cardinal17

wanted to check with you first - done and the logs now seem fine system seems to back to normal you guys are awesome! is there any cleanup required? (of diag software)

msconfig now allows me to change to normal mode (which I did and rebooted) the eventlogs still seem to be an issue - not recording reboot, for instance export of services (tabbed) attached services.zip

McAfee was reinstalled after the last clean mbam - not comfortable with no AV no service is identified - many are still stopped ..

generally Good System Event logs dates are incorrect (future) 12/17/2009 for today - clock is correct App log seems OK get an error when running msconfig "An access denied error was returned while attempting to change a service.." (was resetting startup items) many thanks for your persistence

results of kaspersky scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, September 29, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, September 29, 2009 05:07:50 Records in database: 2934208 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 148657 Threats found: 5 Infected objects found: 10 Suspicious objects found: 0 Scan duration: 03:16:49 File name / Threat / Threats count C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\24\bae1618-5d78e696 Infected: Trojan-Downloader.Java.OpenStream.y 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\43\11753b6b-2b8f7647 Infected: Trojan-Downloader.Java.OpenStream.y 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-2cb3845e Infected: Trojan-Downloader.Java.OpenConnection.at 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-334ab0c6 Infected: Trojan-Downloader.Java.Agent.f 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-65499117-4703307c.class Infected: Trojan-Downloader.Java.OpenStream.y 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfgn.class-2a829977-22fe4d04.class Infected: Trojan-Downloader.Java.OpenStream.y 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-775381f0.zip Infected: Trojan-Downloader.Java.Agent.f 1 C:\Downloads\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.273 1 C:\Downloads\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.e 2 Selected area has been scanned.

concerned about this ... from RootRepeal ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/28 19:39 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xB2366000 Size: 471040 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAE659000 Size: 49152 File Visible: No Signed: - Status: - will run online av now

7am !! you guys are dedicated - mbam came back clean !! Malwarebytes' Anti-Malware 1.41 Database version: 2866 Windows 5.1.2600 Service Pack 3 9/27/2009 6:50:31 PM mbam-log-2009-09-27 (18-50-31).txt Scan type: Quick Scan Objects scanned: 104321 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) hopefully that's it - we can discuss cleanup later

done

uploaded 2 zips

cant upload - file space exceeded 597Kb compressed

OK - I had executed from the C: not the X: running now

Double click to launch the Command Prompt In the ensuing window, type C:\ScanAll.bat .. would take some time before it finish running. Great time for a cuppa ====== got an application error box "The procedure * could not be located in the DLL sfc.dll." also the DEL statement got a "could not find c:\windows\scanALL.bat"

download / created / tested

no hits on tdlwsp.dll none on tdlcmd.dll 3 hits on iastor.sys c:\drivers\storage\sata\onboard c:\i386 c:\windows\system32\drivers

no joy - safe mode - run mbam / remove 2 selected reboot to safe mode - rerun mbam - still there