AVSecuity Suite / MSSecurity Essentials Malware

exmachina · October 7, 2010

I am new to this forum, please forgive any SOP's that I am not following-Ipromise to do my best to stay w/in your guidelines.

This issue started with MSSecurity Essentials {FAKE} malware. Trying to remove ir myself using Spybot S&D; SuperAntiSpyware; AdAware; & Malwarebytes.

After a few attempts I thought I might try removing it maually via Reg. Editor. A little over ambitious w/ the delete resulted in having to repair XP PRO w/ the MS OS disk and reinstal SP3.

Part 2

I then dicovered www.Bleeping...and Malwarebytes forums dealing with this issue and essentially followed two differnt users.I was essentially trying the same removal tools/ programs they were trying paying no attention to the logs (as I had little idea what I was looking at anyway). Have used several removal tools now including:

ComboFix; HJT; OTL; rkill; Kapersky (spelling?) and a few others.

Part 3

after finishing with the forum steps twice (both for another user-never me) I would run in SafeMode (disconnected from LAN)

Spybot S&D; SuperAntiSpyware; AdAware; & Malwarebytes

Outcome: the first 2 above are still picking up malware specificallly: AVSec.Suite malware

Surprisingly Malware Bytes sees my PC as clean.

While I've decreased the infected areas; I'm still infected regardless what I attempt. I just don't know enough, clearly.

Side NOTE, when running "ComboFix" a warning about AVG 9.0 comes up. I have tried to uninstall this several times and used AVGremover. It still is in there somewhere.

Also, I have access to several computers and have elected to keep the infected one on and in Safe Mode w/ networking until further instructions.

I am downloading files onto it via USB Drive.

I'm in your hands....thank you in advance for your help with this matter. You're all clearly saints!

NJ_Manderson

Log files below

--------------------------------------------------------------------------------------

DDS (Ver_10-10-05.01) - NTFSx86 NETWORK

Run by Administrator at 21:15:55.42 on Wed 10/06/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2949 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\ec4b378b-0122-4d42-80ad-c80517e6ab45.com

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Disabled:{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File

BHO: Disabled:{449E6CCA-C276-44A4-8ABC-8E34202A029B} - No File

BHO: Disabled:{53707962-6F74-2D53-2644-206D7942484F} - No File

BHO: Disabled:{AE7CD045-E861-484f-8273-0445EE161910} - No File

BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

BHO: Disabled:{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No File

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

uRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232723731716

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-5 64288]

S0 klmdb;klmdb;c:\windows\system32\drivers\klmdb.sys --> c:\windows\system32\drivers\klmdb.sys [?]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

S2 CrossLoopService;CrossLoop Service;c:\documents and settings\matt\local settings\application data\crossloop\CrossLoopService.exe [2010-2-26 560792]

S2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2007-12-13 439656]

S2 gupdate1c990502343255a;Google Update Service (gupdate1c990502343255a);c:\program files\google\update\GoogleUpdate.exe [2009-2-16 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]

S3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2007-3-9 23400]

S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\drivers\iiusbisp.sys --> c:\windows\system32\drivers\iiusbisp.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

S3 uvnc_service;uvnc_service;c:\documents and settings\matt\local settings\application data\crossloop\winvnc.exe [2010-2-26 1590216]

=============== Created Last 30 ================

2010-10-07 01:04:32 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-10-06 22:05:38 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com

2010-10-06 17:00:23 -------- d-sha-r- C:\cmdcons

2010-10-06 16:26:51 -------- d-----w- c:\docume~1\admini~1\applic~1\GlarySoft

2010-10-06 16:21:45 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Adobe

2010-10-05 19:57:32 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-10-05 13:59:09 -------- d-----w- c:\program files\Glary Utilities

2010-10-05 13:44:20 -------- d-----w- C:\AVGTemp

2010-10-05 13:24:25 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com

2010-10-05 05:17:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-10-05 05:17:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-10-05 05:13:51 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy

2010-10-05 05:13:11 -------- dc-h--w- c:\docume~1\alluse~1.win\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-10-05 05:12:49 -------- d-----w- c:\program files\Lavasoft

2010-10-05 03:40:44 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

2010-10-05 03:35:11 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-10-05 02:44:38 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2010-10-05 02:44:38 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2010-10-05 02:44:30 86016 -c----w- c:\windows\system32\dllcache\sl_anet.acm

2010-10-05 02:44:30 294912 -c----w- c:\windows\system32\dllcache\msaud32.acm

2010-10-05 02:44:29 290816 -c----w- c:\windows\system32\dllcache\l3codeca.acm

2010-10-05 02:44:07 9728 ------w- c:\windows\system32\rwnh.dll

2010-10-05 02:44:07 10752 ------w- c:\windows\system32\smtpapi.dll

2010-10-05 02:39:43 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-10-05 02:38:36 123392 ------w- c:\windows\system32\mplay32.exe

2010-10-05 01:12:50 -------- d-----w- c:\program files\MSXML 6.0

2010-10-05 00:47:58 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-10-05 00:47:57 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-10-05 00:47:55 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-10-04 23:44:12 2656656 ---ha-w- c:\docume~1\admini~1\locals~1\applic~1\IconCache.db

2010-10-04 22:50:11 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-10-04 22:49:55 354304 -c----w- c:\windows\system32\dllcache\srv.sys

2010-10-04 22:49:29 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-10-04 22:49:21 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-10-04 22:49:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-10-04 22:45:57 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-10-04 22:44:25 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-10-04 21:47:01 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll

2010-10-04 21:47:01 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll

2010-10-04 21:47:01 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll

2010-10-04 21:47:01 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll

2010-10-04 21:47:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll

2010-10-04 21:47:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe

2010-10-04 21:45:59 22016 -c--a-w- c:\windows\system32\dllcache\logscrpt.dll

2010-10-04 21:44:59 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll

2010-10-04 21:44:54 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe

2010-10-04 21:44:54 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll

2010-10-04 21:44:54 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll

2010-10-04 21:44:54 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll

2010-10-04 21:44:54 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe

2010-10-04 21:44:53 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2010-10-04 21:44:51 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx

2010-10-04 21:44:46 -------- d-----w- c:\program files\msn gaming zone

2010-10-04 21:43:10 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2010-10-04 21:25:53 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-10-04 21:25:53 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-10-04 21:25:53 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-10-04 21:25:53 13312 ----a-w- c:\windows\system32\irclass.dll

2010-10-04 21:25:43 -------- d-----r- c:\documents and settings\all users.windows\Documents

2010-10-04 16:44:17 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-10-04 16:44:17 -------- d-----w- c:\windows\system32\wbem\Repository

2010-10-04 07:45:22 -------- d-----w- c:\windows\pss

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-12 17:04:01 499712 ----a-w- c:\windows\system32\msvcp71.dll

============= FINISH: 21:16:28.89 ===============

Attach.txt

ark.txt

kahdah · October 8, 2010

Hello exmachina

Welcome to Malwarebytes.

=====================

Can you post the log from Superantispyware please or attach it.

exmachina · October 9, 2010

kahdah-

thanks for becoming my new best friend

I appreciate your help!

Below are the Super...Scan Logs from 6:22 & 6:45pm 100610 (respectively)

I have also attached {1 file attached but text from....} 2 Spybot "check logs" and a "fix log" from the last time it ran

Spybot_Checks_and_Fixes_Log100610.txt

I'll be checking for your replies every chance I get over the weekend.

Seriously! Thank you for your help!

exmachina

{aka: "M"}

----------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/06/2010 at 06:22 PM

Application Version : 4.44.1000

Core Rules Database Version : 5610

Trace Rules Database Version: 3422

Scan type : Quick Scan

Total Scan Time : 00:13:21

Memory items scanned : 290

Memory threats detected : 0

Registry items scanned : 1677

Registry threats detected : 1

File items scanned : 12724

File threats detected : 1

Adware.Tracking Cookie

C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt

Malware.Trace

HKU\PE_C0_S-1-5-21-220523388-764733703-682003330-1003\SOFTWARE\AVSolution

----------------------------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/06/2010 at 06:45 PM

Application Version : 4.44.1000

Core Rules Database Version : 5610

Trace Rules Database Version: 3422

Scan type : Quick Scan

Total Scan Time : 00:12:09

Memory items scanned : 296

Memory threats detected : 0

Registry items scanned : 1677

Registry threats detected : 0

File items scanned : 12724

File threats detected : 0

-----

END

kahdah · October 9, 2010

Do either program now detect the said threats?

What issues are you having at the moment other than that?

exmachina · October 9, 2010

kahdah-

Yes. I re-scanned SUPERAntispyware {Quick Scan}

and

Spybot SD just a few minutes ago, specifically for this post

{Logs Below}

without fail every time I run these I will get at least 1 if not more hits on AVSecuritySuite.

The obvious question:

Am I Fixing, Quarantine(ing), etc at the end of the scan?

Absolutely.

It just won't quite go away and die.

M

----------------------------------------------------------------------------

--- Search result list ---

Fraud.AVSecuritySuite: [sBI $5587D6DE] Settings (Registry value, fixed)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer=...http=127.0.0.1:5643...

Fraud.AVSecuritySuite: [sBI $5587D6DE] Settings (Registry value, fixed)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer=...http=127.0.0.1:5643...

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2010-10-05 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-11-04 advcheck.dll (1.6.5.20)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2010-06-29 Includes\Adware.sbi (*)

2010-08-24 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2010-09-22 Includes\Dialer.sbi (*)

2010-09-22 Includes\DialerC.sbi (*)

2010-01-25 Includes\HeavyDuty.sbi (*)

2009-05-26 Includes\Hijackers.sbi (*)

2010-07-27 Includes\HijackersC.sbi (*)

2010-09-15 Includes\iPhone.sbi (*)

2010-08-02 Includes\Keyloggers.sbi (*)

2010-08-31 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2010-09-13 Includes\Malware.sbi (*)

2010-10-05 Includes\MalwareC.sbi (*)

2010-05-18 Includes\PUPS.sbi (*)

2010-10-05 Includes\PUPSC.sbi (*)

2010-01-25 Includes\Revision.sbi (*)

2009-01-13 Includes\Security.sbi (*)

2010-07-27 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2010-06-29 Includes\Spyware.sbi (*)

2010-07-27 Includes\SpywareC.sbi (*)

2010-03-08 Includes\Tracks.uti

2010-08-04 Includes\Trojans.sbi (*)

2010-09-28 Includes\TrojansC-02.sbi (*)

2010-07-28 Includes\TrojansC-03.sbi (*)

2010-09-28 Includes\TrojansC-04.sbi (*)

2010-10-05 Includes\TrojansC-05.sbi (*)

2010-09-13 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---

Windows XP (Build: 2600) Service Pack 3 (5.1.2600)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB2416447)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB979906)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)

/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs

/ Windows / SP1: Microsoft National Language Support Downlevel APIs

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)

/ Windows Media Player: Security Update for Windows Media Player (KB952069)

/ Windows Media Player: Security Update for Windows Media Player (KB954155)

/ Windows Media Player: Security Update for Windows Media Player (KB968816)

/ Windows Media Player: Security Update for Windows Media Player (KB973540)

/ Windows Media Player: Security Update for Windows Media Player (KB975558)

/ Windows Media Player: Security Update for Windows Media Player (KB978695)

/ Windows Media Player: Security Update for Windows Media Player (KB979402)

/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)

/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)

/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)

/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB2183461)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)

/ Windows XP / SP3: Windows XP Service Pack 3

/ Windows XP / SP4: Security Update for Windows XP (KB2079403)

/ Windows XP / SP4: Security Update for Windows XP (KB2115168)

/ Windows XP / SP4: Security Update for Windows XP (KB2121546)

/ Windows XP / SP4: Update for Windows XP (KB2141007)

/ Windows XP / SP4: Security Update for Windows XP (KB2160329)

/ Windows XP / SP4: Security Update for Windows XP (KB2229593)

/ Windows XP / SP4: Security Update for Windows XP (KB2259922)

/ Windows XP / SP4: Security Update for Windows XP (KB2286198)

/ Windows XP / SP4: Security Update for Windows XP (KB2347290)

/ Windows XP / SP4: Security Update for Windows XP (KB923561)

/ Windows XP / SP4: Security Update for Windows XP (KB946648)

/ Windows XP / SP4: Security Update for Windows XP (KB950762)

/ Windows XP / SP4: Security Update for Windows XP (KB950974)

/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)

/ Windows XP / SP4: Security Update for Windows XP (KB951748)

/ Windows XP / SP4: Update for Windows XP (KB951978)

/ Windows XP / SP4: Security Update for Windows XP (KB952004)

/ Windows XP / SP4: Hotfix for Windows XP (KB952287)

/ Windows XP / SP4: Security Update for Windows XP (KB952954)

/ Windows XP / SP4: Security Update for Windows XP (KB955069)

/ Windows XP / SP4: Update for Windows XP (KB955759)

/ Windows XP / SP4: Security Update for Windows XP (KB956572)

/ Windows XP / SP4: Security Update for Windows XP (KB956744)

/ Windows XP / SP4: Security Update for Windows XP (KB956802)

/ Windows XP / SP4: Security Update for Windows XP (KB956803)

/ Windows XP / SP4: Security Update for Windows XP (KB956844)

/ Windows XP / SP4: Security Update for Windows XP (KB958644)

/ Windows XP / SP4: Security Update for Windows XP (KB958869)

/ Windows XP / SP4: Security Update for Windows XP (KB959426)

/ Windows XP / SP4: Security Update for Windows XP (KB960225)

/ Windows XP / SP4: Security Update for Windows XP (KB960803)

/ Windows XP / SP4: Security Update for Windows XP (KB960859)

/ Windows XP / SP4: Hotfix for Windows XP (KB961118)

/ Windows XP / SP4: Security Update for Windows XP (KB961501)

/ Windows XP / SP4: Update for Windows XP (KB967715)

/ Windows XP / SP4: Update for Windows XP (KB968389)

/ Windows XP / SP4: Security Update for Windows XP (KB969059)

/ Windows XP / SP4: Security Update for Windows XP (KB970238)

/ Windows XP / SP4: Security Update for Windows XP (KB970430)

/ Windows XP / SP4: Security Update for Windows XP (KB971468)

/ Windows XP / SP4: Security Update for Windows XP (KB971657)

/ Windows XP / SP4: Update for Windows XP (KB971737)

/ Windows XP / SP4: Security Update for Windows XP (KB971961)

/ Windows XP / SP4: Security Update for Windows XP (KB972270)

/ Windows XP / SP4: Security Update for Windows XP (KB973507)

/ Windows XP / SP4: Update for Windows XP (KB973687)

/ Windows XP / SP4: Update for Windows XP (KB973815)

/ Windows XP / SP4: Security Update for Windows XP (KB973869)

/ Windows XP / SP4: Security Update for Windows XP (KB973904)

/ Windows XP / SP4: Security Update for Windows XP (KB974112)

/ Windows XP / SP4: Security Update for Windows XP (KB974318)

/ Windows XP / SP4: Security Update for Windows XP (KB974392)

/ Windows XP / SP4: Security Update for Windows XP (KB974571)

/ Windows XP / SP4: Security Update for Windows XP (KB975025)

/ Windows XP / SP4: Security Update for Windows XP (KB975467)

/ Windows XP / SP4: Security Update for Windows XP (KB975560)

/ Windows XP / SP4: Security Update for Windows XP (KB975561)

/ Windows XP / SP4: Security Update for Windows XP (KB975562)

/ Windows XP / SP4: Security Update for Windows XP (KB975713)

/ Windows XP / SP4: Security Update for Windows XP (KB977816)

/ Windows XP / SP4: Security Update for Windows XP (KB977914)

/ Windows XP / SP4: Security Update for Windows XP (KB978037)

/ Windows XP / SP4: Security Update for Windows XP (KB978338)

/ Windows XP / SP4: Security Update for Windows XP (KB978542)

/ Windows XP / SP4: Security Update for Windows XP (KB978601)

/ Windows XP / SP4: Security Update for Windows XP (KB979309)

/ Windows XP / SP4: Security Update for Windows XP (KB979482)

/ Windows XP / SP4: Security Update for Windows XP (KB979559)

/ Windows XP / SP4: Security Update for Windows XP (KB979683)

/ Windows XP / SP4: Security Update for Windows XP (KB980195)

/ Windows XP / SP4: Security Update for Windows XP (KB980218)

/ Windows XP / SP4: Security Update for Windows XP (KB980232)

/ Windows XP / SP4: Security Update for Windows XP (KB980436)

/ Windows XP / SP4: Security Update for Windows XP (KB981322)

/ Windows XP / SP4: Security Update for Windows XP (KB981349)

/ Windows XP / SP4: Security Update for Windows XP (KB981852)

/ Windows XP / SP4: Security Update for Windows XP (KB981997)

/ Windows XP / SP4: Security Update for Windows XP (KB982214)

/ Windows XP / SP4: Security Update for Windows XP (KB982381)

/ Windows XP / SP4: Security Update for Windows XP (KB982665)

/ Windows XP / SP4: Security Update for Windows XP (KB982802)

--- Startup entries list ---

Located: HK_LM:Run, Adobe Version Cue CS2

command: C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

file: C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

size: 856064

MD5: 98FAFD82E4F0674D2D7BB3C8FD141D32

Located: HK_LM:Run, NokiaMServer

command: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

file: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\NvCpl.dll

size: 13574144

MD5: 89C7169D6161D98585880E3079D721F3

Located: HK_LM:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

file: C:\WINDOWS\system32\NvMcTray.dll

size: 86016

MD5: C01F5EFFCF7D51921722D96AE4140727

Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 1657376

MD5: 7ADC35508F0C8D21197DD9988BDD42A4

Located: HK_LM:Run, Adobe Version Cue CS2 (DISABLED)

command: C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

file: C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

size: 856064

MD5: 98FAFD82E4F0674D2D7BB3C8FD141D32

Located: HK_LM:Run, AVG9_TRAY (DISABLED)

command: C:\PROGRA~1\AVG\AVG9\avgtray.exe

file: C:\PROGRA~1\AVG\AVG9\avgtray.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, NokiaMServer (DISABLED)

command: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

file: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, NokiaMusic FastStart (DISABLED)

command: "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

file: C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe

size: 2327840

MD5: 75D34F4E31D30ACF808B3BCECE222287

Located: HK_LM:Run, NvCplDaemon (DISABLED)

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\NvCpl.dll

size: 13574144

MD5: 89C7169D6161D98585880E3079D721F3

Located: HK_LM:Run, NvMediaCenter (DISABLED)

command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

file: C:\WINDOWS\system32\NvMcTray.dll

size: 86016

MD5: C01F5EFFCF7D51921722D96AE4140727

Located: HK_LM:Run, nwiz (DISABLED)

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 1657376

MD5: 7ADC35508F0C8D21197DD9988BDD42A4

Located: HK_LM:Run, PDF CMYK Print EngineClient (DISABLED)

command: C:\Program Files\4over Inc.\PDF CMYK Print Engine\PDFCMYKPrintEngineClient.exe

file: C:\Program Files\4over Inc.\PDF CMYK Print Engine\PDFCMYKPrintEngineClient.exe

size: 315392

MD5: E8067ECEDEE829BD61A07873D7EEE619

Located: HK_LM:Run, SysTrayApp (DISABLED)

command: %ProgramFiles%\IDT\WDM\sttray.exe

file: C:\Program Files\IDT\WDM\sttray.exe

size: 413696

MD5: D3857A8CBAD217D0FB61ADD1D4A0DEB4

Located: HK_LM:Run, WinampAgent (DISABLED)

command: "C:\Program Files\Winamp\winampa.exe"

file: C:\Program Files\Winamp\winampa.exe

size: 37888

MD5: 9DB9AAD88F859E99E0BD0221D675AAE5

Located: HK_CU:Run,

where: PE_C0_S-1-5-21-220523388-764733703-682003330-1003...

command:

file:

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:Run, Glary Memory Optimizer (DISABLED)

where: PE_C0_S-1-5-21-220523388-764733703-682003330-1003...

command: "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart

file: C:\Program Files\Glary Utilities\memdefrag.exe

size: 108344

MD5: EA184F7F36F2F35F277F0A4285A08512

Located: HK_CU:Run, Google Update (DISABLED)

where: PE_C0_S-1-5-21-220523388-764733703-682003330-1003...

command: "C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

file: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

size: 133104

MD5: 626A24ED1228580B9518C01930936DF9

Located: HK_CU:Run, Helper (DISABLED)

where: PE_C0_S-1-5-21-220523388-764733703-682003330-1003...

command: C:\Documents and Settings\Matt\Application Data\Helper\bin\liveu.exe

file: C:\Documents and Settings\Matt\Application Data\Helper\bin\liveu.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:Run, PC Suite Tray (DISABLED)

where: PE_C0_S-1-5-21-220523388-764733703-682003330-1003...

command: "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

file: C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

size: 1312256

MD5: DD14CDF45051A973B3311C53441FF330

Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)

where: PE_C0_S-1-5-21-220523388-764733703-682003330-1003...

command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

size: 2260480

MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, SUPERAntiSpyware (DISABLED)

where: PE_C0_S-1-5-21-220523388-764733703-682003330-1003...

command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

size: 2424560

MD5: 52231A2FFDEAD130D3F89BBC6D64AB7C

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-220523388-764733703-682003330-1003...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, Google Update

where: S-1-5-21-220523388-764733703-682003330-1003...

command: "C:\Documents and Settings\Matt.MATTDESKTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

file: C:\Documents and Settings\Matt.MATTDESKTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

size: 136176

MD5: F02A533F517EB38333CB12A9E8963773

Located: HK_CU:Run, SpybotSD TeaTimer

where: S-1-5-21-220523388-764733703-682003330-1003...

command: C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

size: 2260480

MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, SUPERAntiSpyware

where: S-1-5-21-220523388-764733703-682003330-1003...

command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

size: 2424560

MD5: 52231A2FFDEAD130D3F89BBC6D64AB7C

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-220523388-764733703-682003330-500...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:RunOnce, TSClientAXDisabler

where: S-1-5-21-220523388-764733703-682003330-500...

command: cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

file: C:\WINDOWS\system32\cmd.exe

size: 389120

MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, TSClientMSIUninstaller

where: S-1-5-21-220523388-764733703-682003330-500...

command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

file: C:\WINDOWS\system32\cmd.exe

size: 389120

MD5: 6D778E0F95447E6546553EEEA709D03C

Located: Startup (user), ERUNT AutoBackup.lnk

where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...

command: C:\Program Files\ERUNT\AUTOBACK.EXE

file: C:\Program Files\ERUNT\AUTOBACK.EXE

size: 38912

MD5: E00DE20F0F6BED5CD2160247DDC9443B

Located: Startup (user), CNET TechTracker.lnk

where: C:\Documents and Settings\Matt.MATTDESKTOP\Start Menu\Programs\Startup...

command: C:\Documents and Settings\Administrator\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe

file: C:\Documents and Settings\Administrator\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: Startup (user), OpenOffice.org 2.4.lnk

where: C:\Documents and Settings\Rhea\Start Menu\Programs\Startup...

command: C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

file: C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

size: 393216

MD5: F5CECCFE0CF964B209DCAB226D4C1DE3

Located: WinLogon, !SASWinLogon

command: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

file: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

size: 548352

MD5: 482E8F6FD557D5A0DF7363F72DF145FE

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

--- Browser helper object list ---

Disabled:{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

Disabled:{449E6CCA-C276-44A4-8ABC-8E34202A029B} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

Disabled:{53707962-6F74-2D53-2644-206D7942484F} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

Disabled:{AE7CD045-E861-484f-8273-0445EE161910} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

Disabled:{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (Google Gears Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name: Google Gears Helper

CLSID name:

{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (Google Gears Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name: Google Gears Helper

CLSID name: Google Gears Helper

Path: C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\

Long name: gears.dll

Short name:

Date (created): 2/23/2010 6:51:18 AM

Date (last access): 10/9/2010 11:25:04 AM

Date (last write): 2/23/2010 6:51:18 AM

Filesize: 2121728

Attributes: archive

MD5: 432226E3E9C09A73F389A65DEC49BB2F

CRC32: B0B45F47

Version: 0.5.36.0

--- ActiveX list ---

Web-Based Email Tools (Web-Based Email Tools)

DPF name: Web-Based Email Tools

CLSID name:

Installer:

Codebase: http://email.secureserver.net/Download.CAB

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)

DPF name:

CLSID name: Office Genuine Advantage Validation Tool

Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf

Codebase: http://download.microsoft.com/download/e/4.../OGAControl.cab

Path: C:\WINDOWS\system32\

Long name: OGACheckControl.dll

Short name: OGACHE~1.DLL

Date (created): 8/3/2009 3:07:42 PM

Date (last access): 10/9/2010 11:23:54 AM

Date (last write): 8/3/2009 3:07:42 PM

Filesize: 403816

Attributes: archive

MD5: 10C03F5479E6BD73C9CB3DFDE9FA4C2E

CRC32: C60BD332

Version: 2.0.48.0

{0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control)

DPF name:

CLSID name: Microsoft Data Collection Control

Installer:

Codebase: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: MSDcode.dll

Short name:

Date (created): 7/10/2008 4:54:56 PM

Date (last access): 10/9/2010 11:25:08 AM

Date (last write): 7/10/2008 4:54:56 PM

Filesize: 409168

Attributes: archive

MD5: AC67EEAA7677F4E9C4B8AA7EEA32B028

CRC32: 83EC71BE

Version: 2.7.66.3

{0CCA191D-13A6-4E29-B746-314DEE697D83} ()

DPF name:

CLSID name:

Installer:

Codebase: http://upload.facebook.com/controls/Facebo...toUploader5.cab

{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)

DPF name:

CLSID name: Windows Live Safety Center Base Module

Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf

Codebase: http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

description:

classification: Legitimate

known filename: wlscBase.dll

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\Downloaded Program Files\

Long name: wlscBase.dll

Short name:

Date (created): 3/16/2009 2:01:08 PM

Date (last access): 10/9/2010 11:24:24 AM

Date (last write): 3/16/2009 2:01:08 PM

Filesize: 452488

Attributes: archive

MD5: F9852CBC0E06660768DBB1E6FE9B1896

CRC32: 90361551

Version: 1.10.5483.1

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

DPF name:

CLSID name: WUWebControl Class

Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf

Codebase: http://www.update.microsoft.com/windowsupd...b?1232723731716

description:

classification: Legitimate

known filename: wuweb.dll

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\system32\

Long name: wuweb.dll

Short name:

Date (created): 9/20/2008 5:20:54 PM

Date (last access): 10/9/2010 11:23:46 AM

Date (last write): 8/6/2009 7:24:18 PM

Filesize: 209632

Attributes: archive

MD5: 033AF4CE25B6D871F0DE2C982658E049

CRC32: 2C204902

Version: 7.4.7600.226

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)

DPF name:

CLSID name: Shockwave Flash Object

Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf

Codebase: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

description: Macromedia Shockwave Flash Player

classification: Legitimate

known filename:

info link:

info source: Patrick M. Kolla

Path: C:\WINDOWS\system32\Macromed\Flash\

Long name: Flash10h.ocx

Short name:

Date (created): 6/17/2010 7:51:54 PM

Date (last access): 10/6/2010 4:11:46 PM

Date (last write): 6/17/2010 7:51:54 PM

Filesize: 5712336

Attributes: readonly archive

MD5: F366D1694E4D244A73F4E52817C38D5B

CRC32: 1F489DFC

Version: 10.1.53.64

--- Process list ---

PID: 0 ( 0) [system]

PID: 544 ( 4) \SystemRoot\System32\smss.exe

size: 50688

PID: 600 ( 544) \??\C:\WINDOWS\system32\csrss.exe

size: 6144

PID: 624 ( 544) \??\C:\WINDOWS\system32\winlogon.exe

size: 507904

PID: 668 ( 624) C:\WINDOWS\system32\services.exe

size: 110592

MD5: 65DF52F5B8B6E9BBD183505225C37315

PID: 680 ( 624) C:\WINDOWS\system32\lsass.exe

size: 13312

MD5: BF2466B3E18E970D8A976FB95FC1CA85

PID: 832 ( 668) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 900 ( 668) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 996 ( 668) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1020 ( 668) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1096 ( 668) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1176 ( 668) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

size: 1356952

MD5: 6DFF48549BAE055966D7DB77232D7348

PID: 1368 ( 832) C:\WINDOWS\system32\wbem\unsecapp.exe

size: 16896

MD5: C7000F2DB2A5515C64C257478769A481

PID: 1444 ( 832) C:\WINDOWS\system32\wbem\wmiprvse.exe

size: 227840

MD5: 798A9E6828997EEF4517ADA8A2259831

PID: 1628 (1608) C:\WINDOWS\Explorer.EXE

size: 1033728

MD5: 12896823FB95BFB3DC9B46BCAEDC9923

PID: 1888 (1176) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

size: 864624

MD5: 104DEF4344396358322B7CB617E3409B

PID: 452 (1628) C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe

size: 5365592

MD5: 0477C2F9171599CA5BC3307FDFBA8D89

PID: 524 (1628) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

size: 2424560

MD5: 52231A2FFDEAD130D3F89BBC6D64AB7C

PID: 4 ( 0) System

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 10/9/2010 11:39:50 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

%SystemRoot%\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B70E95A-6A3B-4323-BED8-0FD69B724F61}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B70E95A-6A3B-4323-BED8-0FD69B724F61}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ED5A6899-FB12-4FDC-A5EA-E3C8B0CF72FE}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ED5A6899-FB12-4FDC-A5EA-E3C8B0CF72FE}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F58B4F8B-B9C3-4C72-B6F2-28BDDE278E4C}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F58B4F8B-B9C3-4C72-B6F2-28BDDE278E4C}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0DF053A4-1D34-488D-BA95-F0D3BC51322B}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0DF053A4-1D34-488D-BA95-F0D3BC51322B}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace

----------------------------------------------------------------------------

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/09/2010 at 11:38 AM

Application Version : 4.44.1000

Core Rules Database Version : 5661

Trace Rules Database Version: 3473

Scan type : Quick Scan

Total Scan Time : 00:13:28

Memory items scanned : 328

Memory threats detected : 0

Registry items scanned : 1677

Registry threats detected : 0

File items scanned : 12616

File threats detected : 0

----------------------------------------------------------------------------

END

kahdah · October 9, 2010

Download OTL to your desktop.
Double click on OTL to run it.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

exmachina · October 9, 2010

kadah

logs attached.

apparently posting them is "too long"

M

OTL.Txt

Extras.Txt

kahdah · October 9, 2010

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer=-

:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

=============

After doing the above rerun Spybot and see if it still detects it.

exmachina · October 10, 2010

kahdah

OTL log file below

Ran Spybot...and nothing was found.

I'm somewhat optimistic at this point

should a full scan be done with Super Anti...etc?

M

-------------------------------------------------------------------------------------

All processes killed

========== REGISTRY ==========

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 6229171 bytes

User: AHM Flyers for Kelly 110206

User: All Users

User: All Users.WINDOWS

User: BEPO

User: cgi

User: cloud versions

User: CobiusAHIMA06

User: CobiusClouds

User: d-x-mFILES

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: DxMFTPClient

User: DxM_USRrental

User: EM Collateral

User: Goines

User: Grammar

User: images

User: ImpactPromotions

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Matt

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Matt.MATTDESKTOP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: php_uploads

User: Portfolio

User: PostCards

User: REXAM

User: Rexam10x10Install

User: Rhea

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Rhea Rhea

User: RheaCook

User: sam

User: stats

User: Teel

User: TradeShowCharlie

User: UnivisionGrammy

User: _private

User: _vti_bin

User: _vti_cnf

User: _vti_log

User: _vti_pvt

User: _vti_txt

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10092010_204351

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

kahdah · October 10, 2010

Sure run anything you want at this point but your logs are clean.

Spybot finally deleted the 2 values.

Let me know if SAS finds anything and we can wrap it up.

exmachina · October 10, 2010

kahdah

-sad...

2 issues:

1.

Ran SPYBOT

Spybot found same issue. However, Got hung up {"Not Responding} during the fix so I reran the scan.

All Logs attached below (before hang up and after)

2. I have been transfering files via a USB drive from a healthy PC to infected PC. However, For whatever reason the PC is no longer seeing the drived in the My Computer "Devices w/ removable storage area"

I have not restarted for a while so perhaps this is the issue. any thoughts on this one?

Spybot Scan 1:

10.10.2010 11:55:51 - ##### check started #####

10.10.2010 11:55:51 - ### Version: 1.6.2

10.10.2010 11:55:51 - ### Date: 10/10/2010 11:55:51 AM

10.10.2010 11:55:53 - ##### checking bots #####

10.10.2010 11:57:16 - found: Fraud.AVSecuritySuite Settings

10.10.2010 12:08:55 - ##### check finished #####

Checks.101010_1208.txt

***HANG UP -- Program Not Responding***

Spybot Scan 2:

10.10.2010 12:51:40 - ##### check started #####

10.10.2010 12:51:40 - ### Version: 1.6.2

10.10.2010 12:51:40 - ### Date: 10/10/2010 12:51:40 PM

10.10.2010 12:51:42 - ##### checking bots #####

10.10.2010 12:55:20 - found: Fraud.Sysguard User settings

10.10.2010 13:12:35 - ##### check finished #####

Checks.101010_1312.txt

Fixes.101010_1315.txt

Checks.101010_1155.log

Checks.101010_1251.log

kahdah · October 10, 2010

It is not the same but a different location in the registry.

These are basically leftovers but need to go.

So each time you scan it picks up something different now?

Run it once more and only post what it finds.

exmachina · October 10, 2010

kahdah

I just ran Spybot twice and no threats were found

what are the next steps?

thank you again {it can't be said enough!}

M

kahdah · October 11, 2010

You are welcome.

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

exmachina · October 11, 2010

kahdah

log file below

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17080 (vista_gdr.100616-0452)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=13135ae3f0ad5d43bc5f0b4c93af1d82

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-11 03:57:50

# local_time=2010-10-11 11:57:50 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=124553

# found=0

# cleaned=0

# scan_time=4105

kahdah · October 11, 2010

Looks good any more surprises from Spybot

Any other issues that remain?

exmachina · October 12, 2010

Oh great one.

I think I'm pretty good.

2 issues giving me a headache mostly due to when I reinstalled XP

1.

Chrome Bookmarks were removed, and I can't get them back on

(did a big search on "how to" already, for whatever reason Chrome isn't cooperating)

Good News is I still have all the info in a .txt

Bad new is, it seems to be a manual process now

I've need to reorganize this for awhile now anyway, so I'm just taking my medicine here.

and

2

ALL my Applications have to be essentially reloaded (I think).

They are all still there in program files (C:\Program Files);

but XP isn't seeing them in the Start menu....when I click "Start" then "Programs"

any ideas...I'm either being fundamentally dense or it really is about reloading everything.

...I think we're about to break up-

you've been really helpful!

M

kahdah · October 12, 2010

Well do you still have a backup of chrome it is very easy actually there is a file called bookmarks that you simply take from your backup and copy paste it into the right folder.

ALL my Applications have to be essentially reloaded (I think).
They are all still there in program files (C:\Program Files);
but XP isn't seeing them in the Start menu....when I click "Start" then "Programs"

Some may not place shortcuts in the start menu and if they did before then it could be an updated installer.

.I think we're about to break up

yep looks to be so.

======Cleanup======

Double click on OTL to run it.
Click on the Cleanup button at the top.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
This will remove itself and other tools we may have used.

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Maurice Naggar · October 17, 2010

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

kahdah · October 26, 2010

Hi exmachina

Can you post the logs that show the infection please.

Or you can attach it here.

LDTate · November 13, 2010

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

AVSecuity Suite / MSSecurity Essentials Malware

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information