cardinal17
Honorary Members-
Posts
42 -
Joined
-
Last visited
Reputation
0 Neutral-
wanted to check with you first - done and the logs now seem fine system seems to back to normal you guys are awesome! is there any cleanup required? (of diag software)
-
msconfig now allows me to change to normal mode (which I did and rebooted) the eventlogs still seem to be an issue - not recording reboot, for instance export of services (tabbed) attached services.zip
-
McAfee was reinstalled after the last clean mbam - not comfortable with no AV no service is identified - many are still stopped ..
-
generally Good System Event logs dates are incorrect (future) 12/17/2009 for today - clock is correct App log seems OK get an error when running msconfig "An access denied error was returned while attempting to change a service.." (was resetting startup items) many thanks for your persistence
-
results of kaspersky scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, September 29, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, September 29, 2009 05:07:50 Records in database: 2934208 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 148657 Threats found: 5 Infected objects found: 10 Suspicious objects found: 0 Scan duration: 03:16:49 File name / Threat / Threats count C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\24\bae1618-5d78e696 Infected: Trojan-Downloader.Java.OpenStream.y 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\43\11753b6b-2b8f7647 Infected: Trojan-Downloader.Java.OpenStream.y 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-2cb3845e Infected: Trojan-Downloader.Java.OpenConnection.at 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-334ab0c6 Infected: Trojan-Downloader.Java.Agent.f 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-65499117-4703307c.class Infected: Trojan-Downloader.Java.OpenStream.y 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfgn.class-2a829977-22fe4d04.class Infected: Trojan-Downloader.Java.OpenStream.y 1 C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-775381f0.zip Infected: Trojan-Downloader.Java.Agent.f 1 C:\Downloads\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.273 1 C:\Downloads\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.e 2 Selected area has been scanned.
-
concerned about this ... from RootRepeal ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/28 19:39 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xB2366000 Size: 471040 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAE659000 Size: 49152 File Visible: No Signed: - Status: - will run online av now
-
7am !! you guys are dedicated - mbam came back clean !! Malwarebytes' Anti-Malware 1.41 Database version: 2866 Windows 5.1.2600 Service Pack 3 9/27/2009 6:50:31 PM mbam-log-2009-09-27 (18-50-31).txt Scan type: Quick Scan Objects scanned: 104321 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) hopefully that's it - we can discuss cleanup later
-
done
-
uploaded 2 zips
-
cant upload - file space exceeded 597Kb compressed
-
OK - I had executed from the C: not the X: running now
-
Double click to launch the Command Prompt In the ensuing window, type C:\ScanAll.bat .. would take some time before it finish running. Great time for a cuppa ====== got an application error box "The procedure * could not be located in the DLL sfc.dll." also the DEL statement got a "could not find c:\windows\scanALL.bat"
-
download / created / tested
-
no hits on tdlwsp.dll none on tdlcmd.dll 3 hits on iastor.sys c:\drivers\storage\sata\onboard c:\i386 c:\windows\system32\drivers
-
no joy - safe mode - run mbam / remove 2 selected reboot to safe mode - rerun mbam - still there