Jump to content

exf5003

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. hey thank you very much for everything, you have been a tremendous help! Thanx! Cute dog by the way:)
  2. Avira AntiVir Personal Report file date: Wednesday, June 03, 2009 15:26 Scanning for 1284893 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : PEPITOS Version information: BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00 AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 13:57:30 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26 ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 12:41:14 ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 19:58:20 Engineversion : 8.2.0.100 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 22:36:42 AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 01:01:56 AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 16:44:25 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41 AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 18:06:10 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56 AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 20:49:16 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56 AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 18:06:10 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40 AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 19:22:44 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 16:45:45 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL, Start of the scan: Wednesday, June 03, 2009 15:26 Starting search for hidden objects. '63504' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'ZuneLauncher.exe' - '1' Module(s) have been scanned Scan process 'stsystra.exe' - '1' Module(s) have been scanned Scan process 'digstream.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'LcSvrAuf.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'ZuneBusEnum.exe' - '1' Module(s) have been scanned Scan process 'VSGate.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'LcSvrPas.exe' - '1' Module(s) have been scanned Scan process 'LcSvrHis.exe' - '1' Module(s) have been scanned Scan process 'LcSvrDba.exe' - '1' Module(s) have been scanned Scan process 'LcSvrAdm.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 49 processes with 49 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '66' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Downloads\Azureus Downloads\DVD X Studios CloneDVD 4.0.14.549\Keygen.exe [0] Archive type: NSIS --> [TempDir]/Keygen.exe [DETECTION] Contains recognition pattern of the DIAL/211177.A dialer C:\Music\Limewire\backyardigans.mpg [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit C:\Music\Limewire\backyardingans.mpg [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit C:\Music\Limewire\last time for last times [160k quality].mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit Beginning disinfection: C:\Downloads\Azureus Downloads\DVD X Studios CloneDVD 4.0.14.549\Keygen.exe [NOTE] The file was moved to '4a9ff1e2.qua'! C:\Music\Limewire\backyardigans.mpg [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '4a89f1e0.qua'! C:\Music\Limewire\backyardingans.mpg [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '4bf52601.qua'! C:\Music\Limewire\last time for last times [160k quality].mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '4a99f1e0.qua'! End of the scan: Wednesday, June 03, 2009 17:56 Used time: 1:48:14 Hour(s) The scan has been done completely. 13093 Scanned directories 523949 Files were scanned 4 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 4 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 523944 Files not concerned 18922 Archives were scanned 1 Warnings 5 Notes 63504 Objects were scanned with rootkit scan 0 Hidden objects were found
  3. This is my parents computer that im working on n i did notice that they didnt have an antivirius program installed. i figured i'd install one that u could recommend to me Here is the combofix log ComboFix 09-06-01.03 - Ernesto 06/03/2009 14:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.571 [GMT -4:00] Running from: c:\documents and settings\Ernesto\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ernesto\Desktop\CFScript.txt FILE :: "c:\windows\System32\drivers\e23c2d92.sys" file zipped: c:\windows\system32\amstreaml.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\amstreaml.exe c:\windows\System32\drivers\e23c2d92.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASIUGQTIEQ -------\Legacy_WMIBITS -------\Service_asiugqtieq -------\Service_e23c2d92 -------\Service_WmiBITS ((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 ))))))))))))))))))))))))))))))) . 2009-06-03 16:49 . 2009-06-03 16:49 -------- d-----w- c:\program files\Trend Micro 2009-05-27 16:22 . 2009-06-03 03:59 155 --s-a-w- c:\windows\system32\2289676192.dat 2009-05-20 06:58 . 2005-10-15 02:42 46592 ----a-w- c:\windows\system32\hpzll43a.dll 2009-05-20 06:55 . 2009-05-20 06:59 103167 ----a-w- c:\windows\hpoins08.dat 2009-05-20 06:55 . 2006-01-24 21:03 4445 ------w- c:\windows\hpomdl08.dat 2009-05-20 05:27 . 2009-05-20 05:27 45056 ----a-r- c:\documents and settings\Jorge\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut2_E14B8A0842B346769E911D39F8158DA1.exe 2009-05-20 05:27 . 2009-05-20 05:27 45056 ----a-r- c:\documents and settings\Jorge\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut1_E14B8A0842B346769E911D39F8158DA1.exe 2009-05-05 22:20 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-05-05 22:19 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-05-05 22:19 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-05-05 22:19 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-05-05 22:19 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-05-05 22:19 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-05-05 22:19 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-05-05 22:19 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-05-05 22:19 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-05-05 22:19 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-05-05 22:19 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-03 18:34 . 2007-03-03 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream 2009-06-03 15:23 . 2007-06-29 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-05-29 20:47 . 2008-12-28 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-29 20:46 . 2009-03-10 03:42 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-26 17:20 . 2008-12-28 18:16 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 17:19 . 2008-12-28 18:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-20 06:56 . 2007-03-03 21:41 -------- d-----w- c:\program files\HP 2009-05-20 01:54 . 2007-03-04 21:33 -------- d-----w- c:\documents and settings\Jorge\Application Data\Image Zone Express 2009-05-13 07:03 . 2008-02-27 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-23 01:17 . 2009-04-23 01:17 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-04-23 01:17 . 2009-03-26 01:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-04-17 20:58 . 2009-05-04 17:12 954368 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-04-17 20:58 . 2009-05-04 17:12 103424 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-04-17 20:58 . 2009-05-04 17:12 344064 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2009-04-17 20:58 . 2009-05-04 17:12 71652 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\avutil-49.dll 2009-04-17 20:58 . 2009-05-04 17:12 65536 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2009-04-17 20:58 . 2009-05-04 17:12 4579328 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\cooliris18.dll 2009-04-17 20:58 . 2009-05-04 17:12 1161626 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll 2009-04-17 20:58 . 2009-05-04 17:12 4534272 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\cooliris19.dll 2009-04-17 20:58 . 2009-05-04 17:12 131868 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\avformat-52.dll 2009-03-24 22:33 . 2009-03-24 22:33 237264 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-03-12 22:45 . 2009-03-12 22:45 348160 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-72572e4c-n\msvcr71.dll 2009-03-12 22:45 . 2009-03-12 22:45 503808 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-72572e4c-n\msvcp71.dll 2009-03-12 22:45 . 2009-03-12 22:45 499712 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-72572e4c-n\jmc.dll 2009-03-12 22:45 . 2008-12-25 06:56 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-03-12 22:44 . 2009-03-12 22:44 152576 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\jre1.6.0_12\lzma.dll 2009-03-12 08:17 . 2009-03-26 01:16 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-03-06 14:22 . 2004-08-10 11:00 284160 ----a-w- c:\windows\system32\pdh.dll 2003-01-30 05:42 . 2008-03-05 01:48 435 ----a-w- c:\program files\LAYOUT.BIN 2003-01-30 05:42 . 2008-03-05 01:48 34921746 ----a-w- c:\program files\DATA2.CAB 2003-01-30 05:41 . 2008-03-05 01:48 37248 ----a-w- c:\program files\DATA1.HDR 2003-01-30 05:41 . 2008-03-05 01:48 1510073 ----a-w- c:\program files\DATA1.CAB 2003-01-30 05:41 . 2008-03-05 01:48 214 ----a-w- c:\program files\Setup.ini 2003-01-30 05:41 . 2008-03-05 01:48 167462 ----a-w- c:\program files\SETUP.INX 2002-03-10 22:11 . 2008-03-05 01:48 437238 ----a-w- c:\program files\SETUP.BMP 2001-09-05 00:24 . 2008-03-05 01:48 344923 ----a-w- c:\program files\IKERNEL.EX_ 2008-05-26 02:15 . 2008-05-26 01:07 848 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-03_18.02.12 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-03 18:34 . 2009-06-03 18:34 16384 c:\windows\Temp\Perflib_Perfdata_618.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AWMON"="c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 517632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-28 144896] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-05-18 282624] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [bU] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [bU] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\Jorge\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\Jorge\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Jorge\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/25/2009 9:17 PM 64160] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [4/7/2008 8:34 PM 147456] R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [4/7/2008 8:34 PM 233472] R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [4/7/2008 8:34 PM 217088] R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [4/7/2008 8:34 PM 368640] R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [4/7/2008 8:34 PM 81920] R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [4/7/2008 8:34 PM 1302528] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/29/2008 3:20 PM 33752] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904] S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys --> c:\windows\system32\DRIVERS\rt2870.sys [?] S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [6/29/2007 1:36 PM 708688] . Contents of the 'Scheduled Tasks' folder 2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:17] 2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-05-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20] 2009-06-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-03 23:53] 2009-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1383384898-2147053123-1003.job - c:\documents and settings\Jorge\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-31 16:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mDefault_Page_URL = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://downloads.yahoo.com/internetexplorer/welcome.php IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: turbotax.com Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\elsawin\bin\wiprot.dll FF - ProfilePath - c:\documents and settings\Ernesto\Application Data\Mozilla\Firefox\Profiles\nx6jujtw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 14:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3812) c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-06-03 14:40 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-03 18:40 ComboFix2.txt 2009-06-03 18:09 Pre-Run: 109,857,574,912 bytes free Post-Run: 109,841,080,320 bytes free 237 --- E O F --- 2009-05-28 07:01
  4. ComboFix 09-06-01.03 - Ernesto 06/03/2009 13:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.569 [GMT -4:00] Running from: c:\documents and settings\Ernesto\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Jorge\Application Data\inst.exe c:\windows\system32\drivers\Msft_Kernel_zumbus_01005.Wdf c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf c:\windows\Tasks\oyshypzb.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NEW_DRV ((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 ))))))))))))))))))))))))))))))) . 2009-06-03 16:49 . 2009-06-03 16:49 -------- d-----w- c:\program files\Trend Micro 2009-05-27 16:35 . 2009-06-03 18:02 97216 ----a-w- c:\windows\system32\drivers\e23c2d92.sys 2009-05-27 16:22 . 2009-06-03 03:59 155 --s-a-w- c:\windows\system32\2289676192.dat 2009-05-27 16:21 . 2009-05-27 16:20 51712 --sh--r- c:\windows\system32\amstreaml.exe 2009-05-20 06:58 . 2005-10-15 02:42 46592 ----a-w- c:\windows\system32\hpzll43a.dll 2009-05-20 06:55 . 2009-05-20 06:59 103167 ----a-w- c:\windows\hpoins08.dat 2009-05-20 06:55 . 2006-01-24 21:03 4445 ------w- c:\windows\hpomdl08.dat 2009-05-20 05:27 . 2009-05-20 05:27 45056 ----a-r- c:\documents and settings\Jorge\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut2_E14B8A0842B346769E911D39F8158DA1.exe 2009-05-20 05:27 . 2009-05-20 05:27 45056 ----a-r- c:\documents and settings\Jorge\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut1_E14B8A0842B346769E911D39F8158DA1.exe 2009-05-05 22:20 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-05-05 22:19 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-05-05 22:19 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-05-05 22:19 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-05-05 22:19 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-05-05 22:19 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-05-05 22:19 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-05-05 22:19 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-05-05 22:19 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-05-05 22:19 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-05-05 22:19 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-03 18:02 . 2007-03-03 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream 2009-06-03 15:23 . 2007-06-29 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-05-29 20:47 . 2008-12-28 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-29 20:46 . 2009-03-10 03:42 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-26 17:20 . 2008-12-28 18:16 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 17:19 . 2008-12-28 18:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-20 06:56 . 2007-03-03 21:41 -------- d-----w- c:\program files\HP 2009-05-20 01:54 . 2007-03-04 21:33 -------- d-----w- c:\documents and settings\Jorge\Application Data\Image Zone Express 2009-05-13 07:03 . 2008-02-27 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-23 01:17 . 2009-04-23 01:17 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-04-23 01:17 . 2009-03-26 01:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-04-17 20:58 . 2009-05-04 17:12 954368 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-04-17 20:58 . 2009-05-04 17:12 103424 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-04-17 20:58 . 2009-05-04 17:12 344064 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2009-04-17 20:58 . 2009-05-04 17:12 71652 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\avutil-49.dll 2009-04-17 20:58 . 2009-05-04 17:12 65536 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2009-04-17 20:58 . 2009-05-04 17:12 4579328 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\cooliris18.dll 2009-04-17 20:58 . 2009-05-04 17:12 1161626 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll 2009-04-17 20:58 . 2009-05-04 17:12 4534272 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\cooliris19.dll 2009-04-17 20:58 . 2009-05-04 17:12 131868 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\y9q4jibc.default\extensions\piclens@cooliris.com\libs\avformat-52.dll 2009-03-24 22:33 . 2009-03-24 22:33 237264 ----a-w- c:\documents and settings\Jorge\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-03-12 22:45 . 2009-03-12 22:45 348160 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-72572e4c-n\msvcr71.dll 2009-03-12 22:45 . 2009-03-12 22:45 503808 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-72572e4c-n\msvcp71.dll 2009-03-12 22:45 . 2009-03-12 22:45 499712 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-72572e4c-n\jmc.dll 2009-03-12 22:45 . 2008-12-25 06:56 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-03-12 22:44 . 2009-03-12 22:44 152576 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\jre1.6.0_12\lzma.dll 2009-03-12 08:17 . 2009-03-26 01:16 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-03-06 14:22 . 2004-08-10 11:00 284160 ----a-w- c:\windows\system32\pdh.dll 2003-01-30 05:42 . 2008-03-05 01:48 435 ----a-w- c:\program files\LAYOUT.BIN 2003-01-30 05:42 . 2008-03-05 01:48 34921746 ----a-w- c:\program files\DATA2.CAB 2003-01-30 05:41 . 2008-03-05 01:48 37248 ----a-w- c:\program files\DATA1.HDR 2003-01-30 05:41 . 2008-03-05 01:48 1510073 ----a-w- c:\program files\DATA1.CAB 2003-01-30 05:41 . 2008-03-05 01:48 214 ----a-w- c:\program files\Setup.ini 2003-01-30 05:41 . 2008-03-05 01:48 167462 ----a-w- c:\program files\SETUP.INX 2002-03-10 22:11 . 2008-03-05 01:48 437238 ----a-w- c:\program files\SETUP.BMP 2001-09-05 00:24 . 2008-03-05 01:48 344923 ----a-w- c:\program files\IKERNEL.EX_ 2008-05-26 02:15 . 2008-05-26 01:07 848 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AWMON"="c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 517632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-28 144896] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-05-18 282624] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\Jorge\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\Jorge\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Jorge\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/25/2009 9:17 PM 64160] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [4/7/2008 8:34 PM 147456] R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [4/7/2008 8:34 PM 233472] R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [4/7/2008 8:34 PM 217088] R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [4/7/2008 8:34 PM 368640] R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [4/7/2008 8:34 PM 81920] R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [4/7/2008 8:34 PM 1302528] S2 asiugqtieq;asiugqtieq;c:\windows\System32\svchost.exe -k netsvcs [8/10/2004 7:00 AM 14336] S2 WmiBITS;Windows Management Instrumentation Driver Extensions WmiBITS;c:\windows\system32\amstreaml.exe srv --> c:\windows\system32\amstreaml.exe srv [?] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/29/2008 3:20 PM 33752] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904] S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys --> c:\windows\system32\DRIVERS\rt2870.sys [?] S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [6/29/2007 1:36 PM 708688] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs asiugqtieq . Contents of the 'Scheduled Tasks' folder 2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:17] 2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-05-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20] 2009-06-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-03 23:53] 2009-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1383384898-2147053123-1003.job - c:\documents and settings\Jorge\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-31 16:51] . - - - - ORPHANS REMOVED - - - - HKLM-Run-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe HKLM-Run-DLA - c:\windows\System32\DLA\DLACTRLW.EXE SafeBoot-procexp90.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mDefault_Page_URL = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://downloads.yahoo.com/internetexplorer/welcome.php IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: turbotax.com Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\elsawin\bin\wiprot.dll FF - ProfilePath - c:\documents and settings\Ernesto\Application Data\Mozilla\Firefox\Profiles\nx6jujtw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 14:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e23c2d92] "ImagePath"="\SystemRoot\System32\drivers\e23c2d92.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2004) c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\ehome\mcrdsvc.exe . ************************************************************************** . Completion time: 2009-06-03 14:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-03 18:09 Pre-Run: 108,441,927,680 bytes free Post-Run: 109,839,372,288 bytes free 240 --- E O F --- 2009-05-28 07:01
  5. Hi, Whenever i run MBAM as a quick scan, i keep getting the same 90 "Registry Keys Infected:" and the same 3 "Registry Data Items Infected:" I choose the option to "remove selected" and than asks me to restart my computer. If i run MBAM right after i restart, the same thing shows up. I have downloaded HJT to my computer but it will not load up and i can not figure out y. Malwarebytes' Anti-Malware 1.37 Database version: 2218 Windows 5.1.2600 Service Pack 3 6/3/2009 12:14:06 PM mbam-log-2009-06-03 (12-13-57).txt Scan type: Quick Scan Objects scanned: 108053 Time elapsed: 9 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 90 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.