Jump to content

Debbie W.

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by Debbie W.

  1. Here it is: ComboFix 10-12-09.04 - Owner 12/10/2010 10:02:36.6.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.431 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 ))))))))))))))))))))))))))))))) . 2010-11-28 05:35 . 2010-11-29 03:02 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0 2010-11-28 05:35 . 2010-11-28 05:35 -------- d-----w- c:\documents and settings\Owner\.thumbnails 2010-11-28 05:33 . 2010-11-29 04:19 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6 2010-11-28 05:32 . 2010-11-28 05:32 -------- d-----w- c:\program files\GIMP-2.0 2010-11-24 14:20 . 2010-11-24 14:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo! 2010-11-23 00:52 . 2010-11-23 00:52 -------- d-----w- c:\program files\Apple Software Update 2010-11-23 00:50 . 2010-11-23 00:50 -------- d-----w- c:\program files\Bonjour 2010-11-19 00:03 . 2010-11-19 00:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Stardock 2010-11-19 00:03 . 2010-11-19 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock 2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware 2010-11-16 01:58 . 2010-11-16 01:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira 2010-11-11 23:11 . 2010-11-11 23:11 63156 ----a-w- c:\documents and settings\Owner\Application Data\Owner3SQLite3.dll 2010-11-11 23:10 . 2010-11-24 00:54 82432 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft Point Generator.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 17:00 . 2009-09-28 18:39 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-12-05 05:31 . 2009-09-28 18:39 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-29 23:42 . 2009-09-28 20:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 23:42 . 2009-09-28 20:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-09-18 17:23 . 2007-02-19 14:57 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2007-02-19 14:57 953856 ------w- c:\windows\system32\mfc40u.dll 2010-09-18 06:53 . 2004-08-12 12:59 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-12 12:59 954368 ----a-w- c:\windows\system32\mfc40.dll 2004-08-12 13:07 94784 --sh--w- c:\windows\twain.dll 2008-04-14 00:12 413696 --sha-w- c:\windows\system32\SET29B.tmp . ((((((((((((((((((((((((((((( SnapShot@2010-12-01_04.17.17 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-10 15:24 . 2010-12-10 15:24 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat + 2010-12-10 15:24 . 2010-12-10 15:24 16384 c:\windows\Temp\Perflib_Perfdata_484.dat + 2004-08-12 13:03 . 2010-12-10 15:28 79998 c:\windows\system32\perfc009.dat - 2004-08-12 13:03 . 2010-11-30 14:38 79998 c:\windows\system32\perfc009.dat - 2004-08-12 13:03 . 2010-11-30 14:38 466400 c:\windows\system32\perfh009.dat + 2004-08-12 13:03 . 2010-12-10 15:28 466400 c:\windows\system32\perfh009.dat + 2008-04-10 17:21 . 2010-12-06 01:00 117604 c:\windows\system32\mlfcache.dat + 2010-12-09 18:17 . 2010-12-09 18:17 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe + 2010-09-22 23:10 . 2010-09-22 23:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll + 2009-02-03 02:15 . 2010-12-09 18:17 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\3c940.msp + 2010-09-16 08:08 . 2010-09-16 08:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red] @="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}" [HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-05 2424560] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-22 198160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] backup=c:\windows\pss\Event Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled] backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk.disabled] backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnk.disabledCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk] backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ID Vault.lnk] backup=c:\windows\pss\ID Vault.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TomTomHOMEService"=2 (0x2) "ose"=3 (0x3) "LightScribeService"=2 (0x2) "KodakDigitalDisplayService"=2 (0x2) "iPod Service"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "nwiz"=nwiz.exe /install "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NeroCheck"=c:\windows\system32\NeroCheck.exe "EM_EXEC"=c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"= "c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"= "c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Program Files\\Kerio\\Personal Firewall\\PERSFW.exe"= "c:\\Program Files\\Yugioh Virtual Dueling\\Yugioh Virtual Desktop 9.exe"= "c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [10/20/2009 9:53 AM 102912] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 10:42 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/28/2009 12:39 PM 135336] R3 SMCSTUB;SMCSTUB;c:\windows\system32\drivers\smcstub.sys [10/15/2007 9:21 AM 55680] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 12:24 PM 133104] S3 mtsftkey;mtsftkey;c:\windows\system32\drivers\mtsftkey.sys [10/15/2007 9:21 AM 60032] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 12872] S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 12:10 PM 98304] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 8:41 AM 92008] . Contents of the 'Scheduled Tasks' folder 2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50] 2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:24] 2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:24] 2010-12-10 c:\windows\Tasks\Registry Medic Schedule.job - c:\program files\Registry Medic\RegMedic.exe [2007-05-28 23:11] 2007-05-26 c:\windows\Tasks\RegistryMedicAuotScan.job - c:\program files\Registry Medic\RegMedical.exe [2007-05-25 00:14] 2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{D8F08181-DAC3-43EA-A58F-2C9409863ECB}.job - c:\windows\system32\msfeedssync.exe [2007-02-19 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://coasttocoastam.com/ mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html Trusted Zone: intuit.com\ttlc Trusted Zone: premiereradio.net\rss TCP: {0F06A1AD-90E2-4052-ACE0-BF85E8313AD1} = 205.152.132.32,205.152.37.23 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - prefs.js: browser.search.selectedEngine - Startingpage HTTPS FF - prefs.js: browser.startup.homepage - hxxp://www.coasttocoastam.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}\components\FFExternalAlertGecko19.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com\components\FFExternalAlertGecko19.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\support@ancestry.com\plugins\npImgCtl.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Extension: Ancestry.com Advanced Image Viewer: support@ancestry.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\support@ancestry.com FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\noia2_option@kk.noia FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Extension: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21} FF - Extension: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} FF - Extension: Conduit Engine : engine@conduit.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com FF - Extension: MapNeto 1 Community Toolbar: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a} FF - Extension: Personas: personas@christopher.beard - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\personas@christopher.beard FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-10 10:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler] @DACL=(02 0000) @="{2e2294a9-50d7-4fe7-a09f-e6492e185884}" [HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler] @DACL=(02 0000) @="{eec97550-47a9-11cf-b952-00aa0051fe20}" [HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler] @DACL=(02 0000) @="{eec97550-47a9-11cf-b952-00aa0051fe20}" [HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler] @DACL=(02 0000) @="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell] @DACL=(02 0000) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(784) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2160) c:\windows\system32\WININET.dll c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-12-10 10:19:47 ComboFix-quarantined-files.txt 2010-12-10 16:19 ComboFix2.txt 2010-12-05 04:47 ComboFix3.txt 2010-12-01 04:23 ComboFix4.txt 2009-10-01 04:44 Pre-Run: 64,080,789,504 bytes free Post-Run: 64,070,045,696 bytes free - - End Of File - - 8E5F0979A5F0819CCEF88A0690C10B8C
  2. Hi Gammo, You are the Greatiest !!!!! Everything is working just fine !!!! Thanks so much, have a good day. Debbie
  3. Hello again, Here is the TXT File from ComboFix, ComboFix 10-12-04.01 - Owner 12/04/2010 21:54:30.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.366 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 ))))))))))))))))))))))))))))))) . 2010-11-28 05:35 . 2010-11-29 03:02 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0 2010-11-28 05:35 . 2010-11-28 05:35 -------- d-----w- c:\documents and settings\Owner\.thumbnails 2010-11-28 05:33 . 2010-11-29 04:19 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6 2010-11-28 05:32 . 2010-11-28 05:32 -------- d-----w- c:\program files\GIMP-2.0 2010-11-24 14:20 . 2010-11-24 14:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo! 2010-11-23 00:52 . 2010-11-23 00:52 -------- d-----w- c:\program files\Apple Software Update 2010-11-23 00:50 . 2010-11-23 00:50 -------- d-----w- c:\program files\Bonjour 2010-11-19 00:03 . 2010-11-19 00:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Stardock 2010-11-19 00:03 . 2010-11-19 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock 2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware 2010-11-16 01:58 . 2010-11-16 01:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira 2010-11-11 23:11 . 2010-11-11 23:11 63156 ----a-w- c:\documents and settings\Owner\Application Data\Owner3SQLite3.dll 2010-11-11 23:10 . 2010-11-24 00:54 82432 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft Point Generator.exe 2010-11-07 16:29 . 2010-11-07 16:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Octoshape 2010-11-06 17:50 . 2010-11-06 17:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Octoshape . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 23:42 . 2009-09-28 20:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 23:42 . 2009-09-28 20:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-09-18 17:23 . 2007-02-19 14:57 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2007-02-19 14:57 953856 ------w- c:\windows\system32\mfc40u.dll 2010-09-18 06:53 . 2004-08-12 12:59 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-12 12:59 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-10 05:58 . 2007-02-19 15:15 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2007-02-19 15:14 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2007-02-19 15:14 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2004-08-12 13:07 94784 --sh--w- c:\windows\twain.dll 2008-04-14 00:12 413696 --sha-w- c:\windows\system32\SET29B.tmp . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red] @="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}" [HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-29 2424560] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-22 198160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] backup=c:\windows\pss\Event Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled] backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk.disabled] backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnk.disabledCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk] backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ID Vault.lnk] backup=c:\windows\pss\ID Vault.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TomTomHOMEService"=2 (0x2) "ose"=3 (0x3) "LightScribeService"=2 (0x2) "KodakDigitalDisplayService"=2 (0x2) "iPod Service"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "nwiz"=nwiz.exe /install "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NeroCheck"=c:\windows\system32\NeroCheck.exe "EM_EXEC"=c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"= "c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"= "c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Program Files\\Kerio\\Personal Firewall\\PERSFW.exe"= "c:\\Program Files\\Yugioh Virtual Dueling\\Yugioh Virtual Desktop 9.exe"= "c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [10/20/2009 9:53 AM 102912] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 10:42 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/28/2009 12:39 PM 135336] R3 SMCSTUB;SMCSTUB;c:\windows\system32\drivers\smcstub.sys [10/15/2007 9:21 AM 55680] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 12:24 PM 133104] S3 mtsftkey;mtsftkey;c:\windows\system32\drivers\mtsftkey.sys [10/15/2007 9:21 AM 60032] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 12872] S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 12:10 PM 98304] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 8:41 AM 92008] . Contents of the 'Scheduled Tasks' folder 2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50] 2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:24] 2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:24] 2010-12-03 c:\windows\Tasks\Registry Medic Schedule.job - c:\program files\Registry Medic\RegMedic.exe [2007-05-28 23:11] 2007-05-26 c:\windows\Tasks\RegistryMedicAuotScan.job - c:\program files\Registry Medic\RegMedical.exe [2007-05-25 00:14] 2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{D8F08181-DAC3-43EA-A58F-2C9409863ECB}.job - c:\windows\system32\msfeedssync.exe [2007-02-19 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://coasttocoastam.com/ mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html Trusted Zone: intuit.com\ttlc Trusted Zone: premiereradio.net\rss TCP: {0F06A1AD-90E2-4052-ACE0-BF85E8313AD1} = 205.152.132.32,205.152.37.23 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - prefs.js: browser.search.selectedEngine - Startingpage HTTPS FF - prefs.js: browser.startup.homepage - hxxp://www.coasttocoastam.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}\components\FFExternalAlertGecko19.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com\components\FFExternalAlertGecko19.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\support@ancestry.com\plugins\npImgCtl.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Extension: Ancestry.com Advanced Image Viewer: support@ancestry.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\support@ancestry.com FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\noia2_option@kk.noia FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Extension: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21} FF - Extension: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} FF - Extension: Conduit Engine : engine@conduit.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com FF - Extension: MapNeto 1 Community Toolbar: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a} FF - Extension: Personas: personas@christopher.beard - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\personas@christopher.beard FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 22:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler] @DACL=(02 0000) @="{2e2294a9-50d7-4fe7-a09f-e6492e185884}" [HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler] @DACL=(02 0000) @="{eec97550-47a9-11cf-b952-00aa0051fe20}" [HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler] @DACL=(02 0000) @="{eec97550-47a9-11cf-b952-00aa0051fe20}" [HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler] @DACL=(02 0000) @="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell] @DACL=(02 0000) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(788) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3748) c:\windows\system32\WININET.dll c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll . Completion time: 2010-12-04 22:47:36 ComboFix-quarantined-files.txt 2010-12-05 04:47 ComboFix2.txt 2010-12-01 04:23 ComboFix3.txt 2009-10-01 04:44 Pre-Run: 63,751,876,608 bytes free Post-Run: 63,739,772,928 bytes free - - End Of File - - 24928CBAAA3313CC23FAF62AEFE95D54
  4. I am still having problems updating Avira virus data, Adobie would not update and I cannot connect to itunes, or yahoo messenger. With itunes and yahoo messenger it says that they cannot connect to the internet but I have connected just fine with firefox and IE. Malwarebytes updated just fine???? Just a few notes. Thanks Debbie
  5. Hi Gammo, I could not get back on last night but I ran combofix, the log is attached. The Microsoft Points Generator did not show up when I started it up this evening. Thanks, Do I need to do anything else? Debbie log11_30_2010.txt
  6. Avira has given me a clean scan saying that there are no viruses. But I am still getting a fake alert ( I am assuming ) when I start up. I have attached a word file with a screen print of the alert. I will run Malwarebytes again to see what it says. Thanks in advance, Debbie open_file_security_warning_microsoft_point_generator.doc
  7. Avira found another Virus last night. Here is part of the LOG>>>> tarting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1770' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Ad-AwareAE.exe.part [WARNING] The file could not be read! C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046577.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046579.exe [DETECTION] Is the TR/Trash.Gen Trojan Beginning disinfection: C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046579.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4fc4c555.qua'. C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046577.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '5753eaf2.qua'. End of the scan: Thursday, November 25, 2010 07:16 Used time: 2:31:24 Hour(s) The scan has been done completely. 25161 Scanned directories 698142 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 698140 Files not concerned 4892 Archives were scanned 1 Warnings 2 Notes
  8. GMER LOG FILE ATTACHED OK .... ALL DONE .... Do you need me to do anything else? Thanks Debbie GMER_1.0_SCAN.LOG
  9. The DDS and Attached file attached. Attach.txt DDS.txt
  10. DeFogger error message appeared defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:31 on 24/11/2010 (Owner) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=-
  11. Here is the Malwarebyte LOG Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5182 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/24/2010 1:21:43 PM mbam-log-2010-11-24 (13-21-43).txt Scan type: Full scan (C:\|) Objects scanned: 377763 Time elapsed: 2 hour(s), 17 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 5 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{cjs60v22-mqv8-l3ab-84u1-cy2ay36v3fwl} (Generic.Bot.H) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\WinDir\winlogon.exe (Generic.Bot.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046559.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Microsoft Point Generator.exe (Malware.Trace) -> Quarantined and deleted successfully. Here is the Avira LOG vira AntiVir Personal Report file date: Wednesday, November 24, 2010 00:39 Scanning for 3083695 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : MOM Version information: BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 22:09:58 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:06 LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 22:10:02 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:50 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:06:34 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:06:34 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:06:34 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:06:34 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 00:06:34 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:06:34 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:06:34 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:06:36 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:06:36 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:06:36 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:06:36 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:06:36 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:06:36 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:06:36 VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:06:36 VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:06:36 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 00:06:36 VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 00:06:36 VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 00:06:36 VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 00:06:36 VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 00:06:36 VBASE021.VDF : 7.10.14.64 2048 Bytes 11/22/2010 00:06:36 VBASE022.VDF : 7.10.14.65 2048 Bytes 11/22/2010 00:06:36 VBASE023.VDF : 7.10.14.66 2048 Bytes 11/22/2010 00:06:36 VBASE024.VDF : 7.10.14.67 2048 Bytes 11/22/2010 00:06:36 VBASE025.VDF : 7.10.14.68 2048 Bytes 11/22/2010 00:06:36 VBASE026.VDF : 7.10.14.69 2048 Bytes 11/22/2010 00:06:36 VBASE027.VDF : 7.10.14.70 2048 Bytes 11/22/2010 00:06:36 VBASE028.VDF : 7.10.14.71 2048 Bytes 11/22/2010 00:06:36 VBASE029.VDF : 7.10.14.72 2048 Bytes 11/22/2010 00:06:36 VBASE030.VDF : 7.10.14.73 2048 Bytes 11/22/2010 00:06:36 VBASE031.VDF : 7.10.14.82 85504 Bytes 11/23/2010 00:06:36 Engineversion : 8.2.4.112 AEVDF.DLL : 8.1.2.1 106868 Bytes 11/24/2010 00:06:30 AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/24/2010 00:06:30 AESCN.DLL : 8.1.7.2 127349 Bytes 11/24/2010 00:06:30 AESBX.DLL : 8.1.3.2 254324 Bytes 11/24/2010 00:06:30 AERDL.DLL : 8.1.9.2 635252 Bytes 11/24/2010 00:06:30 AEPACK.DLL : 8.2.3.11 471416 Bytes 11/24/2010 00:06:30 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/24/2010 00:06:30 AEHEUR.DLL : 8.1.2.44 3076471 Bytes 11/24/2010 00:06:30 AEHELP.DLL : 8.1.14.0 246134 Bytes 11/24/2010 00:06:30 AEGEN.DLL : 8.1.4.2 401781 Bytes 11/24/2010 00:06:30 AEEMU.DLL : 8.1.3.0 393589 Bytes 11/24/2010 00:06:30 AECORE.DLL : 8.1.18.1 196984 Bytes 11/24/2010 00:06:30 AEBB.DLL : 8.1.1.0 53618 Bytes 11/24/2010 00:06:30 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:58 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 22:09:56 AVREP.DLL : 8.0.0.7 159784 Bytes 11/24/2010 00:06:36 AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 22:09:56 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 22:09:58 AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 22:09:56 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 22:09:56 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:24 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:58 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:22 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:22 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 22:10:10 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Wednesday, November 24, 2010 00:39 Starting search for hidden objects. HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Office\12.0\Excel\mttt [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Office\12.0\Excel\Resiliency\DocumentRecovery\137EF88\137ef88 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Office\12.0\Excel\Resiliency\DocumentRecovery\137EF88\1396a70 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Office\12.0\Excel\Resiliency\DocumentRecovery\1396957\1396957 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\hrzr_ehapcy [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Carbonite\CarboniteService\estimatedbackupminutesremaining [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Carbonite\CarboniteService\estimatedbackupspeedkbps [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\BITS\stateindex [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Gather\Windows\SystemIndex\notificationlogcheckpoint [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'avscan.exe' - '67' Module(s) have been scanned Scan process 'avcenter.exe' - '61' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '45' Module(s) have been scanned Scan process 'ymsgr_tray.exe' - '28' Module(s) have been scanned Scan process 'winlogon.exe' - '57' Module(s) have been scanned Scan process 'iPodService.exe' - '29' Module(s) have been scanned Scan process 'AWC.exe' - '64' Module(s) have been scanned Scan process 'SUPERAntiSpyware.exe' - '57' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '67' Module(s) have been scanned Scan process 'QTTask.exe' - '17' Module(s) have been scanned Scan process 'AdobeARM.exe' - '51' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '17' Module(s) have been scanned Scan process 'tcpsvcs.exe' - '34' Module(s) have been scanned Scan process 'persfw.exe' - '30' Module(s) have been scanned Scan process 'nvsvc32.exe' - '41' Module(s) have been scanned Scan process 'sqlservr.exe' - '42' Module(s) have been scanned Scan process 'McciCMService.exe' - '26' Module(s) have been scanned Scan process 'jqs.exe' - '33' Module(s) have been scanned Scan process 'IntuitUpdateService.exe' - '75' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '24' Module(s) have been scanned Scan process 'carboniteservice.exe' - '58' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '45' Module(s) have been scanned Scan process 'realsched.exe' - '25' Module(s) have been scanned Scan process 'avgnt.exe' - '52' Module(s) have been scanned Scan process 'CarboniteUI.exe' - '63' Module(s) have been scanned Scan process 'Explorer.EXE' - '115' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'avguard.exe' - '55' Module(s) have been scanned Scan process 'sched.exe' - '44' Module(s) have been scanned Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned Scan process 'spoolsv.exe' - '62' Module(s) have been scanned Scan process 'svchost.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '162' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '74' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1775' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe [DETECTION] Is the TR/Fakealert.2.44 Trojan C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Ad-AwareAE.exe.part [WARNING] The file could not be read! C:\Documents and Settings\Owner\Local Settings\temp\0.5852949228993389.exe [DETECTION] Is the TR/Fakealert.2.44 Trojan Beginning disinfection: C:\Documents and Settings\Owner\Local Settings\temp\0.5852949228993389.exe [DETECTION] Is the TR/Fakealert.2.44 Trojan [NOTE] The file was moved to the quarantine directory under the name '4ff98a97.qua'. C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe [DETECTION] Is the TR/Fakealert.2.44 Trojan [NOTE] The file was moved to the quarantine directory under the name '571ca578.qua'. End of the scan: Wednesday, November 24, 2010 09:22 Used time: 2:43:36 Hour(s) The scan has been done completely. 25166 Scanned directories 700329 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 700327 Files not concerned 4840 Archives were scanned 1 Warnings 2 Notes 656088 Objects were scanned with rootkit scan 10 Hidden objects were found and a second Avir run Avira AntiVir Personal Report file date: Wednesday, November 24, 2010 10:48 Scanning for 3083695 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : MOM Version information: BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 22:09:58 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:06 LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 22:10:02 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:50 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:06:34 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:06:34 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:06:34 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:06:34 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 00:06:34 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:06:34 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:06:34 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:06:36 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:06:36 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:06:36 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:06:36 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:06:36 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:06:36 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:06:36 VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:06:36 VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:06:36 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 00:06:36 VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 00:06:36 VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 00:06:36 VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 00:06:36 VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 00:06:36 VBASE021.VDF : 7.10.14.64 2048 Bytes 11/22/2010 00:06:36 VBASE022.VDF : 7.10.14.65 2048 Bytes 11/22/2010 00:06:36 VBASE023.VDF : 7.10.14.66 2048 Bytes 11/22/2010 00:06:36 VBASE024.VDF : 7.10.14.67 2048 Bytes 11/22/2010 00:06:36 VBASE025.VDF : 7.10.14.68 2048 Bytes 11/22/2010 00:06:36 VBASE026.VDF : 7.10.14.69 2048 Bytes 11/22/2010 00:06:36 VBASE027.VDF : 7.10.14.70 2048 Bytes 11/22/2010 00:06:36 VBASE028.VDF : 7.10.14.71 2048 Bytes 11/22/2010 00:06:36 VBASE029.VDF : 7.10.14.72 2048 Bytes 11/22/2010 00:06:36 VBASE030.VDF : 7.10.14.73 2048 Bytes 11/22/2010 00:06:36 VBASE031.VDF : 7.10.14.82 85504 Bytes 11/23/2010 00:06:36 Engineversion : 8.2.4.112 AEVDF.DLL : 8.1.2.1 106868 Bytes 11/24/2010 00:06:30 AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/24/2010 00:06:30 AESCN.DLL : 8.1.7.2 127349 Bytes 11/24/2010 00:06:30 AESBX.DLL : 8.1.3.2 254324 Bytes 11/24/2010 00:06:30 AERDL.DLL : 8.1.9.2 635252 Bytes 11/24/2010 00:06:30 AEPACK.DLL : 8.2.3.11 471416 Bytes 11/24/2010 00:06:30 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/24/2010 00:06:30 AEHEUR.DLL : 8.1.2.44 3076471 Bytes 11/24/2010 00:06:30 AEHELP.DLL : 8.1.14.0 246134 Bytes 11/24/2010 00:06:30 AEGEN.DLL : 8.1.4.2 401781 Bytes 11/24/2010 00:06:30 AEEMU.DLL : 8.1.3.0 393589 Bytes 11/24/2010 00:06:30 AECORE.DLL : 8.1.18.1 196984 Bytes 11/24/2010 00:06:30 AEBB.DLL : 8.1.1.0 53618 Bytes 11/24/2010 00:06:30 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:58 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 22:09:56 AVREP.DLL : 8.0.0.7 159784 Bytes 11/24/2010 00:06:36 AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 22:09:56 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 22:09:58 AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 22:09:56 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 22:09:56 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:24 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:58 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:22 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:22 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 22:10:10 Configuration settings for the scan: Jobname.............................: avguard_async_scan Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_c4666553\guard_slideup.avp Logging.............................: low Primary action......................: repair Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Wednesday, November 24, 2010 10:48 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'HelpSvc.exe' - '1' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'AWC.exe' - '1' Module(s) have been scanned Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'brccMCtl.exe' - '1' Module(s) have been scanned Scan process 'QTTask.exe' - '1' Module(s) have been scanned Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned Scan process 'persfw.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'McciCMService.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'carboniteservice.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'CarboniteUI.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046559.exe' C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046559.exe [DETECTION] Is the TR/Fakealert.2.44 Trojan [NOTE] The file was moved to the quarantine directory under the name '4f54e347.qua'. End of the scan: Wednesday, November 24, 2010 10:48 Used time: 00:46 Minute(s) The scan has been done completely. 0 Scanned directories 50 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 49 Files not concerned 0 Archives were scanned 0 Warnings 1 Notes The scan results will be transferred to the Guard.
  12. I have TR/FAKEALERT 2.44 TROJAN. Fake alert pop-up when I start up, something to do with a Microsoft program. There was another pop-up with white river, it does not pop up any more. I have run malwarebytes and have run Avira. I have to go manually download the Avira anti-virus updates. I also have a problem with I tunes connecting ( connection time out ) and pictures do not show up in Outlook. I do not know if these problems are connected in any way. I have hijack this but do not want to run it unless it is ok. Please help with removal. Thanks in advance. And ***** Happy Thanksgiving !!!!! ****** Debbie
  13. Hello, Avira found and quarintened "html/infected.webpage.gen " it came back a few time with Avira quarinting it. Then it quit coming back. The problem now is I can not update Malwarebytes or Avira. Mozilla firefox quit working and now I can not pop mail my gmail account. Please help! Thanks in advance for your help. Debbie
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.