Results 1 to 7 of 7
  1. #1
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Exclamation Possible keyboard bug worm trojan virus (logs includ.)

    lve eliminated that its a hardware problem.All nessacary steps have been taken with no luck!?!

  2. #2
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Malwarebytes Anti-Malware 1.62.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2012.07.22.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: YOUR-FK3WZJTN19 [administrator]

    24/07/2012 3:06:27 p.m.
    mbam-log-2012-07-24 (15-06-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 201688
    Time elapsed: 19 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  3. #3
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 07/24/2012 at 03:39 PM

    Application Version : 5.5.1012

    Core Rules Database Version : 8939
    Trace Rules Database Version: 6751

    Scan type : Quick Scan
    Total Scan Time : 00:13:29

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 466
    Memory threats detected : 0
    Registry items scanned : 30013
    Registry threats detected : 0
    File items scanned : 7399
    File threats detected : 21

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\DYWUMHJ4.txt [ /ar.atwola.com ]
    C:\Documents and Settings\Owner\Cookies\248BT8G9.txt [ /mediaservices-d.openxenterprise.com ]
    C:\Documents and Settings\Owner\Cookies\S06F7033.txt [ /imrworldwide.com ]
    C:\Documents and Settings\Owner\Cookies\JDYOLLJJ.txt [ /kontera.com ]
    C:\Documents and Settings\Owner\Cookies\G47YSBQC.txt [ /ads.planet49.com ]
    C:\Documents and Settings\Owner\Cookies\0R01KH8J.txt [ /media6degrees.com ]
    C:\Documents and Settings\Owner\Cookies\F33Z3KJK.txt [ /tacoda.net ]
    C:\Documents and Settings\Owner\Cookies\K142ER9V.txt [ /mm.chitika.net ]
    C:\Documents and Settings\Owner\Cookies\BRG5PRC9.txt [ /adserver.adtechus.com ]
    C:\Documents and Settings\Owner\Cookies\DRCE6DCM.txt [ /xiti.com ]
    C:\Documents and Settings\Owner\Cookies\N10OQD97.txt [ /at.atwola.com ]
    C:\Documents and Settings\Owner\Cookies\MVV73MCK.txt [ /collective-media.net ]
    C:\Documents and Settings\Owner\Cookies\5U8S7QSP.txt [ /casalemedia.com ]
    C:\Documents and Settings\Owner\Cookies\YVU2JSR1.txt [ /ads.adk2.com ]
    C:\Documents and Settings\Owner\Cookies\KBHMZB19.txt [ /tacoda.at.atwola.com ]
    C:\Documents and Settings\Owner\Cookies\FPG9CBL5.txt [ /serving-sys.com ]
    C:\Documents and Settings\Owner\Cookies\1G226WU9.txt [ /invitemedia.com ]

    Heur.Agent/Gen-WhiteBox
    C:\TORRENT.EXE
    C:\WINDOWS\Prefetch\TORRENT.EXE-1E3072DA.pf

    Trojan.Agent/Gen-Dropper
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZGFRRJRQ\EXTERMINATE_IT_ACTIVATION_CODE_VERSION_2_12[1].EXE
    C:\WINDOWS\Prefetch\EXTERMINATE_IT_ACTIVATION_COD-2F584D9E.pf

  4. #4
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:48:45 p.m., on 24/07/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\CTFMON.EXE
    C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.trademe.co.nz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: BHO_PROJECT - {0931BD3F-547E-45C1-B133-D0E995645DBA} - C:\Program Files\OApps\bho_project.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
    O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    --
    End of file - 6960 bytes

  5. #5
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Avira Free Antivirus
    Report file date: Tuesday, 24 July 2012 16:34

    Scanning for 3920613 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available.

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Microsoft Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : YOUR-FK3WZJTN19

    Version information:
    BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
    AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/1/2012 12:48:51
    AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 03:31:39
    LUKE.DLL : 12.3.0.15 68304 Bytes 5/1/2012 13:31:47
    AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/1/2012 12:13:36
    AVREG.DLL : 12.3.0.17 232200 Bytes 5/23/2012 06:58:07
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 08:18:34
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 13:23:21
    VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 13:32:24
    VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 23:58:50
    VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 00:43:53
    VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 01:25:53
    VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 01:25:53
    VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 01:25:53
    VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 01:25:53
    VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 01:25:53
    VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 01:25:53
    VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 01:25:53
    VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 01:25:54
    VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 01:25:54
    VBASE014.VDF : 7.11.34.201 169472 Bytes 7/2/2012 02:08:00
    VBASE015.VDF : 7.11.35.19 122368 Bytes 7/4/2012 02:06:47
    VBASE016.VDF : 7.11.35.87 146944 Bytes 7/6/2012 02:06:04
    VBASE017.VDF : 7.11.35.143 126464 Bytes 7/9/2012 21:02:01
    VBASE018.VDF : 7.11.35.235 151552 Bytes 7/12/2012 23:28:41
    VBASE019.VDF : 7.11.36.45 118784 Bytes 7/13/2012 23:28:42
    VBASE020.VDF : 7.11.36.107 123904 Bytes 7/16/2012 23:28:43
    VBASE021.VDF : 7.11.36.147 238592 Bytes 7/17/2012 23:28:45
    VBASE022.VDF : 7.11.36.209 135168 Bytes 7/19/2012 23:28:46
    VBASE023.VDF : 7.11.37.19 116224 Bytes 7/21/2012 23:28:47
    VBASE024.VDF : 7.11.37.79 149504 Bytes 7/23/2012 22:03:41
    VBASE025.VDF : 7.11.37.80 2048 Bytes 7/23/2012 22:03:41
    VBASE026.VDF : 7.11.37.81 2048 Bytes 7/23/2012 22:03:41
    VBASE027.VDF : 7.11.37.82 2048 Bytes 7/23/2012 22:03:42
    VBASE028.VDF : 7.11.37.83 2048 Bytes 7/23/2012 22:03:42
    VBASE029.VDF : 7.11.37.84 2048 Bytes 7/23/2012 22:03:42
    VBASE030.VDF : 7.11.37.85 2048 Bytes 7/23/2012 22:03:43
    VBASE031.VDF : 7.11.37.92 5120 Bytes 7/23/2012 22:03:43
    Engine version : 8.2.10.118
    AEVDF.DLL : 8.1.2.10 102772 Bytes 7/22/2012 23:29:15
    AESCRIPT.DLL : 8.1.4.34 455035 Bytes 7/22/2012 23:29:15
    AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 06:11:36
    AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 01:25:31
    AERDL.DLL : 8.1.9.15 639348 Bytes 1/20/2012 13:22:40
    AEPACK.DLL : 8.3.0.16 807287 Bytes 7/22/2012 23:29:13
    AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/22/2012 23:29:09
    AEHEUR.DLL : 8.1.4.76 5063031 Bytes 7/22/2012 23:29:09
    AEHELP.DLL : 8.1.23.2 258422 Bytes 7/22/2012 23:28:59
    AEGEN.DLL : 8.1.5.34 434548 Bytes 7/22/2012 23:28:58
    AEEXP.DLL : 8.1.0.68 86389 Bytes 7/22/2012 23:29:16
    AEEMU.DLL : 8.1.3.2 393587 Bytes 7/22/2012 23:28:57
    AECORE.DLL : 8.1.27.2 201078 Bytes 7/22/2012 23:28:56
    AEBB.DLL : 8.1.1.0 53618 Bytes 1/20/2012 13:22:35
    AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/1/2012 12:59:21
    AVPREF.DLL : 12.3.0.15 51920 Bytes 5/1/2012 12:44:31
    AVREP.DLL : 12.3.0.15 179208 Bytes 5/1/2012 12:13:35
    AVARKT.DLL : 12.3.0.15 211408 Bytes 5/1/2012 12:21:32
    AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/1/2012 12:28:49
    SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/16/2012 11:11:02
    AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/1/2012 12:51:35
    NETNT.DLL : 12.3.0.15 17104 Bytes 5/1/2012 13:33:29
    RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/1/2012 14:03:52
    RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/2/2012 03:40:44

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, E:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended

    Start of the scan: Tuesday, 24 July 2012 16:34

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!
    Master boot sector HD4
    [INFO] No virus was found!
    Master boot sector HD5
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting search for hidden objects.

    The scan of running processes will be started
    Scan process 'rsmsink.exe' - '30' Module(s) have been scanned
    Scan process 'msdtc.exe' - '42' Module(s) have been scanned
    Scan process 'dllhost.exe' - '63' Module(s) have been scanned
    Scan process 'dllhost.exe' - '48' Module(s) have been scanned
    Scan process 'vssvc.exe' - '51' Module(s) have been scanned
    Scan process 'avscan.exe' - '73' Module(s) have been scanned
    Scan process 'iexplore.exe' - '126' Module(s) have been scanned
    Scan process 'iexplore.exe' - '93' Module(s) have been scanned
    Scan process 'alg.exe' - '35' Module(s) have been scanned
    Scan process 'avshadow.exe' - '27' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'jqs.exe' - '35' Module(s) have been scanned
    Scan process 'avguard.exe' - '65' Module(s) have been scanned
    Scan process 'SASCORE.EXE' - '19' Module(s) have been scanned
    Scan process 'rapimgr.exe' - '45' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
    Scan process 'wcescomm.exe' - '45' Module(s) have been scanned
    Scan process 'SUPERAntiSpyware.exe' - '56' Module(s) have been scanned
    Scan process 'ps2.exe' - '20' Module(s) have been scanned
    Scan process 'jusched.exe' - '22' Module(s) have been scanned
    Scan process 'avgnt.exe' - '68' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'sched.exe' - '42' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '58' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '96' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '165' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'svchost.exe' - '53' Module(s) have been scanned
    Scan process 'lsass.exe' - '60' Module(s) have been scanned
    Scan process 'services.exe' - '29' Module(s) have been scanned
    Scan process 'winlogon.exe' - '73' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting to scan executable files (registry).
    The registry was scanned ( '2522' files ).


    Starting the file scan:

    Begin scan in 'C:\' <XTRAKTHEXECUTIONER>
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft Windows OneCare Backup Staging Area\Part 114.ZIP
    [WARNING] Invalid end of file
    C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db
    [WARNING] The archive header is damaged
    C:\Documents and Settings\Owner\My Documents\Misc\CNET TechTracker\vlc-2.0.1-win32.exe
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\hp\recovery\wizard\uninstall.exe
    [WARNING] Unsupported archive version
    C:\Program Files\OApps\vfd-ob_uninstall.exe
    [WARNING] Invalid end of file
    C:\Program Files\WinRAR\rarnew.dat
    [WARNING] Error no files to extract
    C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP602\A0370152.exe
    [WARNING] Invalid end of file
    C:\WINDOWS\Installer\MSI1EC.tmp
    [WARNING] The archive header is damaged
    C:\WINDOWS\Installer\MSI6E.tmp
    [WARNING] The archive header is damaged
    Begin scan in 'D:\' <X-RECOVERY>
    Begin scan in 'E:\' <XTRAKT>


    End of the scan: Tuesday, 24 July 2012 18:48
    Used time: 2:14:32 Hour(s)

    The scan has been done completely.

    12484 Scanned directories
    856750 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    856750 Files not concerned
    20046 Archives were scanned
    9 Warnings
    0 Notes
    449221 Objects were scanned with rootkit scan
    0 Hidden objects were found

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
    If you are the topic starter and need this topic reopened, send me a message.

    Everyone else, please begin a new topic.

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-