Newfie Dave

As Requested: However, I could not find AVG Antivirus in my Control panel / Add/Remove Programs list to remove ComboFix 09-01-21.04 - Karen 2009-01-24 10:59:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.262 [GMT -3.5:30] Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\racle~1 c:\program files\INSTALL.LOG c:\program files\outlook c:\windows\system32\bszip.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\nicgx.dat c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wanpacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_R_SERVER -------\Legacy_WINDOWS_OVERLAY_COMPONENTS -------\Legacy_ZESOFT -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-22 18:35 . 2009-01-22 18:35 <DIR> d----c--- C:\as_xyz 2009-01-21 17:55 . 2009-01-21 18:07 <DIR> d----c--- C:\Lop SD 2009-01-21 16:31 . 2009-01-21 16:31 <DIR> d-------- c:\program files\Trend Micro 2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- c:\program files\Avira 2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Avira 2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d-------- c:\documents and settings\Karen\Application Data\Malwarebytes 2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-19 20:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-19 20:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-19 20:32 . 2009-01-19 20:36 <DIR> d-------- c:\documents and settings\Karen\Application Data\MalwareRemovalBot 2009-01-10 02:09 . 2009-01-10 02:09 23,392 --a------ c:\windows\system32\nscompat.tlb 2009-01-10 02:09 . 2009-01-10 02:09 16,832 --a------ c:\windows\system32\amcompat.tlb . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 14:02 --------- d-----w c:\program files\Project64 1.6 2009-01-24 04:55 --------- d-----w c:\program files\ICQ 2009-01-24 04:41 --------- dc----w c:\documents and settings\All Users\Application Data\SkillRide 2009-01-23 14:54 --------- d-----w c:\program files\CCleaner 2009-01-22 22:48 --------- d-----w c:\program files\Common Files\Adobe 2009-01-21 17:12 --------- d-----w c:\program files\TClock 2009-01-20 16:00 --------- d-----w c:\program files\Kaspersky Lab 2009-01-20 02:38 --------- d-----w c:\program files\Phoenix Installer 2009-01-10 03:25 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 02:53 --------- d-----w c:\documents and settings\Karen\Application Data\AVGTOOLBAR 2008-12-07 02:36 --------- dc----w c:\documents and settings\All Users\Application Data\avg8 2008-12-07 02:35 --------- d-----w c:\program files\AVG 2008-12-07 00:33 --------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-24 18:24 724,984 ----a-w c:\documents and settings\Karen\gotomypc_437.exe 2007-04-13 20:25 722,176 ----a-w c:\documents and settings\Karen\gotomypc_428.exe 2006-12-05 18:58 4,096 -csha-w c:\program files\Thumbs.db 2006-12-03 21:35 563,712 ----a-w c:\documents and settings\Karen\gotomypc_370.exe 2006-06-13 15:26 560 -c--a-w c:\documents and settings\Karen\PCDOC.BAT 2006-05-14 23:14 105,312 -c--a-w c:\documents and settings\Karen\Application Data\GDIPFONTCACHEV1.DAT 2006-05-10 23:46 563,712 -c--a-w c:\documents and settings\Karen\370_gotomypc.exe 2004-12-04 16:30 462,919 -c--a-w c:\documents and settings\Karen\gotomypc.exe 2004-07-03 09:09 1,080,320 -c--a-w c:\documents and settings\Karen\Souls.exe 2004-05-22 16:39 162,304 -c--a-w c:\documents and settings\Karen\SRNet.dll 2006-01-28 12:28 56 -csh--r c:\windows\system32\345DF350AE.sys 2006-01-28 12:28 3,766 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2004-12-14 263824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll "MSVideo"= CxCap.drv "VIDC.JPGL"= jpgl.dll "VIDC.SK52"= Pdv30x.dll "VIDC.SK54"= Pdv30x.dll "VIDC.VVC1"= VVC1.DLL "msvideo3"= STVqx3tg.dll "vidc.YV12"= vvlcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Registration.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Registration.lnk backup=c:\windows\pss\Corel Registration.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK backup=c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK backup=c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK backup=c:\windows\pss\Desktop Application Director 9.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\South Park Desktop Friends.lnk backup=c:\windows\pss\South Park Desktop Friends.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^BitTorrent.lnk] path=c:\documents and settings\Karen\Start Menu\Programs\Startup\BitTorrent.lnk backup=c:\windows\pss\BitTorrent.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=c:\documents and settings\Karen\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=c:\documents and settings\Karen\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^ShortKeys Lite.lnk] path=c:\documents and settings\Karen\Start Menu\Programs\Startup\ShortKeys Lite.lnk backup=c:\windows\pss\ShortKeys Lite.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^VP-EYE.lnk] path=c:\documents and settings\Karen\Start Menu\Programs\Startup\VP-EYE.lnk backup=c:\windows\pss\VP-EYE.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gsosjbi] c:\program files\Common Files\?racle\w?nlogon.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ???? [?] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ???? [?] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:42 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera] --a------ 2005-12-06 13:08 20480 c:\windows\FixCamera.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-11-15 13:11 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2007-03-21 06:05 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLifeService] --------- 2005-05-12 21:23 110739 c:\program files\Logitech\MediaLife\MediaLifeService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] --a------ 2003-10-14 13:06 38984 c:\progra~1\ICQ\ICQNet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDRealtime] --a--c--- 2003-03-15 22:46 168448 c:\windows\realtime.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-11-14 23:43 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] --a------ 2006-09-15 14:21 675840 c:\windows\vsnp2std.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std] --a------ 2005-11-24 17:01 106496 c:\windows\tsnp2std.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-01-19 12:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] --a------ 2003-03-04 08:50 19968 c:\windows\LOGI_MWX.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ICQ\\Icq.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\ICQLite\\ICQLite.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4020:TCP"= 4020:TCP:127.0.0.1. "4020:UDP"= 4020:UDP:127.0.0.1. "67:UDP"= 67:UDP:DHCP Discovery Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2006-06-29 149376] R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2006-06-14 3026] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704] R4 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2007-09-13 3584] S3 DCamUSBNW800;D-Link CIF Webcam;c:\windows\system32\drivers\pcam800.sys [2004-09-11 210792] S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2006-03-01 131776] . Contents of the 'Scheduled Tasks' folder 2009-01-24 c:\windows\Tasks\9406B6C39551419B.job - c:\docume~1\karen\applic~1\thisus~1\Title Tick Eq.exe [] 2009-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-01-24 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe [] 2009-01-24 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job - c:\program files\MalwareRemovalBot [] 2009-01-24 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24] . - - - - ORPHANS REMOVED - - - - HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe MSConfigStartUp-about list - c:\docume~1\Karen\APPLIC~1\THISUS~1\oozeaxis.exe MSConfigStartUp-AIM - c:\program files\AIM\aim.exe MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe MSConfigStartUp-defender - c:\\dfndrdd_6.exe MSConfigStartUp-GameSpot - c:\program files\Kontiki\bin\kontiki.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-MessengerPlus2 - c:\documents and settings\Karen\Desktop\Jonathans Folder\MsgPlus.exe MSConfigStartUp-Microsoft Tray - c:\my shared folder\grand theft auto vice city setup launcher.exe MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe MSConfigStartUp-MMTray - c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe MSConfigStartUp-ms035853735-46 - c:\windows\ms035853735-46.exe MSConfigStartUp-ms0553735-4658 - c:\windows\ms0553735-4658.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe MSConfigStartUp-NAV Agent - c:\progra~1\NORTON~1\NORTON~1\navapw32.exe MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL MSConfigStartUp-nmapp - c:\program files\Pure Networks\Network Magic\nmapp.exe MSConfigStartUp-NvCplDaemon - c:\windows\System32\NvCpl.dll MSConfigStartUp-outlook - c:\program files\outlook\outlook.exe MSConfigStartUp-PopupJammer - c:\program files\Advanced Searchbar\jammer.exe MSConfigStartUp-qrgli - c:\docume~1\Karen\APPLIC~1\dfooalyq.exe MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe MSConfigStartUp-Spyware Doctor - c:\program files\Spyware Doctor\swdoctor.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_11\bin\jusched.exe MSConfigStartUp-SurfSideKick 3 - c:\program files\SurfSideKick 3\Ssk.exe MSConfigStartUp-TaskReg - c:\documents and settings\Karen\Desktop\Jonathans Folder\Dragon Ball Z Game (1).exe MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe MSConfigStartUp-VideoraXbox360Converter - c:\documents and settings\Karen\Desktop\Jonathan's Folder\Music Files\VideoraXbox360Converter\VideoraXbox360Converter.exe MSConfigStartUp-win3207735-465853 - c:\windows\win3207735-465853.exe MSConfigStartUp-win320835-4658537 - c:\windows\win320835-4658537.exe MSConfigStartUp-Zero Knowledge Freedom - c:\program files\Zero Knowledge\Freedom\Freedom.exe MSConfigStartUp-Logitech Hardware Abstraction Layer - KHALMNPR.EXE MSConfigStartUp-nwiz - nwiz.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.tsn.ca/nhl/ uDefault_Search_Url = mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: aol.com\free Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 11:06:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21] "ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv" . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE c:\windows\system32\devldr32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-01-24 11:13:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-24 14:43:52 Pre-Run: 10,944,761,856 bytes free Post-Run: 10,892,746,752 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 314 --- E O F --- 2009-01-14 07:17:20 AND HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:18 AM, on 1/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) -- End of file - 6804 bytes

MBAM & HJT Logs Below: Malwarebytes' Anti-Malware 1.33 Database version: 1683 Windows 5.1.2600 Service Pack 3 1/23/2009 12:11:55 PM mbam-log-2009-01-23 (12-11-55).txt Scan type: Quick Scan Objects scanned: 56293 Time elapsed: 7 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AND HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:40 PM, on 1/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing) O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg -- End of file - 8879 bytes Still getting the Popup Warning Window.

MBAM & HJT Logs Below: Malwarebytes' Anti-Malware 1.33 Database version: 1683 Windows 5.1.2600 Service Pack 3 1/23/2009 12:11:55 PM mbam-log-2009-01-23 (12-11-55).txt Scan type: Quick Scan Objects scanned: 56293 Time elapsed: 7 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AND HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:40 PM, on 1/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing) O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg -- End of file - 8879 bytes Still getting the Popup Warning Window.

Thank you for the reply. I will post all requested once complete. D

Thank You for your time

Whats a crack?

Ok, As requested. I am still having problems and here are the note pad C & P. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:31:44 PM, on 1/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.tropicalglen.com O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing) O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg -- End of file - 9301 bytes AND Avira AntiVir Personal Report file date: Wednesday, January 21, 2009 12:23 Scanning for 1244138 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: HOME Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 12:51:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 12:26:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 17:14:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 12:28:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:00:36 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 15:51:02 ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 1/20/2009 15:51:06 ANTIVIR3.VDF : 7.1.1.159 140288 Bytes 1/21/2009 15:51:09 Engineversion : 8.2.0.57 AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 14:35:56 AESCRIPT.DLL : 8.1.1.26 340347 Bytes 1/21/2009 15:51:26 AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 19:36:41 AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 18:28:38 AEPACK.DLL : 8.1.3.5 393588 Bytes 1/21/2009 15:51:24 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/21/2009 15:51:21 AEHEUR.DLL : 8.1.0.84 1540471 Bytes 1/21/2009 15:51:19 AEHELP.DLL : 8.1.2.0 119159 Bytes 1/21/2009 15:51:14 AEGEN.DLL : 8.1.1.10 323957 Bytes 1/21/2009 15:51:13 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 14:35:56 AECORE.DLL : 8.1.5.2 172405 Bytes 1/21/2009 15:51:11 AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 14:35:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 13:10:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 13:58:01 AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 16:32:15 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 15:56:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 12:59:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 16:57:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 21:58:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 17:19:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 16:35:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 18:18:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 18:04:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Wednesday, January 21, 2009 12:23 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'devldr32.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 26 processes with 26 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '64' files ). Starting the file scan: Begin scan in 'C:\' <Local Disk> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\BeInSync Settings\Temp\jeepersdx2_1_2_020.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was deleted! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was deleted! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.htm [DETECTION] Contains recognition pattern of the EXP/HTML.Mht.2.1 exploit [NOTE] The file was moved to '49a748a1.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848a2.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP10.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848a4.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP11.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848a6.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848a8.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP13.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848ac.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP14.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848ad.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP15.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848af.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP16.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848b0.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP17.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848b5.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP18.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848ba.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP19.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a848bd.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a948c0.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP20.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a948c1.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP21.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a948c4.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP22.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a948c8.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP23.exe [DETECTION] Contains recognition pattern of the WORM/Krepper.C worm [NOTE] The file was moved to '49a948cf.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP28.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a948d1.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP29.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a948d6.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP3.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49aa48d8.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP30.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49aa48dc.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP31.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49aa48df.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP4.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49ab48e1.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49ac48e6.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49ad48e9.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP7.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49ae48ec.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP8.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49af48ef.qua'! C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP9.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49b048f1.qua'! C:\Documents and Settings\Karen\Desktop\Dads Pics\setupxv.exe [DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper [NOTE] The file was moved to '49eb4ac3.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\at128megav1[1].1a.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample --> jeepersdx2_1_2_020.zip [1] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a84ae9.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\beavis_v08.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49d84ada.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\chatternut_9.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49d84add.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\jeepersdx2_1_2_020.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4ade.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo[1].xs.atmega.fix.bev.zip [0] Archive type: ZIP --> Juggalo_X's atmega fix (15.08.04)/6000 receiver fix/jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample --> Juggalo_X's atmega fix (15.08.04)/All other receivers fix/jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49de4af0.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo[1].xs.atmega.fix.v2.2.zip [0] Archive type: ZIP --> Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.BEV/Juggalo_X's atmega fix (15.08.04)/6000 receiver fix/jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample --> Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.BEV/Juggalo_X's atmega fix (15.08.04)/All other receivers fix/jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49de4af1.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo_xs[1].atmega.fix.zip [0] Archive type: ZIP --> Juggalo_X's atmega fix (15.08.04)/jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '485a4072.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\angelvision v1[1].0.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49de4af3.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4acc.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ace.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\AtMega -Anti- Freeze@100kb\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '483958ef.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\BEV ATMEGA FIX FOR JEEPERS\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4aef.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\BEV-Atmega-128-Tiers-Fix-And-Keys-Of-2007-04-12\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ad0.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\freeway2.0 S1\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ad1.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '48367662.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ad2.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '483958f3.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ad3.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '483a5314.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '48370f04.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ad4.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '48370f05.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ad6.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ad5.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '483b6f06.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\OriginalJuniorRoba\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '483958f7.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\SatJammin BV V5.1\SatJammin BV V5.1.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49eb4af4.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\OriginalJuniorRoba\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4adf.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Bins\BEV Stuff\Jeepers\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4ae3.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Bins\BEV Stuff\Jeepers\jeepersdx2_1_2_020.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4b04.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\Atmega N2.rar [0] Archive type: RAR --> Atmega N2\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49e44b1e.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\jan 3 amega card fix.zip [0] Archive type: ZIP --> Jan 3 Amega card fix/jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49e54b0c.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4b10.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\ATMEGA PROGRAM JUNE 06\CrackedAtmegaPrivateFix\cracked_atmega_load___home_private_fix_v1.rar [0] Archive type: RAR --> AtmegaCrack.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49d84b21.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\ATMEGA PROGRAM JUNE 06\Cracked_Atmega_Load___Home_Private_Fix_v1\AtmegaCrack.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49e44b25.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV MOD\BEV N2\satvia no rsa all-in-1.zip [0] Archive type: ZIP --> SatVia No RSA ALL-IN-1/jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49eb4b14.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV MOD\BEV N2\SatVia No RSA ALL-IN-1\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4af9.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV N2 ATMEGA SATVIA V5\SatVia ALL-IN-ONE V5\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '483a533a.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4b1b.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\Atmega N2.rar [0] Archive type: RAR --> Atmega N2\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49e44b2b.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\atmega n2.zip [0] Archive type: ZIP --> Atmega N2/Atmega N2.rar [1] Archive type: RAR --> Atmega N2\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample --> Atmega N2/jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '486252ec.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4b1d.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\attachment [0] Archive type: ZIP --> jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49eb4b2e.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b00.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\satvia no rsa all-in-1c.zip [0] Archive type: ZIP --> SatVia No RSA ALL-IN-1c/jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49eb4b1d.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\Atmega N2.rar [0] Archive type: RAR --> Atmega N2\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49e44b30.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4b22.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\Jan 3 Amega card fix\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4b23.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\misterfery hits back\jeepers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49dc4b24.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\SatVia No RSA ALL-IN-1\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b04.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\SatVia No RSA ALL-IN-1a\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b05.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b08.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b0e.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\April16-DN\JEEPERS.EXE [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '4839592f.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\atmega\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b10.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 2.0.2 DN Mega128\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '48395931.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 2.0.3 DN Mega128 PFG\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b11.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 229 DN May29\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '48395932.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b13.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '483677a4.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b14.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c08cd.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b15.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482924fe.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b17.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b16.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482924ff.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482d04f0.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b19.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\NEW VIP ATMEGA AUTOROLL\SatMan_s_147kb_Redux_Including_6000_and_full_AutoRoll_now_with_Dynamic_time _Zones.rar [0] Archive type: RAR --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49eb4b34.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\NEW VIP ATMEGA AUTOROLL\3m ver2.3\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c08c2.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\OriginalJuniorRoba\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b1a.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\SatJammin_DN_V7.1C_For_WCU_support\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b1f.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\SatMan's 3m 5.6m @ 98KB's 100+kb Reduction B\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b20.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\Dish phoenix 2.1.4 for jeepers by sathaks\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b2b.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\No Rsa For Dummies\SatVia ALL-IN-ONE V5\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc4b2d.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\ROM 102\ROM 102\WINEXPLORER 5.0\WinExplorer.exe [DETECTION] Is the TR/Agent.1249280.C Trojan [NOTE] The file was moved to '49e54b6d.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\ROM 102\ZIP FILES ROM102\winexplorer5.zip [0] Archive type: ZIP --> WinExplorer.exe [DETECTION] Is the TR/Agent.1249280.C Trojan [NOTE] The file was moved to '49e54b7d.qua'! C:\Documents and Settings\Karen\Desktop\Downloads\SatJammin BV V5.1\SatJammin BV V5.1.zip [0] Archive type: ZIP --> jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49eb4b76.qua'! C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\VD4KULMJ\setupxv[1].exe [DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper [NOTE] The file was moved to '49eb50d7.qua'! C:\Documents and Settings\Karen\My Documents\My Received Files\MsgPlus.exe [0] Archive type: RSRC --> Object [1] Archive type: ZIP --> 70000011.exe [DETECTION] Is the TR/Dldr.Swizzor.G.2 Trojan [NOTE] The file was moved to '49de51aa.qua'! C:\Program Files\Norton AntiVirus\Quarantine\48A8584C [0] Archive type: HIDDEN --> FIL\\\?\C:\Program Files\Norton AntiVirus\Quarantine\48A8584C [DETECTION] Contains recognition pattern of the DIAL/302102 dialer [NOTE] The file was moved to '49b8576a.qua'! C:\Program Files\TClock\tclock.exe [DETECTION] Is the TR/Tclock.A.3 Trojan [NOTE] The file was moved to '49e357d1.qua'! C:\Program Files\TClock\tclock_install.exe [0] Archive type: NSIS --> [unknownDir]/tclock.exe [DETECTION] Is the TR/Tclock.A.3 Trojan [DETECTION] Is the TR/Tclock.A.1 Trojan [NOTE] The file was moved to '49e357d2.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002235.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a7584f.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002236.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75850.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002237.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '482c45e9.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002238.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75852.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002239.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75851.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002240.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '482c45eb.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002241.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75854.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002242.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75853.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002243.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '482c45ed.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002244.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75856.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002245.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75855.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002246.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '482c45ef.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002247.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75857.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002248.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '482c45e0.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002249.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75858.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002250.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75859.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002251.exe [DETECTION] Contains recognition pattern of the WORM/Krepper.C worm [NOTE] The file was moved to '49a7585a.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002252.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '482c45e3.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002253.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a7585b.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002254.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a7585c.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002255.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a7585d.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002256.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '482c45e6.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002257.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a7585e.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002258.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a7585f.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002259.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '482c45d8.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002260.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75860.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002261.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75861.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002262.exe [DETECTION] Contains recognition pattern of the WORM/Alcra.B worm [NOTE] The file was moved to '49a75862.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002263.exe [DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper [NOTE] The file was moved to '482c45db.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002264.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75863.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002265.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75865.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002266.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45de.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002267.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75866.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002268.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75867.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002269.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d0.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002270.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75869.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002271.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75868.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002272.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d1.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002273.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7586a.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002274.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d2.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002275.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7586b.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002276.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d4.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002277.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7586d.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002278.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d3.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002279.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7586c.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002280.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d5.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002281.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d6.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002282.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7586f.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002283.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7586e.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002284.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d7.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002285.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '482c45c8.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002286.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75871.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002287.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45ca.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002288.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45d9.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002289.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75864.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002290.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45dd.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002291.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45df.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002292.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75873.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002293.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45cc.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002294.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75870.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002295.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45c9.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002296.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75872.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002297.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75875.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002298.EXE [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45ce.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002299.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75877.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002300.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45cb.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002301.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75874.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002302.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45cd.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002303.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45c0.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002304.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75879.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002305.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45c2.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002306.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75876.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002307.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45cf.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002308.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45e1.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002309.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7587b.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002310.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45c4.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002311.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7587d.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002312.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45e5.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002313.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45e7.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002314.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75848.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002315.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45c6.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002316.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a7587f.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002317.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c4538.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002318.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49a75878.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002319.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '482c45c1.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002320.exe [DETECTION] Is the TR/Agent.1249280.C Trojan [NOTE] The file was moved to '49a7587a.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002321.exe [DETECTION] Is the TR/Tclock.A.3 Trojan [NOTE] The file was moved to '49a75881.qua'! C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002322.exe [0] Archive type: NSIS --> [unknownDir]/tclock.exe [DETECTION] Is the TR/Tclock.A.3 Trojan [DETECTION] Is the TR/Tclock.A.1 Trojan [NOTE] The file was moved to '482c453a.qua'! C:\unzipped\juggalo[1].xs.atmega.fix.v2.2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc5890.qua'! C:\unzipped\juggalo[1].xs.atmega.fix.v2.2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe [DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample [NOTE] The file was moved to '49bc5891.qua'! C:\WINDOWS\videoc.ocx [DETECTION] Is the TR/DwnLdr.ARN Trojan [NOTE] The file was moved to '49db58c7.qua'! C:\WINDOWS\$NtUninstallKB810217$\admin.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\admin.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\author.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\author.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4amsft.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4anscp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4apws.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4areg.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4atxt.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4autl.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4avnb.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4avss.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4awebs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fp4awel.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fpadmcgi.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fpadmdll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fpcount.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fpexedll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fpmmc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fpremadm.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fpsrvadm.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\fpsrvwin.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\shtml.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\shtml.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB810217$\tcptest.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\6to4svc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\inetmib1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\iphlpapi.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\ipv6.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\ipv6mon.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\netoc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\netsh.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\tcpip6.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\tunmp.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB817778$\wship6.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB824105$\netbt.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ322011$\fxsclnt.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ329170$\srv.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ329834$\raspptp.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ810565$\pchshell.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ814995$\acgenral.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ815485$\ndis.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ815485$\ndisuio.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ815485$\netshell.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ815485$\wzcdlg.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ817606$\srv.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\in5b4s.dll [DETECTION] Is the TR/Spy.241664 Trojan [NOTE] The file was moved to '49ac5eb6.qua'! End of the scan: Wednesday, January 21, 2009 14:18 Used time: 1:55:48 Hour(s) The scan has been done completely. 8639 Scanning directories 304408 Files were scanned 213 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 2 files were deleted 0 files were repaired 205 files were moved to quarantine 0 files were renamed 53 Files cannot be scanned 304142 Files not concerned 2647 Archives were scanned 53 Warnings 207 Notes WHAT NEXT DOC?

Folks, I was running Kaspersky 2009 and for some reason it would not Quarantine or remove detected malware / virus's. When I would open IE it would sometimes take up to a minute for the program to respond and another 20-30 seconds (or longer)for the page to display on Cable connection. However, when IE was already running, the web pages responded faster. Before this issue, the complete process before would take less than 8-10 seconds to do all. So I was told about Malwarebytes and DL it yesterday. It has made a tremendous improvement on the speed but start up of IE is still a little slow at times. However, what bothers me more is the Popup window I get whenever a page links to another popup window I get this Square Shaped Popup message in the center of the page which blocks the link page I was going to. The popup is about 4 inches by 4 inches with the word Warning on the top bar. In the bottom of the box it displays a check box with the message " Do not show this message again" to the right and Cancell to the right of that. I feel this particular issue is the root to all my problems. I Downloaded MBytes, ran the update, ran the quick scan, ran the full scan. Rebooted and went to safe Mode and ran Full Scan again. rebooted but still that Popup Problem. Any advice would be appreciated ND