Jump to content


pablissimo

Member Since 28 Mar 2010
Offline Last Active Mar 31 2010 02:18 PM
-----

Posts I've Made

In Topic: need help with infection

29 March 2010 - 09:35 PM

So here is the log from the MBAM quick scan - looks clean so I am happy. But still paranoid. I'm having some trouble deciding how to reformat and reinstall operating system on my old virut-infested netbook because it came with XP preinstalled and it has no external drive (well, a usb port). Not sure if you have any other suggestions since that link to the MIT webpage is dead, but anything is appreciated.

Here is the logfile - thanks again.


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/29/2010 10:26:31 PM
mbam-log-2010-03-29 (22-26-31).txt

Scan type: Quick scan
Objects scanned: 99716
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

In Topic: need help with infection

29 March 2010 - 08:23 PM

Shoot, that doesn't sound like good news. I have a question - is it possible that I have infected my other computer with this virus? I had been using the USB to transfer files from the "good" computer to the "bad" computer since I could not run Firefox or IE. Is there a great risk that my good computer has been infected as well? It appears to be working well and no programs have any issues. Just in case I ran rkill and combofix, the log is attached below. It has AVG 9, Spybot, and Teatimer running. Recent scans with AVG, MBAM, and SAS all turned up negative.

Anyhow, this is just b/c I am so paranoid about that nasty old bug virut.

Ok, well, now I'm off to back up and then format my hard drive. When you have a chance to comment on the logfile below, that would be great.

Thanks for your help,
Pablissimo

ComboFix 10-03-29.02 - Administrator 03/29/2010 20:43:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.186 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\My Documents\ZbThumbnail.info
c:\recycler\S-1-5-21-839522115-854245398-1801674531-500
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 )))))))))))))))))))))))))))))))
.

2010-03-29 19:07 . 2010-03-29 19:07 -------- d--h--w- c:\windows\PIF
2010-03-29 02:21 . 2010-03-29 02:21 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-29 02:20 . 2010-03-29 02:20 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-29 02:19 . 2010-03-29 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-29 02:18 . 2010-03-29 02:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-29 02:18 . 2010-03-29 02:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-03-29 02:18 . 2010-03-29 02:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-29 01:43 . 2010-03-29 01:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit
2010-03-29 01:43 . 2010-03-29 01:43 -------- d-----w- c:\program files\Foxit Software
2010-03-28 23:31 . 2010-03-29 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-03-28 23:31 . 2010-03-28 23:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\OnlineArmor
2010-03-28 23:29 . 2010-03-13 09:39 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-03-28 23:29 . 2010-03-13 09:38 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-03-28 23:29 . 2010-03-13 09:38 226680 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-03-28 23:29 . 2010-03-28 23:29 -------- d-----w- c:\program files\Tall Emu
2010-03-28 13:40 . 2010-03-29 23:55 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-03-28 05:16 . 2010-03-28 05:16 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-28 02:46 . 2010-03-28 03:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-03-28 02:45 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-28 02:45 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-28 02:44 . 2010-03-28 02:44 -------- d-----w- c:\program files\iPod
2010-03-28 02:44 . 2010-03-28 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-28 02:44 . 2010-03-28 02:45 -------- d-----w- c:\program files\iTunes
2010-03-28 02:42 . 2010-03-28 02:43 -------- d-----w- c:\program files\QuickTime
2010-03-28 02:42 . 2010-03-28 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-28 02:41 . 2010-03-28 02:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2010-03-28 02:41 . 2010-03-28 02:41 -------- d-----w- c:\program files\Apple Software Update
2010-03-28 02:41 . 2010-03-28 02:45 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-28 02:40 . 2010-03-28 02:44 -------- d-----w- c:\program files\Common Files\Apple
2010-03-28 02:40 . 2010-03-28 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-28 02:39 . 2010-03-28 03:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-03-28 02:09 . 2010-03-28 02:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-28 00:10 . 2010-03-28 00:10 -------- d-----w- C:\$AVG
2010-03-28 00:08 . 2010-03-28 00:08 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-28 00:06 . 2010-03-28 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-28 00:05 . 2010-03-28 01:59 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-27 23:35 . 2010-03-27 23:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-27 23:19 . 2010-03-27 23:19 -------- d-----w- c:\windows\system32\scripting
2010-03-27 23:19 . 2010-03-27 23:19 -------- d-----w- c:\windows\l2schemas
2010-03-27 23:19 . 2010-03-27 23:19 -------- d-----w- c:\windows\system32\en
2010-03-27 23:19 . 2010-03-27 23:19 -------- d-----w- c:\windows\system32\bits
2010-03-27 20:36 . 2010-03-27 20:36 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-27 20:34 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 20:34 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 20:34 . 2010-03-27 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 21:41 . 2010-03-23 21:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-23 21:41 . 2010-03-23 21:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-23 21:36 . 2010-03-23 21:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-23 21:33 . 2010-03-23 21:33 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 05:19 . 2009-01-19 16:08 -------- d-----w- c:\program files\Java
2010-03-28 05:16 . 2009-11-25 17:16 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-28 03:17 . 2008-02-18 00:56 44112 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-28 03:09 . 2008-12-06 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-28 02:43 . 2008-07-10 22:58 -------- d-----w- c:\program files\Bonjour
2010-03-28 00:10 . 2008-12-06 18:18 -------- d-----w- c:\program files\AVG
2010-03-28 00:10 . 2008-12-06 18:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-28 00:08 . 2008-12-06 18:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-28 00:08 . 2008-12-06 18:19 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-27 23:23 . 2006-04-26 00:09 87131 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-27 22:43 . 2008-12-05 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-27 22:38 . 2008-12-05 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-23 21:35 . 2008-04-11 15:58 -------- d-----w- c:\program files\Google
2010-02-15 22:41 . 2010-02-15 22:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2009-12-31 16:50 . 2006-04-25 15:27 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2004-01-29 180224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976]
"PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2005-06-15 45056]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218]
"Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-09-01 978944]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-04 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-04 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-03-13 6658552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk.disabled [2008-5-3 986]
Adobe Reader Speed Launch.lnk.disabled [2006-4-25 1757]
Economy Mode(ECO) Setting Utility.lnk - c:\program files\Panasonic\CHGBMODE\ChgBmode.exe [2006-4-25 131072]
Optical Disc Drive Power-Saving Utility.lnk - c:\program files\Panasonic\OPDOFF\opdoff.exe [2006-4-25 155648]
Touch Pad utility.lnk - c:\program files\Panasonic\TouchPad\Touchpad.exe [2006-4-25 339968]
Wireless LAN Switch.lnk - c:\program files\Panasonic\WLANSW\WLANSW.EXE [2006-4-25 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-03-13 925688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-28 00:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-10-04 05:59 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"B'sCLiP"=c:\progra~1\B'SCLI~1\Win2K\BSCLIP.exe
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PRunOnce"=c:\util\prunonce\PRunOnce.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"<NO NAME>"=
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [4/26/2006 2:29 PM 10624]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/6/2008 2:19 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/27/2010 8:08 PM 242696]
R1 chgbmode;Panasonic Charge Mode Changer Driver;c:\program files\Panasonic\CHGBMODE\ChgBmode.sys [4/25/2006 8:48 PM 7680]
R1 MiscOPD;Panasonic Opdoff Utility;c:\program files\Panasonic\OPDOFF\miscOPD.sys [4/25/2006 8:53 PM 6144]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/28/2010 7:29 PM 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/28/2010 7:29 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/28/2010 7:29 PM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R1 WLANSW;Panasonic PC Wireless LAN Switch Driver;c:\program files\Panasonic\WLANSW\WLANSW.sys [4/25/2006 8:57 PM 7680]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/27/2010 8:08 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/27/2010 8:08 PM 308064]
R2 bgsvc;B's Recorder GOLD Service;c:\program files\B's Recorder GOLD8\bgsvc.exe [4/26/2006 2:22 PM 81920]
R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [4/25/2006 8:46 PM 7168]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/28/2010 7:29 PM 1284600]
R2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\Panasonic\OPDOFF\opdoffsv.exe [4/25/2006 8:53 PM 147456]
R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [4/25/2006 8:54 PM 7168]
R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [4/25/2006 8:55 PM 8192]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/28/2010 7:29 PM 3360760]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2010 5:36 PM 135664]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [4/26/2006 2:29 PM 163968]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD21
*Deregistered* - klmd21
.
Contents of the 'Scheduled Tasks' folder

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 21:35]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 21:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\56ln7zgj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 20:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-17987570-2329133785-2066284789-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,9e,14,80,37,8f,f9,41,8b,d8,35,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,9e,14,80,37,8f,f9,41,8b,d8,35,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-03-29 21:03:24
ComboFix-quarantined-files.txt 2010-03-30 01:03

Pre-Run: 41,099,382,784 bytes free
Post-Run: 41,590,464,512 bytes free

- - End Of File - - 5C9F41E0F151FCC280A9F7E02F5AA226

In Topic: need help with infection

29 March 2010 - 05:35 PM

Ok well I was able to load the computer in both safe mode and regular mode but on both occasions all of the different versions of Combo-Fix will not run. They all come up with a message saying they are compromised by a a virus named "virut", and a fresh copy should be downloaded.

I tried downloading fresh copies from my other computer onto USB and restarting the computer, reloading rkill and Combo-Fix, but rkill will not complete its program and Combo-Fix always comes up as "compromised by virut". This was attempted in both safe mode and regular mode.

In Topic: need help with infection

29 March 2010 - 04:38 PM

I restarted it with the "last known good configuration" but it still hangs up at the same point.

Aargh!

In Topic: need help with infection

29 March 2010 - 04:16 PM

Ok, so now I tried to restart my laptop and it does not go past the point that I mentioned (goes through login but shows desktop only without any icons). I have tried to reboot a few times and have gotten hung up on the same screen. There is a choice early on in the boot sequence to go through the Microsoft Recovery Console although I haven't tried it.

Any other suggestions?