      ----a-w-      c:\windows\system32\drivers\BANTExt.sys
2010-08-11 13:31 . 2010-08-11 13:31      --------      d-----w-      c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn
2010-08-11 13:31 . 2010-08-11 13:31      --------      d-----w-      c:\documents and settings\All Users\Application Data\LogMeIn
2010-08-11 13:31 . 2010-08-11 13:31      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-08-11 13:31 . 2010-06-02 20:06      83360      ----a-w-      c:\windows\system32\LMIRfsClientNP.dll
2010-08-11 13:31 . 2010-06-02 20:06      53632      ----a-w-      c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-08-11 13:31 . 2010-06-02 20:06      29568      ----a-w-      c:\windows\system32\LMIport.dll
2010-08-11 13:31 . 2010-01-27 16:22      47640      ----a-w-      c:\windows\system32\drivers\LMIRfsDriver.sys
2010-08-11 13:31 . 2010-06-02 20:06      87424      ----a-w-      c:\windows\system32\LMIinit.dll
2010-08-11 13:31 . 2010-08-14 12:23      --------      d-----w-      c:\program files\LogMeIn
2010-08-11 13:29 . 2010-08-11 13:30      --------      d-----w-      c:\documents and settings\Owner\Local Settings\Application Data\Deployment
2010-08-11 03:10 . 2010-08-11 03:11      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-08-10 19:25 . 2010-06-28 20:32      17744      ----a-w-      c:\windows\system32\drivers\aswFsBlk.sys
2010-08-10 19:25 . 2010-06-28 20:37      165456      ----a-w-      c:\windows\system32\drivers\aswSP.sys
2010-08-10 19:25 . 2010-06-28 20:33      23376      ----a-w-      c:\windows\system32\drivers\aswRdr.sys
2010-08-10 19:25 . 2010-06-28 20:37      46672      ----a-w-      c:\windows\system32\drivers\aswTdi.sys
2010-08-10 19:25 . 2010-06-28 20:32      100176      ----a-w-      c:\windows\system32\drivers\aswmon2.sys
2010-08-10 19:25 . 2010-06-28 20:32      94544      ----a-w-      c:\windows\system32\drivers\aswmon.sys
2010-08-10 19:25 . 2010-06-28 20:32      28880      ----a-w-      c:\windows\system32\drivers\aavmker4.sys
2010-08-10 19:25 . 2010-06-28 20:57      38848      ----a-w-      c:\windows\avastSS.scr
2010-08-10 19:25 . 2010-06-28 20:57      165032      ----a-w-      c:\windows\system32\aswBoot.exe
2010-08-10 11:28 . 2010-08-10 11:44      --------      d-----w-      C:\bd_logs
2010-08-08 18:05 . 2010-08-08 18:05      503808      ----a-w-      c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c54bc1a-n\msvcp71.dll
2010-08-08 18:05 . 2010-08-08 18:05      499712      ----a-w-      c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c54bc1a-n\jmc.dll
2010-08-08 18:05 . 2010-08-08 18:05      348160      ----a-w-      c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c54bc1a-n\msvcr71.dll
2010-08-08 18:05 . 2010-08-08 18:05      61440      ----a-w-      c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4099921c-n\decora-sse.dll
2010-08-08 18:05 . 2010-08-08 18:05      12800      ----a-w-      c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4099921c-n\decora-d3d.dll
2010-08-08 18:05 . 2010-08-08 18:05      423656      ----a-w-      c:\windows\system32\deployJava1.dll
2010-08-08 16:50 . 2008-04-13 18:40      34688      -c--a-w-      c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-08 16:50 . 2008-04-13 18:40      34688      ----a-w-      c:\windows\system32\drivers\lbrtfdc.sys
2010-08-08 16:49 . 2008-04-13 18:41      8576      -c--a-w-      c:\windows\system32\dllcache\i2omgmt.sys
2010-08-08 16:49 . 2008-04-13 18:41      8576      ----a-w-      c:\windows\system32\drivers\i2omgmt.sys
2010-08-08 16:49 . 2008-04-13 18:40      8192      -c--a-w-      c:\windows\system32\dllcache\changer.sys
2010-08-08 16:49 . 2008-04-13 18:40      8192      ----a-w-      c:\windows\system32\drivers\changer.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 23:24 . 2010-07-04 01:48      63488      ----a-w-      c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-14 23:24 . 2010-07-04 01:48      117760      ----a-w-      c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-13 23:43 . 2005-02-11 01:23      --------      d-----w-      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-13 23:43 . 2005-02-11 01:23      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2010-08-13 03:18 . 2008-09-16 02:47      --------      d-----w-      c:\program files\Google
2010-08-11 14:26 . 2010-07-02 09:22      --------      d-----w-      c:\program files\CCleaner
2010-08-11 03:31 . 2010-07-02 11:43      15272      ----a-w-      c:\windows\system32\Native.exe
2010-08-10 19:24 . 2010-07-04 01:54      --------      d-----w-      c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-08 18:06 . 2004-04-01 07:28      --------      d-----w-      c:\program files\Common Files\Java
2010-08-08 18:04 . 2004-04-01 07:28      --------      d-----w-      c:\program files\Java
2010-08-08 16:50 . 2004-09-12 23:35      --------      d-----w-      c:\program files\Symantec
2010-07-27 01:10 . 2008-08-26 15:28      --------      d-----w-      c:\documents and settings\Owner\Application Data\CameraWindowDC
2010-07-24 01:37 . 2010-07-04 01:47      --------      d-----w-      c:\program files\SUPERAntiSpyware
2010-07-19 01:42 . 2008-08-26 14:56      --------      d-----w-      c:\documents and settings\Owner\Application Data\ZoomBrowser EX
2010-07-08 02:01 . 2009-07-13 01:47      --------      d-----w-      c:\program files\Ben There Dan That
2010-07-04 18:20 . 2010-06-15 01:38      --------      d-----w-      c:\program files\Common Files\PC Tools
2010-07-04 16:16 . 2010-06-13 01:11      --------      d---a-w-      c:\documents and settings\All Users\Application Data\TEMP
2010-07-04 01:54 . 2010-07-04 01:54      --------      d-----w-      c:\program files\Alwil Software
2010-07-04 01:48 . 2010-07-04 01:48      52224      ----a-w-      c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-04 01:47 . 2010-07-04 01:47      --------      d-----w-      c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-07-04 01:47 . 2010-07-04 01:47      --------      d-----w-      c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-02 20:52 . 2004-04-01 21:15      3884      ----a-w-      c:\windows\viassary-hp.reg
2010-07-02 20:11 . 2007-08-26 01:15      --------      d-----w-      c:\program files\Common Files\Apple
2010-07-02 19:20 . 2010-07-02 19:18      --------      d-----w-      c:\program files\iTunes
2010-07-02 19:19 . 2010-07-02 19:19      --------      d-----w-      c:\program files\iPod
2010-07-02 19:16 . 2010-07-02 19:16      --------      d-----w-      c:\program files\Apple Software Update
2010-07-02 15:40 . 2004-09-12 21:58      --------      d-----w-      c:\documents and settings\Owner\Application Data\Apple Computer
2010-07-02 11:36 . 2010-07-02 11:36      --------      d-----w-      c:\program files\Reimage
2010-07-02 02:00 . 2010-07-02 02:00      --------      d-----w-      c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-02 01:59 . 2010-07-02 01:59      --------      d-----w-      c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-02 01:07 . 2010-07-02 01:06      --------      d-----w-      c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-02 01:03 . 2010-07-02 01:02      --------      d-----w-      c:\program files\QuickTime
2010-07-02 00:58 . 2010-07-02 00:58      --------      d-----w-      c:\program files\Bonjour
2010-07-02 00:40 . 2006-07-08 02:19      --------      d-----w-      c:\program files\Speed Disk
2010-07-02 00:38 . 2006-07-08 02:18      --------      d-----w-      c:\program files\Norton Utilities
2010-07-02 00:38 . 2006-07-08 02:18      --------      d-----w-      c:\program files\Common Files\Symantec Shared
2010-06-30 12:31 . 2004-05-20 17:32      149504      ----a-w-      c:\windows\system32\schannel.dll
2010-06-28 14:47 . 2010-06-28 14:47      352513      ----a-w-      c:\windows\system32\savapi3.dll
2010-06-28 14:47 . 2003-02-21 19:42      348160      ----a-w-      c:\windows\system32\msvcr71.dll
2010-06-28 01:28 . 2010-06-28 01:28      38080      ---ha-w-      c:\windows\system32\mlfcache.dat
2010-06-24 12:22 . 2004-02-06 23:05      916480      ----a-w-      c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-04-01 04:50      1851904      ----a-w-      c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-04-01 04:49      354304      ----a-w-      c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-05-20 17:52      80384      ----a-w-      c:\windows\system32\iccvid.dll
2010-06-16 00:01 . 2010-06-16 00:01      72504      ----a-w-      c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2004-05-20 17:52      744448      ----a-w-      c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2004-05-20 17:31      1172480      ----a-w-      c:\windows\system32\msxml3.dll
2010-06-04 15:55 . 2010-06-04 15:55      229312      ----a-w-      c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 23:00 . 2010-06-01 23:00      278288      ----a-w-      c:\windows\system32\guard32.dll
2010-06-01 23:00 . 2010-06-01 23:00      87824      ----a-w-      c:\windows\system32\drivers\inspect.sys
2010-06-01 23:00 . 2010-06-01 23:00      25240      ----a-w-      c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 23:00 . 2010-06-01 23:00      15464      ----a-w-      c:\windows\system32\drivers\cmderd.sys
2010-05-18 20:35 . 2010-05-18 20:35      91424      ----a-w-      c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35      197920      ----a-w-      c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35      107808      ----a-w-      c:\windows\system32\dns-sd.exe
.

------- Sigcheck -------

[-] 2010-07-02 11:56 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2010-07-02 11:56 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2010-07-02 11:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-15 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-24 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-01 151597]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-01-09 868352]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Motive SmartBridge"="c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-05-19 385024]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CorelCENTRAL 10.lnk - c:\windows\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe [2004-9-12 5222]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2004-9-12 299008]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NetAssistant.lnk - c:\program files\NetAssistant\bin\matcli.exe [2006-7-7 217088]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21      548352      ----a-w-      c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 20:06      87424      ----a-w-      c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/08/2010 3:25 PM 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 11:55 AM 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 7:00 PM 25240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/08/2010 3:25 PM 17744]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27/01/2010 12:22 PM 12856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [13/08/2010 5:52 PM 88176]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 11:18 PM 135664]
S2 mrtRate;mrtRate; [x]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE --> c:\program files\Norton Utilities\NPROTECT.EXE [?]
S4 irzjmyl;irzjmyl; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 03:18]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = sympatico.ca
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Avoxezibec - c:\windows\husre2.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 20:26
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3519563282-3542745228-5832514-1003\RemoteAccess\Profile\x      *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\System32\NavLogon.dll
.
Completion time: 2010-08-14  20:28:52
ComboFix-quarantined-files.txt  2010-08-15 00:28

Pre-Run: 49,847,914,496 bytes free
Post-Run: 49,945,669,632 bytes free

- - End Of File - - 6A4A2B1D342A38A9E7A64B8478F48BD2
0
 
LVL 42

Expert Comment

by:Davis McCarn
ID: 33450271
Combofix, of late, has been far less effective by itself than it used to be.  Part of the reason is that the bad guys are actually inserting themselves into legitimate .SYS files which they then don't hide.
I am paricularly unhappy with this from your log:
detected NTDLL code modification:
ZwClose, ZwOpenFile
Try Kaspersky's TDSSKiller and see what it says: http://support.kaspersky.com/viruses/solutions?qid=208280684

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 38

Expert Comment

by:younghv
ID: 33453230
Comments regarding the very first post made.
1 - Don't start out by pulling the HDD and slaving it. It may be a neccessary technique if initial steps don't work, but a waste of time and effort as an immediate action drill. The reason is that you are not only searching for malware 'files', but also processes (which can't be identified in a slaved HDD).

2 - Don't ever remove the restore files until you are sure the system is clean. Even if infected, having any restore point to re-boot your system is better than none. Of course you remove and re-set your restore points as part of the process, but only after you are finished.
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33494781
Thanks you for your suggestion! I will download Kaspersky's TDSSKiller and run it on the ailing computer.
0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 83 total points
ID: 33495606
If unresolved after running TDSSKiller you could try Hitman Pro 3, a 'Second Opinion Malware Scanner'.   There's a facility to select either a 32-bit or a 64-bit download, as required:
http://www.surfright.nl/en/hitmanpro
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33497387
Thank you! You have given me a lot of toys to play with!
0
 
LVL 23

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 83 total points
ID: 33498746
Can you upload the file below to www.virustotal.com
c:\windows\system32\deployJava1.dll

Post the result here
Download and run Dr Web Cure It and scan your computer with it then generate and post the log here.
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33498799
I need about a day to run the suggested tests. I will give you the results.

Thank you!!!
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33510502
Here is the log file from TDSSKiller:

2010/08/24 08:42:19.0875      TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/24 08:42:19.0875      ================================================================================
2010/08/24 08:42:19.0875      SystemInfo:
2010/08/24 08:42:19.0875      
2010/08/24 08:42:19.0875      OS Version: 5.1.2600 ServicePack: 3.0
2010/08/24 08:42:19.0875      Product type: Workstation
2010/08/24 08:42:19.0875      ComputerName: PAVILION
2010/08/24 08:42:19.0875      UserName: Owner
2010/08/24 08:42:19.0875      Windows directory: C:\WINDOWS
2010/08/24 08:42:19.0875      System windows directory: C:\WINDOWS
2010/08/24 08:42:19.0875      Processor architecture: Intel x86
2010/08/24 08:42:19.0890      Number of processors: 1
2010/08/24 08:42:19.0890      Page size: 0x1000
2010/08/24 08:42:19.0890      Boot type: Normal boot
2010/08/24 08:42:19.0890      ================================================================================
2010/08/24 08:42:20.0109      Initialize success
2010/08/24 08:42:23.0937      ================================================================================
2010/08/24 08:42:23.0937      Scan started
2010/08/24 08:42:23.0937      Mode: Manual;
2010/08/24 08:42:23.0937      ================================================================================
2010/08/24 08:42:25.0562      Aavmker4        (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/08/24 08:42:26.0000      ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/24 08:42:26.0140      ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/24 08:42:26.0453      aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/24 08:42:26.0625      AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/24 08:42:26.0781      AFS2K           (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/08/24 08:42:26.0984      AgereSoftModem  (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/24 08:42:27.0671      ALCXWDM         (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/24 08:42:28.0062      AmdK7           (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/08/24 08:42:28.0375      Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/24 08:42:29.0000      aswFsBlk        (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/08/24 08:42:29.0156      aswMon2         (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/08/24 08:42:29.0328      aswRdr          (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/08/24 08:42:29.0531      aswSP           (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/08/24 08:42:29.0687      aswTdi          (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/08/24 08:42:29.0859      AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/24 08:42:30.0046      atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/24 08:42:30.0328      Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/24 08:42:30.0484      audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/24 08:42:30.0687      BANTExt         (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/08/24 08:42:30.0859      Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/24 08:42:31.0171      cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/24 08:42:31.0453      Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/24 08:42:31.0609      Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/24 08:42:31.0765      Cdr4_xp         (0544a09d81dbb205a4be401f0f50dc52) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/08/24 08:42:31.0921      Cdralw2k        (4df9e407c88deb553d8046e04953819c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/08/24 08:42:32.0093      Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 08:42:32.0187      CDRPDACC        (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\Quintessential Player\cdrpdacc.sys
2010/08/24 08:42:32.0359      cdudf_xp        (b23737822f2278944d058194afe5f26a) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/08/24 08:42:32.0546      Changer         (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2010/08/24 08:42:32.0734      cmdGuard        (d7c17cc5038773aa717864a5555465de) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2010/08/24 08:42:32.0906      cmdHlp          (81ceedf3501cd5ccae3dceb204af1634) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2010/08/24 08:42:33.0656      Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/24 08:42:33.0859      dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/24 08:42:34.0046      dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/24 08:42:34.0203      dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/24 08:42:34.0390      DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/24 08:42:34.0703      drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/24 08:42:34.0859      dvd_2K          (8ac33bcee856b363c0aa6913da632729) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/08/24 08:42:35.0093      Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/24 08:42:35.0250      fasttx2k        (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2010/08/24 08:42:35.0437      Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/24 08:42:35.0593      FETND5BV        (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2010/08/24 08:42:35.0765      Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/24 08:42:35.0921      Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/24 08:42:36.0093      FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/24 08:42:36.0265      Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/24 08:42:36.0421      Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/24 08:42:36.0578      GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/24 08:42:36.0734      Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/24 08:42:36.0953      HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/24 08:42:37.0296      HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/24 08:42:37.0484      i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/24 08:42:37.0781      i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/24 08:42:37.0968      Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/24 08:42:38.0281      Inspect         (bf141304f251563b63e64cb3c036de74) C:\WINDOWS\system32\DRIVERS\inspect.sys
2010/08/24 08:42:38.0437      IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/24 08:42:38.0609      intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/24 08:42:38.0781      ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/24 08:42:38.0953      IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/24 08:42:39.0125      IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/24 08:42:39.0281      IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/24 08:42:39.0453      IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/24 08:42:39.0625      IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/24 08:42:39.0921      isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/24 08:42:40.0093      Iviaspi         (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/08/24 08:42:40.0265      Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/24 08:42:40.0437      kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/24 08:42:40.0609      kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/24 08:42:40.0796      KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/24 08:42:40.0968      lbrtfdc         (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010/08/24 08:42:41.0140      LMIInfo         (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2010/08/24 08:42:41.0312      lmimirr         (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2010/08/24 08:42:41.0609      LMIRfsDriver    (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2010/08/24 08:42:41.0812      mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/24 08:42:41.0984      Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/24 08:42:42.0140      Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/24 08:42:42.0296      mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/24 08:42:42.0453      MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/24 08:42:43.0031      MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/24 08:42:43.0218      MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/24 08:42:43.0421      Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/24 08:42:43.0593      MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/24 08:42:43.0750      MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/24 08:42:43.0906      MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/24 08:42:44.0093      mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/24 08:42:44.0265      Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/24 08:42:44.0453      NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/24 08:42:44.0625      NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/24 08:42:44.0796      Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/24 08:42:44.0968      NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/24 08:42:45.0140      NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/24 08:42:45.0328      NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/24 08:42:45.0500      NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/24 08:42:45.0734      NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/24 08:42:45.0906      Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/24 08:42:46.0109      Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/24 08:42:46.0328      Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/24 08:42:46.0453      NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/24 08:42:46.0609      NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/24 08:42:46.0781      ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/24 08:42:46.0953      Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/24 08:42:47.0125      PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/24 08:42:47.0281      ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/24 08:42:47.0453      PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/24 08:42:47.0765      PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/24 08:42:47.0921      Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/24 08:42:48.0890      Pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/08/24 08:42:49.0078      PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/24 08:42:49.0265      PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/24 08:42:49.0421      Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/24 08:42:49.0578      pwd_2k          (4d0ecd60a1467347f7513e17ff2762d7) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/08/24 08:42:49.0734      PxHelp20        (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/08/24 08:42:50.0578      RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/24 08:42:50.0734      Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/24 08:42:50.0921      RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/24 08:42:51.0093      Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/24 08:42:51.0265      Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/24 08:42:51.0421      RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/24 08:42:51.0609      RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/24 08:42:51.0781      redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/24 08:42:51.0953      SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/24 08:42:52.0015      SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/24 08:42:52.0218      Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/24 08:42:52.0406      Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/24 08:42:52.0562      Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/24 08:42:52.0765      Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/24 08:42:53.0078      SISAGP          (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/08/24 08:42:53.0234      SiSkp           (837d26f79a1647066d75c5c811887475) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/08/24 08:42:53.0546      splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/24 08:42:53.0750      sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/24 08:42:53.0968      Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/24 08:42:54.0218      swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/24 08:42:54.0390      swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/24 08:42:55.0093      sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/24 08:42:55.0312      Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/24 08:42:55.0484      TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/24 08:42:55.0656      TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/24 08:42:55.0812      TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/24 08:42:56.0187      UdfReadr_xp     (91445b1966f599eecf79cf281cd0c088) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/08/24 08:42:56.0359      Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/24 08:42:56.0671      Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/24 08:42:56.0906      usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/24 08:42:57.0062      usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/24 08:42:57.0234      usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/24 08:42:57.0406      USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/24 08:42:57.0546      usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/24 08:42:57.0734      VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/24 08:42:57.0906      viaagp1         (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2010/08/24 08:42:58.0062      viagfx          (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2010/08/24 08:42:58.0234      ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/24 08:42:58.0406      VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/24 08:42:58.0625      Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/24 08:42:58.0921      wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/24 08:42:59.0218      WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/24 08:42:59.0359      ================================================================================
2010/08/24 08:42:59.0359      Scan finished
2010/08/24 08:42:59.0359      ================================================================================
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33511635
The following is the log file from Dr. Web. BTW, Dr. Web is a killer! if found and destroyed  over 140 pieces in her computer! SuperAntispyware discovered and put away approximately 80 minor spyware pieces.

hosts.20100601-213540.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213555.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213556.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213557.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213558.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213605.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213608.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213609.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213630.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213631.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213646.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213648.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213650.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213651.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213652.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213653.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213654.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213655.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213658.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213727.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213728.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213730.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213733.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213734.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213735.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213743.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213745.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213756.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213803.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213804.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213805.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213808.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213809.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213810.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213812.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213817.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213822.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213823.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213824.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213825.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213826.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213901.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213905.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213906.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213907.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213909.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213919.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213920.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213921.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213922.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213928.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213931.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213932.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213933.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213936.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213937.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213941.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213942.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213943.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213944.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213948.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213951.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213952.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213953.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-213959.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214001.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214005.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214131.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214132.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214135.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214137.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214139.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214204.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214205.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214206.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214210.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214211.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214212.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214213.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214214.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214217.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214219.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214220.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214221.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214222.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214423.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214425.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214426.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214435.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214436.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214437.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214443.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214447.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214448.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214458.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214459.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214500.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214501.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214502.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214503.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214544.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214545.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214546.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214656.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214657.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214658.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214835.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214836.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214837.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214838.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100601-214840.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213035.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213045.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213046.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213051.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213104.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213106.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213111.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213112.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213114.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213115.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213127.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213138.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213140.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213142.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213146.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213148.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213150.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213154.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213155.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213206.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213208.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213210.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213213.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213214.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213215.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213225.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213227.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213228.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213229.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213230.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213231.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
hosts.20100606-213232.backup.virus-Trojan.Script.422207;C:\WINDOWS\system32\drivers\etc;Trojan.FakeSecure.10;Deleted.;
 
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33539345
Is the computer clean???
Thanks!
0
 
LVL 42

Expert Comment

by:Davis McCarn
ID: 33540792
Most of the recent Trojans will hijaak you if you do several Google searches and then click on the results.  Try that and several reboots to be sure.
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 33541029
Try running Dr Web in safe mode, Just in case that some of these trojans were not removed or integrated with some programs that runs on startup or with drivers. you will be able to delete / cure them.
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33541110
Thanks guys!
0
 
LVL 1

Author Comment

by:cdplayer
ID: 33609942
I've completed running Dr. Web in Safe Mode. It appeared to be clean. The client has taken back their computer.

Thank you for all of your help!!!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now