cyzpro
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by cyzpro
-
-
I force my pc into safe mode by using msconfig, and no infected files was found. My laptop is LG E300. Even though I am in USA I think this laptop has Vista(Canada version) because this laptop was make for Canada market.
***************safe mode log******************
Malwarebytes' Anti-Malware 1.31
Database version: 1597
Windows 6.0.6001 Service Pack 1
1/2/2009 8:21:00 PM
mbam-log-2009-01-02 (20-21-00).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 109848
Time elapsed: 13 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
****************************collect info**********************************
Malwarebytes' Anti-Malware 1.31
Database version: 1597
Executable location: C:\Program Files\Malwarebytes' Anti-Malware
Database location: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
Username: Admin
Windows folder: C:\Windows
System folder: C:\Windows\system32
Root drive: C:
Program Files: C:\Program Files
Common Files: C:\Program Files\Common Files
Desktop: C:\Users\Admin\Desktop
Desktop: C:\Users\Default\Desktop
Desktop: C:\Users\Guest\Desktop
Desktop: C:\Users\Public\Desktop
Start Menu: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu
Start Menu: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Start Menu: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu
Start Menu: C:\ProgramData\Microsoft\Windows\Start Menu
User Root: C:\Users\Admin
User Root: C:\Users\Default
User Root: C:\Users\Guest
User Root: C:\Users\Public
Favorite: C:\Users\Admin\Favorites
Favorite: C:\Users\Default\Favorites
Favorite: C:\Users\Guest\Favorites
Favorite: C:\Users\Public\Favorites
Application Data: C:\Users\Admin\AppData\Roaming
Application Data: C:\Users\Default\AppData\Roaming
Application Data: C:\Users\Guest\AppData\Roaming
Application Data: C:\ProgramData
Quick Launch: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Quick Launch: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Quick Launch: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Temporary Folder: C:\Users\Admin\AppData\Local\Temp
Temporary Folder: C:\Users\Default\AppData\Local\Temp
Temporary Folder: C:\Users\Guest\AppData\Local\Temp
Temporary Folder: C:\Windows\Temp
-
I don't understand why log file stated "no action taken", I remember log file stated files will be delete on reboot.
****************************log file**************************
Malwarebytes' Anti-Malware 1.31
Database version: 1597
Windows 6.0.6001 Service Pack 1
1/2/2009 7:40:19 PM
mbam-log-2009-01-02 (19-39-49).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 101321
Time elapsed: 1 hour(s), 33 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 62
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.
C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken.
C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.
C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken.
-
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open file "C:\Users\Default\Application Data\Google\kjzna1562565.exe"
Deletion of file "C:\Users\Default\Application Data\Google\kjzna1562565.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Application Data\Google\spcffwl.dll"
Deletion of file "C:\Users\Default\Application Data\Google\spcffwl.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Application Data\install.exe"
Deletion of file "C:\Users\Default\Application Data\install.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Application Data\shellex.dll"
Deletion of file "C:\Users\Default\Application Data\shellex.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Application Data\srcss.exe"
Deletion of file "C:\Users\Default\Application Data\srcss.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin"
Deletion of file "C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\igyzih._sy"
Deletion of file "C:\Users\Default\Local Settings\Application Data\igyzih._sy" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\naciveg.reg"
Deletion of file "C:\Users\Default\Local Settings\Application Data\naciveg.reg" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin"
Deletion of file "C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\zokawi.lib"
Deletion of file "C:\Users\Default\Local Settings\Application Data\zokawi.lib" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Apps\2.0\srw94.exe"
Deletion of file "C:\Users\Default\Local Settings\Apps\2.0\srw94.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Cookies\bumo.reg"
Deletion of file "C:\Users\Default\Cookies\bumo.reg" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Cookies\jababug.inf"
Deletion of file "C:\Users\Default\Cookies\jababug.inf" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\ycuc.lib"
Deletion of file "C:\Users\Default\Local Settings\Application Data\ycuc.lib" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\bokefa.bat"
Deletion of file "C:\Users\Default\Local Settings\Application Data\bokefa.bat" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\sytetuf.sys"
Deletion of file "C:\Users\Default\Local Settings\Application Data\sytetuf.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\vege.ban"
Deletion of file "C:\Users\Default\Local Settings\Application Data\vege.ban" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\xyzunore.dl"
Deletion of file "C:\Users\Default\Local Settings\Application Data\xyzunore.dl" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr"
Deletion of file "C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\anok.bat"
Deletion of file "C:\Users\Default\Local Settings\Application Data\anok.bat" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\ewabutovah.dl"
Deletion of file "C:\Users\Default\Local Settings\Application Data\ewabutovah.dl" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\fibaw.ban"
Deletion of file "C:\Users\Default\Local Settings\Application Data\fibaw.ban" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\ybikohe.vbs"
Deletion of file "C:\Users\Default\Local Settings\Application Data\ybikohe.vbs" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Cookies\uwux.exe"
Deletion of file "C:\Users\Default\Cookies\uwux.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Cookies\jiceji._sy"
Deletion of file "C:\Users\Default\Cookies\jiceji._sy" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Cookies\esycire._dl"
Deletion of file "C:\Users\Default\Cookies\esycire._dl" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\igutymyko.ban"
Deletion of file "C:\Users\Default\Local Settings\Application Data\igutymyko.ban" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\ymuxag.com"
Deletion of file "C:\Users\Default\Local Settings\Application Data\ymuxag.com" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Cookies\syssp.exe"
Deletion of file "C:\Users\Default\Cookies\syssp.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\comrepl.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\comrepl.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Cookies\MM2048.DAT"
Deletion of file "C:\Users\Default\Cookies\MM2048.DAT" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Cookies\MM256.DAT"
Deletion of file "C:\Users\Default\Cookies\MM256.DAT" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\TempImages\IIEPRS.exe"
Deletion of file "C:\Users\Default\Local Settings\TempImages\IIEPRS.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\TempImages\IIEPR.exe"
Deletion of file "C:\Users\Default\Local Settings\TempImages\IIEPR.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\alg.exe"
Deletion of file "C:\Users\Default\Local Settings\alg.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\sec3.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\sec3.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\xacsceib.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\xacsceib.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\cftmon.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\cftmon.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Application Data\spool.exe"
Deletion of file "C:\Users\Default\Local Settings\Application Data\spool.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Secret.fold"
Deletion of file "C:\Users\Default\My Documents\My Secret.fold" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Music\New Song.lagu"
Deletion of file "C:\Users\Default\My Documents\My Music\New Song.lagu" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Music\Video.vidz"
Deletion of file "C:\Users\Default\My Documents\My Music\Video.vidz" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Pictures\aweks.pikz"
Deletion of file "C:\Users\Default\My Documents\My Pictures\aweks.pikz" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Pictures\seram.pikz"
Deletion of file "C:\Users\Default\My Documents\My Pictures\seram.pikz" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Music\My Music.url"
Deletion of file "C:\Users\Default\My Documents\My Music\My Music.url" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Pictures\My Pictures.url"
Deletion of file "C:\Users\Default\My Documents\My Pictures\My Pictures.url" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Videos\My Video.url"
Deletion of file "C:\Users\Default\My Documents\My Videos\My Video.url" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\My Documents\My Documents.url"
Deletion of file "C:\Users\Default\My Documents\My Documents.url" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\my documents\work9\bhobj\bhobj.dll"
Deletion of file "C:\Users\Default\my documents\work9\bhobj\bhobj.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Users\Default\Local Settings\Temp\_check32.bat"
Deletion of file "C:\Users\Default\Local Settings\Temp\_check32.bat" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Completed script processing.
*******************
Finished! Terminate.
-
I try to get into Safe Mode to scan hard drive but nothing happens when I press and hold F8 Key.
-
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\windows\system32\drivers\tdssserv.sys" not found!
Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found!
Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found!
Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSShrxr.dll" not found!
Deletion of file "c:\windows\system32\TDSShrxr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSkkbi.log" not found!
Deletion of file "c:\windows\system32\TDSSkkbi.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSlrvd.dat" not found!
Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSlxwp.dll" not found!
Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSnmxh.log" not found!
Deletion of file "c:\windows\system32\TDSSnmxh.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSoiqt.dll" not found!
Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSrhyp.log" not found!
Deletion of file "c:\windows\system32\TDSSrhyp.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSrtqp.dll" not found!
Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSsihc.dll" not found!
Deletion of file "c:\windows\system32\TDSSsihc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\TDSSxfum.dll" not found!
Deletion of file "c:\windows\system32\TDSSxfum.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\SYSTEM32\qoMfefde.dll" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\qoMfefde.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found!
Deletion of driver "tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
-
oops, how do I delete my previous post? I post same thing twice.
-
I did not let MBAM remove these infected file because I can not located these files in the C drive in the first place, even after I let the pc to show hidden files. MBAM found these infected files after doing heuristic virus detection.
Very strange? I scan the pc again. I let MBAM remove the infected files this time, the MBAM ask to restart pc and stated infected file will be deleted on reboot. But MBAM found same files again and the log file stated no action was taken
***********************************mbam log below*****************************
Malwarebytes' Anti-Malware 1.31
Database version: 1590
Windows 6.0.6001 Service Pack 1
1/1/2009 7:03:34 PM
mbam-log-2009-01-01 (19-03-19)
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 101105
Time elapsed: 1 hour(s), 34 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 62
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.
C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken.
C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.
C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken.
***********************hijackthis log***********************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:35 PM, on 1/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\CBOClean\BOC427.EXE
C:\Program Files\IOGEAR\DigitalScribe.exe
C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe
C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IOGEAR\PegRoute.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
D:\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
O4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
--
End of file - 6769 bytes
-
Yes, I still need help.
************************************Malwarebytes scan log*************************************
Malwarebytes' Anti-Malware 1.31
Database version: 1580
Windows 6.0.6001 Service Pack 1
12/31/2008 7:22:08 PM
mbam-log-2008-12-31 (19-22-03).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 100017
Time elapsed: 1 hour(s), 32 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 62
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.
C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.
C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken.
C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken.
C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.
C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken.
***************************hijackthis log***********************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:13 PM, on 12/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\CBOClean\BOC427.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
O4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
--
End of file - 6568 bytes
******************************Panda Activescan log**********************************
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-31 20:11:31
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Defender 1.1.4205.0 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@fastclick[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@mediaplex[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@apmebf[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ads.pointroll[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adrevolver[1].txt
00431194 Adware/AdsRevenue Adware No 0 Yes No C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KKST6Q9O\mm[1].js
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location 0
C5
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description 0
C5
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
-
I downloaded Malwarebytes and update it yesterday. Malwarebytes found a lot of trojans . My pc is acting normal. I can not find the infected files on my pc. My pc is showing hidden files and folders.
I attached Malwarebytes log and Panda Activescan log.
Somehow this website does not allow me to upload Hijackthis log so I posted below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:05 AM, on 12/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\CBOClean\BOC427.EXE
C:\Program Files\IOGEAR\DigitalScribe.exe
C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe
C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\IOGEAR\PegRoute.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Admin\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java
-
I downloaded Malwarebytes and update it yesterday. Malwarebytes found a lot of trojans . My pc is acting normal. I can not find the infected files on my pc. My pc is showing hidden files and folders.
I attached Malwarebytes log and Panda Activescan log.
Somehow this website does not allow me to upload Hijackthis log so I posted below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:05 AM, on 12/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\CBOClean\BOC427.EXE
C:\Program Files\IOGEAR\DigitalScribe.exe
C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe
C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\IOGEAR\PegRoute.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Admin\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
O4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
--
End of file - 6762 bytes
mbam_log_2008_12_21__22_51_08_.txt
is my pc infected
in Resolved Malware Removal Logs
Posted
******HJT log in safe mode*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:25 AM, on 1/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
D:\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
O4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
--
End of file - 5756 bytes