Debbie W.
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Debbie W.
-
-
Hi Gammo, You are the Greatiest !!!!! Everything is working just fine !!!!
Thanks so much, have a good day.
Debbie
-
Hello again, Here is the TXT File from ComboFix,
ComboFix 10-12-04.01 - Owner 12/04/2010 21:54:30.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.366 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.
2010-11-28 05:35 . 2010-11-29 03:02 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2010-11-28 05:35 . 2010-11-28 05:35 -------- d-----w- c:\documents and settings\Owner\.thumbnails
2010-11-28 05:33 . 2010-11-29 04:19 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6
2010-11-28 05:32 . 2010-11-28 05:32 -------- d-----w- c:\program files\GIMP-2.0
2010-11-24 14:20 . 2010-11-24 14:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-11-23 00:52 . 2010-11-23 00:52 -------- d-----w- c:\program files\Apple Software Update
2010-11-23 00:50 . 2010-11-23 00:50 -------- d-----w- c:\program files\Bonjour
2010-11-19 00:03 . 2010-11-19 00:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Stardock
2010-11-19 00:03 . 2010-11-19 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2010-11-16 01:58 . 2010-11-16 01:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-11-11 23:11 . 2010-11-11 23:11 63156 ----a-w- c:\documents and settings\Owner\Application Data\Owner3SQLite3.dll
2010-11-11 23:10 . 2010-11-24 00:54 82432 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft Point Generator.exe
2010-11-07 16:29 . 2010-11-07 16:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Octoshape
2010-11-06 17:50 . 2010-11-06 17:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Octoshape
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:42 . 2009-09-28 20:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2009-09-28 20:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-18 17:23 . 2007-02-19 14:57 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2007-02-19 14:57 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-08-12 12:59 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-12 12:59 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:58 . 2007-02-19 15:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2007-02-19 15:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2007-02-19 15:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2004-08-12 13:07 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\SET29B.tmp
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-29 2424560]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-22 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk.disabled]
backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk]
backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ID Vault.lnk]
backup=c:\windows\pss\ID Vault.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TomTomHOMEService"=2 (0x2)
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"KodakDigitalDisplayService"=2 (0x2)
"iPod Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"EM_EXEC"=c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=
"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"=
"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall\\PERSFW.exe"=
"c:\\Program Files\\Yugioh Virtual Dueling\\Yugioh Virtual Desktop 9.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [10/20/2009 9:53 AM 102912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 10:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/28/2009 12:39 PM 135336]
R3 SMCSTUB;SMCSTUB;c:\windows\system32\drivers\smcstub.sys [10/15/2007 9:21 AM 55680]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 12:24 PM 133104]
S3 mtsftkey;mtsftkey;c:\windows\system32\drivers\mtsftkey.sys [10/15/2007 9:21 AM 60032]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 12872]
S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 12:10 PM 98304]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 8:41 AM 92008]
.
Contents of the 'Scheduled Tasks' folder
2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:24]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:24]
2010-12-03 c:\windows\Tasks\Registry Medic Schedule.job
- c:\program files\Registry Medic\RegMedic.exe [2007-05-28 23:11]
2007-05-26 c:\windows\Tasks\RegistryMedicAuotScan.job
- c:\program files\Registry Medic\RegMedical.exe [2007-05-25 00:14]
2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{D8F08181-DAC3-43EA-A58F-2C9409863ECB}.job
- c:\windows\system32\msfeedssync.exe [2007-02-19 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://coasttocoastam.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: premiereradio.net\rss
TCP: {0F06A1AD-90E2-4052-ACE0-BF85E8313AD1} = 205.152.132.32,205.152.37.23
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Startingpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.coasttocoastam.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}\components\FFExternalAlertGecko19.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com\components\FFExternalAlertGecko19.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Ancestry.com Advanced Image Viewer: support@ancestry.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\support@ancestry.com
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\noia2_option@kk.noia
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Extension: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Extension: Conduit Engine : engine@conduit.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com
FF - Extension: MapNeto 1 Community Toolbar: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}
FF - Extension: Personas: personas@christopher.beard - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\personas@christopher.beard
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 22:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]
@DACL=(02 0000)
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3748)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2010-12-04 22:47:36
ComboFix-quarantined-files.txt 2010-12-05 04:47
ComboFix2.txt 2010-12-01 04:23
ComboFix3.txt 2009-10-01 04:44
Pre-Run: 63,751,876,608 bytes free
Post-Run: 63,739,772,928 bytes free
- - End Of File - - 24928CBAAA3313CC23FAF62AEFE95D54
-
I am still having problems updating Avira virus data, Adobie would not update and I cannot connect to itunes, or yahoo messenger. With itunes and yahoo messenger it says that they cannot connect to the internet but I have connected just fine with firefox and IE.
Malwarebytes updated just fine????
Just a few notes.
Thanks Debbie
Hi Gammo, I could not get back on last night but I ran combofix, the log is attached.The Microsoft Points Generator did not show up when I started it up this evening.
Thanks, Do I need to do anything else?
Debbie
-
Hi Gammo, I could not get back on last night but I ran combofix, the log is attached.
The Microsoft Points Generator did not show up when I started it up this evening.
Thanks, Do I need to do anything else?
Debbie
-
Avira has given me a clean scan saying that there are no viruses. But I am still getting a fake alert ( I am assuming ) when I start up. I have attached a word file with a screen print of the alert. I will run Malwarebytes again to see what it says.
Thanks in advance,
Debbie
-
Avira found another Virus last night.
Here is part of the LOG>>>>
tarting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Master boot sector HD1
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1770' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Ad-AwareAE.exe.part
[WARNING] The file could not be read!
C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046577.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046579.exe
[DETECTION] Is the TR/Trash.Gen Trojan
Beginning disinfection:
C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046579.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fc4c555.qua'.
C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046577.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5753eaf2.qua'.
End of the scan: Thursday, November 25, 2010 07:16
Used time: 2:31:24 Hour(s)
The scan has been done completely.
25161 Scanned directories
698142 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
698140 Files not concerned
4892 Archives were scanned
1 Warnings
2 Notes
-
GMER LOG FILE ATTACHED
OK .... ALL DONE ....
Do you need me to do anything else?
Thanks Debbie
-
-
DeFogger error message appeared
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:31 on 24/11/2010 (Owner)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
-
Here is the Malwarebyte LOG
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5182
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/24/2010 1:21:43 PM
mbam-log-2010-11-24 (13-21-43).txt
Scan type: Full scan (C:\|)
Objects scanned: 377763
Time elapsed: 2 hour(s), 17 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{cjs60v22-mqv8-l3ab-84u1-cy2ay36v3fwl} (Generic.Bot.H) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\WinDir\winlogon.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046559.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Microsoft Point Generator.exe (Malware.Trace) -> Quarantined and deleted successfully.
Here is the Avira LOG
vira AntiVir Personal
Report file date: Wednesday, November 24, 2010 00:39
Scanning for 3083695 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MOM
Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 22:09:58
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:06
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 22:10:02
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:50
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:06:34
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:06:34
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:06:34
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:06:34
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 00:06:34
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:06:34
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:06:34
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:06:36
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:06:36
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:06:36
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:06:36
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:06:36
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:06:36
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:06:36
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:06:36
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:06:36
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 00:06:36
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 00:06:36
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 00:06:36
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 00:06:36
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 00:06:36
VBASE021.VDF : 7.10.14.64 2048 Bytes 11/22/2010 00:06:36
VBASE022.VDF : 7.10.14.65 2048 Bytes 11/22/2010 00:06:36
VBASE023.VDF : 7.10.14.66 2048 Bytes 11/22/2010 00:06:36
VBASE024.VDF : 7.10.14.67 2048 Bytes 11/22/2010 00:06:36
VBASE025.VDF : 7.10.14.68 2048 Bytes 11/22/2010 00:06:36
VBASE026.VDF : 7.10.14.69 2048 Bytes 11/22/2010 00:06:36
VBASE027.VDF : 7.10.14.70 2048 Bytes 11/22/2010 00:06:36
VBASE028.VDF : 7.10.14.71 2048 Bytes 11/22/2010 00:06:36
VBASE029.VDF : 7.10.14.72 2048 Bytes 11/22/2010 00:06:36
VBASE030.VDF : 7.10.14.73 2048 Bytes 11/22/2010 00:06:36
VBASE031.VDF : 7.10.14.82 85504 Bytes 11/23/2010 00:06:36
Engineversion : 8.2.4.112
AEVDF.DLL : 8.1.2.1 106868 Bytes 11/24/2010 00:06:30
AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/24/2010 00:06:30
AESCN.DLL : 8.1.7.2 127349 Bytes 11/24/2010 00:06:30
AESBX.DLL : 8.1.3.2 254324 Bytes 11/24/2010 00:06:30
AERDL.DLL : 8.1.9.2 635252 Bytes 11/24/2010 00:06:30
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/24/2010 00:06:30
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/24/2010 00:06:30
AEHEUR.DLL : 8.1.2.44 3076471 Bytes 11/24/2010 00:06:30
AEHELP.DLL : 8.1.14.0 246134 Bytes 11/24/2010 00:06:30
AEGEN.DLL : 8.1.4.2 401781 Bytes 11/24/2010 00:06:30
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/24/2010 00:06:30
AECORE.DLL : 8.1.18.1 196984 Bytes 11/24/2010 00:06:30
AEBB.DLL : 8.1.1.0 53618 Bytes 11/24/2010 00:06:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:58
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 22:09:56
AVREP.DLL : 8.0.0.7 159784 Bytes 11/24/2010 00:06:36
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 22:09:56
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 22:09:58
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 22:09:56
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 22:09:56
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:58
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:22
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:22
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 22:10:10
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: Wednesday, November 24, 2010 00:39
Starting search for hidden objects.
HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Office\12.0\Excel\mttt
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Office\12.0\Excel\Resiliency\DocumentRecovery\137EF88\137ef88
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Office\12.0\Excel\Resiliency\DocumentRecovery\137EF88\1396a70
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Office\12.0\Excel\Resiliency\DocumentRecovery\1396957\1396957
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1547161642-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\hrzr_ehapcy
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Carbonite\CarboniteService\estimatedbackupminutesremaining
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Carbonite\CarboniteService\estimatedbackupspeedkbps
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\BITS\stateindex
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Gather\Windows\SystemIndex\notificationlogcheckpoint
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '45' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '28' Module(s) have been scanned
Scan process 'winlogon.exe' - '57' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'AWC.exe' - '64' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '57' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '67' Module(s) have been scanned
Scan process 'QTTask.exe' - '17' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '51' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '17' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '34' Module(s) have been scanned
Scan process 'persfw.exe' - '30' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '41' Module(s) have been scanned
Scan process 'sqlservr.exe' - '42' Module(s) have been scanned
Scan process 'McciCMService.exe' - '26' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '75' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '24' Module(s) have been scanned
Scan process 'carboniteservice.exe' - '58' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '45' Module(s) have been scanned
Scan process 'realsched.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '52' Module(s) have been scanned
Scan process 'CarboniteUI.exe' - '63' Module(s) have been scanned
Scan process 'Explorer.EXE' - '115' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
Scan process 'spoolsv.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '74' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Master boot sector HD1
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1775' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe
[DETECTION] Is the TR/Fakealert.2.44 Trojan
C:\Documents and Settings\Owner\Desktop\DOWNLOADS\Ad-AwareAE.exe.part
[WARNING] The file could not be read!
C:\Documents and Settings\Owner\Local Settings\temp\0.5852949228993389.exe
[DETECTION] Is the TR/Fakealert.2.44 Trojan
Beginning disinfection:
C:\Documents and Settings\Owner\Local Settings\temp\0.5852949228993389.exe
[DETECTION] Is the TR/Fakealert.2.44 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ff98a97.qua'.
C:\Documents and Settings\Owner\Application Data\Microsoft\svchost.exe
[DETECTION] Is the TR/Fakealert.2.44 Trojan
[NOTE] The file was moved to the quarantine directory under the name '571ca578.qua'.
End of the scan: Wednesday, November 24, 2010 09:22
Used time: 2:43:36 Hour(s)
The scan has been done completely.
25166 Scanned directories
700329 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
700327 Files not concerned
4840 Archives were scanned
1 Warnings
2 Notes
656088 Objects were scanned with rootkit scan
10 Hidden objects were found
and a second Avir run
Avira AntiVir Personal
Report file date: Wednesday, November 24, 2010 10:48
Scanning for 3083695 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MOM
Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 22:09:58
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:06
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 22:10:02
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:50
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:06:34
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:06:34
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:06:34
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:06:34
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 00:06:34
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:06:34
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:06:34
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:06:36
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:06:36
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:06:36
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:06:36
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:06:36
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:06:36
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:06:36
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:06:36
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:06:36
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 00:06:36
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 00:06:36
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 00:06:36
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 00:06:36
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 00:06:36
VBASE021.VDF : 7.10.14.64 2048 Bytes 11/22/2010 00:06:36
VBASE022.VDF : 7.10.14.65 2048 Bytes 11/22/2010 00:06:36
VBASE023.VDF : 7.10.14.66 2048 Bytes 11/22/2010 00:06:36
VBASE024.VDF : 7.10.14.67 2048 Bytes 11/22/2010 00:06:36
VBASE025.VDF : 7.10.14.68 2048 Bytes 11/22/2010 00:06:36
VBASE026.VDF : 7.10.14.69 2048 Bytes 11/22/2010 00:06:36
VBASE027.VDF : 7.10.14.70 2048 Bytes 11/22/2010 00:06:36
VBASE028.VDF : 7.10.14.71 2048 Bytes 11/22/2010 00:06:36
VBASE029.VDF : 7.10.14.72 2048 Bytes 11/22/2010 00:06:36
VBASE030.VDF : 7.10.14.73 2048 Bytes 11/22/2010 00:06:36
VBASE031.VDF : 7.10.14.82 85504 Bytes 11/23/2010 00:06:36
Engineversion : 8.2.4.112
AEVDF.DLL : 8.1.2.1 106868 Bytes 11/24/2010 00:06:30
AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/24/2010 00:06:30
AESCN.DLL : 8.1.7.2 127349 Bytes 11/24/2010 00:06:30
AESBX.DLL : 8.1.3.2 254324 Bytes 11/24/2010 00:06:30
AERDL.DLL : 8.1.9.2 635252 Bytes 11/24/2010 00:06:30
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/24/2010 00:06:30
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/24/2010 00:06:30
AEHEUR.DLL : 8.1.2.44 3076471 Bytes 11/24/2010 00:06:30
AEHELP.DLL : 8.1.14.0 246134 Bytes 11/24/2010 00:06:30
AEGEN.DLL : 8.1.4.2 401781 Bytes 11/24/2010 00:06:30
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/24/2010 00:06:30
AECORE.DLL : 8.1.18.1 196984 Bytes 11/24/2010 00:06:30
AEBB.DLL : 8.1.1.0 53618 Bytes 11/24/2010 00:06:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:58
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 22:09:56
AVREP.DLL : 8.0.0.7 159784 Bytes 11/24/2010 00:06:36
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 22:09:56
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 22:09:58
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 22:09:56
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 22:09:56
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:58
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:22
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:22
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 22:10:10
Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_c4666553\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: Wednesday, November 24, 2010 10:48
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'HelpSvc.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'brccMCtl.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'persfw.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'McciCMService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'carboniteservice.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'CarboniteUI.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046559.exe'
C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP398\A0046559.exe
[DETECTION] Is the TR/Fakealert.2.44 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f54e347.qua'.
End of the scan: Wednesday, November 24, 2010 10:48
Used time: 00:46 Minute(s)
The scan has been done completely.
0 Scanned directories
50 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
49 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
The scan results will be transferred to the Guard.
-
I have TR/FAKEALERT 2.44 TROJAN.
Fake alert pop-up when I start up, something to do with a Microsoft program. There was another pop-up with white river, it does not pop up any more. I have run malwarebytes and have run Avira. I have to go manually download the Avira anti-virus updates.
I also have a problem with I tunes connecting ( connection time out ) and pictures do not show up in Outlook. I do not know if these problems are connected in any way.
I have hijack this but do not want to run it unless it is ok.
Please help with removal. Thanks in advance.
And ***** Happy Thanksgiving !!!!! ******
Debbie
-
Hello, Avira found and quarintened "html/infected.webpage.gen " it came back a few time with Avira quarinting it. Then it quit coming back. The problem now is I can not update Malwarebytes or Avira. Mozilla firefox quit working and now I can not pop mail my gmail account. Please help! Thanks in advance for your help.
Debbie
TR/FAKEALERT2.44 TROJAN
in Resolved Malware Removal Logs
Posted
Here it is:
ComboFix 10-12-09.04 - Owner 12/10/2010 10:02:36.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.431 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.
2010-11-28 05:35 . 2010-11-29 03:02 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2010-11-28 05:35 . 2010-11-28 05:35 -------- d-----w- c:\documents and settings\Owner\.thumbnails
2010-11-28 05:33 . 2010-11-29 04:19 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6
2010-11-28 05:32 . 2010-11-28 05:32 -------- d-----w- c:\program files\GIMP-2.0
2010-11-24 14:20 . 2010-11-24 14:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-11-23 00:52 . 2010-11-23 00:52 -------- d-----w- c:\program files\Apple Software Update
2010-11-23 00:50 . 2010-11-23 00:50 -------- d-----w- c:\program files\Bonjour
2010-11-19 00:03 . 2010-11-19 00:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Stardock
2010-11-19 00:03 . 2010-11-19 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2010-11-16 01:58 . 2010-11-16 01:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-11-11 23:11 . 2010-11-11 23:11 63156 ----a-w- c:\documents and settings\Owner\Application Data\Owner3SQLite3.dll
2010-11-11 23:10 . 2010-11-24 00:54 82432 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft Point Generator.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 17:00 . 2009-09-28 18:39 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 05:31 . 2009-09-28 18:39 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-29 23:42 . 2009-09-28 20:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2009-09-28 20:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-18 17:23 . 2007-02-19 14:57 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2007-02-19 14:57 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-08-12 12:59 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-12 12:59 954368 ----a-w- c:\windows\system32\mfc40.dll
2004-08-12 13:07 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\SET29B.tmp
.
((((((((((((((((((((((((((((( SnapShot@2010-12-01_04.17.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-10 15:24 . 2010-12-10 15:24 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
+ 2010-12-10 15:24 . 2010-12-10 15:24 16384 c:\windows\Temp\Perflib_Perfdata_484.dat
+ 2004-08-12 13:03 . 2010-12-10 15:28 79998 c:\windows\system32\perfc009.dat
- 2004-08-12 13:03 . 2010-11-30 14:38 79998 c:\windows\system32\perfc009.dat
- 2004-08-12 13:03 . 2010-11-30 14:38 466400 c:\windows\system32\perfh009.dat
+ 2004-08-12 13:03 . 2010-12-10 15:28 466400 c:\windows\system32\perfh009.dat
+ 2008-04-10 17:21 . 2010-12-06 01:00 117604 c:\windows\system32\mlfcache.dat
+ 2010-12-09 18:17 . 2010-12-09 18:17 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2010-09-22 23:10 . 2010-09-22 23:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2009-02-03 02:15 . 2010-12-09 18:17 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\3c940.msp
+ 2010-09-16 08:08 . 2010-09-16 08:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-05 2424560]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-22 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk.disabled]
backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk]
backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ID Vault.lnk]
backup=c:\windows\pss\ID Vault.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TomTomHOMEService"=2 (0x2)
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"KodakDigitalDisplayService"=2 (0x2)
"iPod Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"EM_EXEC"=c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=
"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"=
"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall\\PERSFW.exe"=
"c:\\Program Files\\Yugioh Virtual Dueling\\Yugioh Virtual Desktop 9.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [10/20/2009 9:53 AM 102912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 10:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/28/2009 12:39 PM 135336]
R3 SMCSTUB;SMCSTUB;c:\windows\system32\drivers\smcstub.sys [10/15/2007 9:21 AM 55680]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 12:24 PM 133104]
S3 mtsftkey;mtsftkey;c:\windows\system32\drivers\mtsftkey.sys [10/15/2007 9:21 AM 60032]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 12872]
S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 12:10 PM 98304]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 8:41 AM 92008]
.
Contents of the 'Scheduled Tasks' folder
2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:24]
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:24]
2010-12-10 c:\windows\Tasks\Registry Medic Schedule.job
- c:\program files\Registry Medic\RegMedic.exe [2007-05-28 23:11]
2007-05-26 c:\windows\Tasks\RegistryMedicAuotScan.job
- c:\program files\Registry Medic\RegMedical.exe [2007-05-25 00:14]
2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{D8F08181-DAC3-43EA-A58F-2C9409863ECB}.job
- c:\windows\system32\msfeedssync.exe [2007-02-19 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://coasttocoastam.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: premiereradio.net\rss
TCP: {0F06A1AD-90E2-4052-ACE0-BF85E8313AD1} = 205.152.132.32,205.152.37.23
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Startingpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.coasttocoastam.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}\components\FFExternalAlertGecko19.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com\components\FFExternalAlertGecko19.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Ancestry.com Advanced Image Viewer: support@ancestry.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\support@ancestry.com
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\noia2_option@kk.noia
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Extension: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Extension: Conduit Engine : engine@conduit.com - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\engine@conduit.com
FF - Extension: MapNeto 1 Community Toolbar: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}
FF - Extension: Personas: personas@christopher.beard - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\extensions\personas@christopher.beard
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 10:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]
@DACL=(02 0000)
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-10 10:19:47
ComboFix-quarantined-files.txt 2010-12-10 16:19
ComboFix2.txt 2010-12-05 04:47
ComboFix3.txt 2010-12-01 04:23
ComboFix4.txt 2009-10-01 04:44
Pre-Run: 64,080,789,504 bytes free
Post-Run: 64,070,045,696 bytes free
- - End Of File - - 8E5F0979A5F0819CCEF88A0690C10B8C