Jump to content

ksingelais

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/23/2010 3:27:20 PM mbam-log-2010-06-23 (15-27-20).txt Scan type: Quick scan Objects scanned: 119173 Time elapsed: 12 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-23 14:58:08 Windows 5.1.2600 Service Pack 3 Running: jd9jg52z.exe; Driver: C:\DOCUME~1\Kim\LOCALS~1\Temp\ugtdqpog.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF8A08392] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7F1E360, 0x24BB1D, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C .text C:\WINDOWS\System32\svchost.exe[1212] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0223000A .text C:\WINDOWS\System32\svchost.exe[1212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EE000A .text C:\Program Files\Mozilla Firefox\firefox.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0122000A .text C:\Program Files\Mozilla Firefox\firefox.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0123000A .text C:\Program Files\Mozilla Firefox\firefox.exe[1724] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0121000C .text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A .text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A .text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00E26E60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00E28E20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E25620 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!ReadFile 7C801812 5 Bytes JMP 00E26FD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E29020 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileMappingW 7C80943C 1 Byte [E9] .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00E28A40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00E27B50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!OpenFileMappingW 7C80BB7A 5 Bytes JMP 00E28D00 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!DuplicateHandle 7C80DE9E 5 Bytes JMP 00E2A730 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00E28690 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindClose 7C80EE77 1 Byte [E9] .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindClose 7C80EE77 5 Bytes JMP 00E287A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00E285A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindNextFileW 7C80EFDA 5 Bytes JMP 00E28880 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E29540 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00E278E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileSize 7C810B17 5 Bytes JMP 00E27810 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!SetFilePointer 7C810C2E 5 Bytes JMP 00E27580 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 00E27250 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileType 7C810EF1 5 Bytes JMP 00E27EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00E27BD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileAttributesA 7C8115DC 5 Bytes JMP 00E27AD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FlushFileBuffers 7C8126E1 5 Bytes JMP 00E27500 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindFirstFileA 7C813879 5 Bytes JMP 00E284B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00E276D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E2A130 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E29A80 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E29CA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileTime 7C831C4D 5 Bytes JMP 00E27CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!SetFileTime 7C831CC0 5 Bytes JMP 00E27DC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00E28060 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00E281A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00E279B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!UnlockFile 7C8322EC 5 Bytes JMP 00E27FD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!LockFile 7C832391 5 Bytes JMP 00E27F40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindNextFileA 7C834EE1 5 Bytes JMP 00E28810 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!_hread 7C8353FE 5 Bytes JMP 00E282E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!_llseek 7C835436 5 Bytes JMP 00E28420 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00E2A3A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetShortPathNameA 7C835BE0 5 Bytes JMP 00E288F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E29EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!ReplaceFile 7C836C6C 5 Bytes JMP 00E2A630 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!_hwrite 7C838B17 5 Bytes JMP 00E28380 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00E26220 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00E25CA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 00E26050 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetPixel 77F1B74C 1 Byte [E9] .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00E25E50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00E25780 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00E25960 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CopyEnhMetaFileW 77F270CC 5 Bytes JMP 00E26C50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CopyMetaFileW 77F2C3ED 5 Bytes JMP 00E26A40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CopyMetaFileA 77F2C52B 5 Bytes JMP 00E26610 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetMetaFileW 77F3853D 5 Bytes JMP 00E26820 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetEnhMetaFileW 77F397A3 5 Bytes JMP 00E26930 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetMetaFileA 77F44216 5 Bytes JMP 00E263F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00E2CDA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!StartDocA 77F45E79 5 Bytes JMP 00E2BDE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetEnhMetaFileA 77F4AE35 5 Bytes JMP 00E26500 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00E26190 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00E25B40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00E25C30 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!PrintWindow 7E423810 5 Bytes JMP 00E26320 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00E25BB0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) .text C:\WINDOWS\system32\spoolsv.exe[2020] ole32.dll!DoDragDrop 775D0B6D 5 Bytes JMP 00E28F20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/27/2007 4:31:04 PM System Uptime: 6/23/2010 1:44:54 PM (0 hours ago) Motherboard: ASUSTeK Computer INC. | | A7N8X2.0 Processor: AMD Athlon XP 2500+ | Socket A | 1837/166mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 10 GiB total, 0.301 GiB free. D: is FIXED (NTFS) - 31 GiB total, 14.316 GiB free. E: is FIXED (NTFS) - 2 GiB total, 0.958 GiB free. F: is FIXED (NTFS) - 21 GiB total, 16.368 GiB free. G: is CDROM () H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 1300 1300_Help 1300Tour 1300Trb Acrobat.com Adobe Acrobat Reader 3.01 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3 AiO_Scan AIOMinimal AiOSoftware Air Utility ANIO Service ANIWZCS Service Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar AVG Free 9.0 Bonjour CCleaner Copy CreativeProjects Critical Update for Windows Media Player 11 (KB959772) Director DocProc Fax Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954708) HP Image Zone 3.5 HP PSC & OfficeJet 3.5 HP Software Update HPSystemDiagnostics ImgBurn InstantShare InterVideo FilterSDK for Hauppauge iTunes Java 6 Update 13 Junk Mail filter update Logitech Desktop Messenger Logitech QuickCam Logitech QuickCam Driver Package Logitech Updater Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.6.3) MSVCRT MSXML 4.0 SP2 (KB954430) MySpaceIM NVIDIA Drivers NVIDIA Windows 2000/XP nForce Drivers OpenOffice.org 2.3 Oracle IRM Desktop 5.5.12 10gR3 PR5 Overland PhotoGallery PrintScreen QFolder QuickProjects QuickTime Readme Revo Uninstaller 1.83 Samsung Master Scan Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Segoe UI SkinsHP1 SkinsHP2 System Requirements Lab TrayApp Unload Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VideoLAN VLC media player 0.8.6d WebFldrs XP WebReg Winamp Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver WolfQuest Yahoo! Messenger ==== Event Viewer Messages From Past Week ======== 6/22/2010 12:05:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nv_agp 6/22/2010 12:02:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 6/22/2010 11:50:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 AvgLdx86 AvgMfx86 Fips 6/22/2010 11:49:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/21/2010 3:23:02 PM, error: Dhcp [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 000EA6B8D14A has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message). ==== End Of File ===========================
  2. DDS (Ver_10-03-17.01) - NTFSx86 Run by Kim at 13:55:10.40 on Wed 06/23/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.76 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kim\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Gamevance Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Gamevance Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File mRun: [D-Link Air Utility] c:\program files\d-link\air utility\AirCFG.exe mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe dRun: [youhwmvd] c:\windows\system32\config\systemprofile\local settings\application data\hwywoalvl\plwsdqktssd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {7FE3BFF6-6384-41AA-9C53-E2D1D2A20B1B} = 208.67.220.220,208.67.222.222 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kim\applic~1\mozilla\firefox\profiles\3a7iev0o.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM4&o=15188&locale=en_US&q= FF - component: c:\documents and settings\kim\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\FFTextLinks.dll FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-27 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-27 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-27 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-17 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-5 54752] R3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\drivers\PRISMNDS.sys [2008-1-13 652288] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] =============== Created Last 30 ================ 2010-06-23 17:17:39 0 ----a-w- c:\documents and settings\kim\defogger_reenable 2010-06-23 16:33:56 0 dc-h--w- c:\windows\ie8 2010-06-22 15:01:12 0 d-----w- c:\docume~1\kim\applic~1\Malwarebytes 2010-06-22 14:56:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-22 14:56:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-22 14:56:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-22 14:56:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2010-06-02 12:59:14 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-05-02 22:23:32 17240 ---ha-w- c:\windows\system32\mlfcache.dat 2010-04-16 12:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe ============= FINISH: 13:56:36.53 =============== Attach.zip ark.zip
  3. i followed these instructions ran another full scan with my anti virus. it found three infected files removed them. tried to use internet explorer still wont work. along with can not sign in and use msn messanger or hotmail messanger. so i went on with using following instuctions if i was still having problems. downloaded the defogger followed instructions all the way till defogger will ask you to reboot machine. well im stuck on this cause it did not ask me to reboot. so do i restart computer on my own or what do i do.
  4. i went into safe mode first then followed your instructions to remove av security suite. cause it would not do it in regular mode. it has removed av security. but saved mbam log will attach here. but now my internet explore is not working. says page can not be displayed.how do i fix internet explore Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 6/22/2010 12:01:22 PM mbam-log-2010-06-22 (12-01-22).txt Scan type: Quick scan Objects scanned: 117478 Time elapsed: 7 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 13 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\youhwmvd (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\gamevancelib32_AVG_RESTORED.dll (Adware.Gamevance) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\gamevancelib32_AVG_RESTORED_1.dll (Adware.Gamevance) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\hwywoalvl\plwsdqktssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
  5. i followed the instructions on downloading malwarebytes got all the way to the point where you click finish. and thats as far as it would let me go. rest of the following would not do ...... * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. Reboot your computer if prompted. * When completed, a log will open in Notepad. The rogue application should now be gone. went back and click on the icon on desktop to open it to try to finish instructions you gave me but would not open.. also internet explore just keeps opening with porn sites on it. and alert boxs popping up every where and have to keep clicking out of them before i can do anything.
  6. Hello, I have av security suite popping up on my computer. saying i have spyware alerts and virus alerts.how do i fix this problem. and remove them
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.